3 files changed, 70 insertions, 2 deletions
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml
new file mode 100644
index 000000000..775a26515
--- /dev/null
+++ b/support/docker/production/config/traefik.toml
@@ -0,0 +1,49 @@
+# Uncomment this line in order to enable debugging through logs
+# debug = true
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+# Enable ACME (Let's Encrypt): automatic SSL.
+[acme]
+# Email address used for registration.
+#
+# Required
+#
+email = "<MY EMAIL ADDRESS>"
+# File or key used for certificates storage.
+#
+# Required
+#
+storage = "/etc/acme.json"
+# or `storage = "traefik/acme/account"` if using KV store.
+# Entrypoint to proxy acme apply certificates to.
+# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
+#
