aboutsummaryrefslogtreecommitdiffhomepage
path: root/support/docker/production
diff options
context:
space:
mode:
Diffstat (limited to 'support/docker/production')
-rw-r--r--support/docker/production/.env8
-rw-r--r--support/docker/production/Dockerfile.stretch31
-rw-r--r--support/docker/production/config/custom-environment-variables.yaml33
-rw-r--r--support/docker/production/config/production.yaml2
-rw-r--r--support/docker/production/config/traefik.toml3
-rw-r--r--support/docker/production/docker-compose.yml16
-rwxr-xr-xsupport/docker/production/docker-entrypoint.sh4
7 files changed, 63 insertions, 34 deletions
diff --git a/support/docker/production/.env b/support/docker/production/.env
index 8af161b2a..802d6b2ca 100644
--- a/support/docker/production/.env
+++ b/support/docker/production/.env
@@ -3,10 +3,13 @@ PEERTUBE_DB_PASSWORD=postgres_password
3PEERTUBE_WEBSERVER_HOSTNAME=domain.tld 3PEERTUBE_WEBSERVER_HOSTNAME=domain.tld
4PEERTUBE_WEBSERVER_PORT=443 4PEERTUBE_WEBSERVER_PORT=443
5PEERTUBE_WEBSERVER_HTTPS=true 5PEERTUBE_WEBSERVER_HTTPS=true
6PEERTUBE_TRUST_PROXY=127.0.0.1 6# If you need more than one IP as trust_proxy
7# pass them as a comma separated array:
8PEERTUBE_TRUST_PROXY=["127.0.0.1"]
9#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
7PEERTUBE_SMTP_USERNAME= 10PEERTUBE_SMTP_USERNAME=
8PEERTUBE_SMTP_PASSWORD= 11PEERTUBE_SMTP_PASSWORD=
9PEERTUBE_SMTP_HOSTNAME= 12PEERTUBE_SMTP_HOSTNAME=postfix
10PEERTUBE_SMTP_PORT=25 13PEERTUBE_SMTP_PORT=25
11PEERTUBE_SMTP_FROM=noreply@domain.tld 14PEERTUBE_SMTP_FROM=noreply@domain.tld
12PEERTUBE_SMTP_TLS=true 15PEERTUBE_SMTP_TLS=true
@@ -15,3 +18,4 @@ PEERTUBE_ADMIN_EMAIL=admin@domain.tld
15# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ 18# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
16#PEERTUBE_SIGNUP_ENABLED=true 19#PEERTUBE_SIGNUP_ENABLED=true
17#PEERTUBE_TRANSCODING_ENABLED=true 20#PEERTUBE_TRANSCODING_ENABLED=true
21#PEERTUBE_CONTACT_FORM_ENABLED=true
diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch
index 911d064f6..81468bb4f 100644
--- a/support/docker/production/Dockerfile.stretch
+++ b/support/docker/production/Dockerfile.stretch
@@ -20,32 +20,11 @@ RUN groupadd -r peertube \
20 && useradd -r -g peertube -m peertube 20 && useradd -r -g peertube -m peertube
21 21
22# grab gosu for easy step-down from root 22# grab gosu for easy step-down from root
23# https://github.com/tianon/gosu/releases 23RUN set -eux; \
24ENV GOSU_VERSION 1.10 24 apt-get update; \
25RUN set -ex; \ 25 apt-get install -y gosu; \
26 \ 26 rm -rf /var/lib/apt/lists/*; \
27 fetchDeps='ca-certificates wget'; \ 27 gosu nobody true
28 apt-get update; \
29 apt-get install -y --no-install-recommends $fetchDeps; \
30 rm -rf /var/lib/apt/lists/*; \
31 \
32 dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
33 wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
34 wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
35 export GNUPGHOME="$(mktemp -d)"; \
36 for server in $(shuf -e ha.pool.sks-keyservers.net \
37 hkp://p80.pool.sks-keyservers.net:80 \
38 keyserver.ubuntu.com \
39 hkp://keyserver.ubuntu.com:80 \
40 pgp.mit.edu) ; do \
41 gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
42 done; \
43 gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
44 rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
45 chmod +x /usr/local/bin/gosu; \
46 gosu nobody true; \
47 \
48 apt-get purge -y --auto-remove wget
49 28
50# Install PeerTube 29# Install PeerTube
51WORKDIR /app 30WORKDIR /app
diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml
index daf885813..8604939aa 100644
--- a/support/docker/production/config/custom-environment-variables.yaml
+++ b/support/docker/production/config/custom-environment-variables.yaml
@@ -7,7 +7,9 @@ webserver:
7 __name: "PEERTUBE_WEBSERVER_HTTPS" 7 __name: "PEERTUBE_WEBSERVER_HTTPS"
8 __format: "json" 8 __format: "json"
9 9
10trust_proxy: "PEERTUBE_TRUST_PROXY" 10trust_proxy:
11 __name: "PEERTUBE_TRUST_PROXY"
12 __format: "json"
11 13
12database: 14database:
13 hostname: "PEERTUBE_DB_HOSTNAME" 15 hostname: "PEERTUBE_DB_HOSTNAME"
@@ -48,6 +50,11 @@ user:
48admin: 50admin:
49 email: "PEERTUBE_ADMIN_EMAIL" 51 email: "PEERTUBE_ADMIN_EMAIL"
50 52
53contact_form:
54 enabled:
55 __name: "PEERTUBE_CONTACT_FORM_ENABLED"
56 __format: "json"
57
51signup: 58signup:
52 enabled: 59 enabled:
53 __name: "PEERTUBE_SIGNUP_ENABLED" 60 __name: "PEERTUBE_SIGNUP_ENABLED"
@@ -56,6 +63,26 @@ signup:
56 __name: "PEERTUBE_SIGNUP_LIMIT" 63 __name: "PEERTUBE_SIGNUP_LIMIT"
57 __format: "json" 64 __format: "json"
58 65
66search:
67 remote_uri:
68 users:
69 __name: "PEERTUBE_SEARCH_REMOTEURI_USERS"
70 __format: "json"
71 anonymous:
72 __name: "PEERTUBE_SEARCH_REMOTEURI_ANONYMOUS"
73 __format: "json"
74
75import:
76 videos:
77 http:
78 enabled:
79 __name: "PEERTUBE_IMPORT_VIDEOS_HTTP"
80 __format: "json"
81 torrent:
82 enabled:
83 __name: "PEERTUBE_IMPORT_VIDEOS_TORRENT"
84 __format: "json"
85
59transcoding: 86transcoding:
60 enabled: 87 enabled:
61 __name: "PEERTUBE_TRANSCODING_ENABLED" 88 __name: "PEERTUBE_TRANSCODING_ENABLED"
@@ -79,9 +106,11 @@ transcoding:
79 1080: 106 1080:
80 __name: "PEERTUBE_TRANSCODING_1080P" 107 __name: "PEERTUBE_TRANSCODING_1080P"
81 __format: "json" 108 __format: "json"
82
83 109
84instance: 110instance:
85 name: "PEERTUBE_INSTANCE_NAME" 111 name: "PEERTUBE_INSTANCE_NAME"
86 description: "PEERTUBE_INSTANCE_DESCRIPTION" 112 description: "PEERTUBE_INSTANCE_DESCRIPTION"
87 terms: "PEERTUBE_INSTANCE_TERMS" 113 terms: "PEERTUBE_INSTANCE_TERMS"
114
115services:
116 csp-logger: "PEERTUBE_SERVICES_CSPLOGGER"
diff --git a/support/docker/production/config/production.yaml b/support/docker/production/config/production.yaml
index 4970bbcca..846c838e8 100644
--- a/support/docker/production/config/production.yaml
+++ b/support/docker/production/config/production.yaml
@@ -32,8 +32,10 @@ redis:
32 32
33# From the project root directory 33# From the project root directory
34storage: 34storage:
35 tmp: '../data/tmp/'
35 avatars: '../data/avatars/' 36 avatars: '../data/avatars/'
36 videos: '../data/videos/' 37 videos: '../data/videos/'
38 redundancy: '../data/redundancy/'
37 logs: '../data/logs/' 39 logs: '../data/logs/'
38 previews: '../data/previews/' 40 previews: '../data/previews/'
39 thumbnails: '../data/thumbnails/' 41 thumbnails: '../data/thumbnails/'
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml
index 882c95548..6abced3db 100644
--- a/support/docker/production/config/traefik.toml
+++ b/support/docker/production/config/traefik.toml
@@ -1,9 +1,12 @@
1# Uncomment this line in order to enable debugging through logs 1# Uncomment this line in order to enable debugging through logs
2# debug = true 2# debug = true
3defaultEntryPoints = ["http", "https"] 3defaultEntryPoints = ["http", "https"]
4
4[entryPoints] 5[entryPoints]
5 [entryPoints.http] 6 [entryPoints.http]
6 address = ":80" 7 address = ":80"
8 [entryPoints.http.redirect]
9 entryPoint = "https"
7 [entryPoints.https] 10 [entryPoints.https]
8 address = ":443" 11 address = ":443"
9 [entryPoints.https.tls] 12 [entryPoints.https.tls]
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index 220c19fba..1b0a28ffb 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -4,16 +4,19 @@ services:
4 4
5 reverse-proxy: 5 reverse-proxy:
6 image: traefik 6 image: traefik
7 command: --api --docker # Enables the web UI and tells Træfik to listen to docker 7 command: --docker # Tells Træfik to listen to docker
8 ports: 8 ports:
9 - "80:80" # The HTTP port 9 - "80:80" # The HTTP port
10 - "443:443" # The HTTPS port 10 - "443:443" # The HTTPS port
11 - "8080:8080" # The Web UI (enabled by --api)
12 volumes: 11 volumes:
13 - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events 12 - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
14 - ./docker-volume/traefik/acme.json:/etc/acme.json 13 - ./docker-volume/traefik/acme.json:/etc/acme.json
15 - ./docker-volume/traefik/traefik.toml:/traefik.toml 14 - ./docker-volume/traefik/traefik.toml:/traefik.toml
16 restart: "always" 15 restart: "always"
16 # If you want to use the Traefik dashboard, you should expose it on a
17 # subdomain with HTTPS and authentification:
18 # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
19 # https://github.com/containous/traefik/issues/880#issuecomment-310301168
17 20
18 peertube: 21 peertube:
19 # If you don't want to use the official image and build one from sources 22 # If you don't want to use the official image and build one from sources
@@ -38,6 +41,7 @@ services:
38 depends_on: 41 depends_on:
39 - postgres 42 - postgres
40 - redis 43 - redis
44 - postfix
41 restart: "always" 45 restart: "always"
42 46
43 postgres: 47 postgres:
@@ -59,3 +63,11 @@ services:
59 restart: "always" 63 restart: "always"
60 labels: 64 labels:
61 traefik.enable: "false" 65 traefik.enable: "false"
66
67 postfix:
68 image: mwader/postfix-relay
69 environment:
70 - POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME}
71 labels:
72 traefik.enable: "false"
73 restart: "always"
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh
index 6dbbfddf6..7dd626b9f 100755
--- a/support/docker/production/docker-entrypoint.sh
+++ b/support/docker/production/docker-entrypoint.sh
@@ -9,7 +9,7 @@ fi
9# Always copy default and custom env configuration file, in cases where new keys were added 9# Always copy default and custom env configuration file, in cases where new keys were added
10cp /app/config/default.yaml /config 10cp /app/config/default.yaml /config
11cp /app/support/docker/production/config/custom-environment-variables.yaml /config 11cp /app/support/docker/production/config/custom-environment-variables.yaml /config
12chown -R peertube:peertube /config 12find /config ! -user peertube -exec chown peertube:peertube {} \;
13 13
14# first arg is `-f` or `--some-option` 14# first arg is `-f` or `--some-option`
15# or first arg is `something.conf` 15# or first arg is `something.conf`
@@ -19,7 +19,7 @@ fi
19 19
20# allow the container to be started with `--user` 20# allow the container to be started with `--user`
21if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then 21if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then
22 chown -R peertube:peertube /data 22 find /data ! -user peertube -exec chown peertube:peertube {} \;
23 exec gosu peertube "$0" "$@" 23 exec gosu peertube "$0" "$@"
24fi 24fi
25 25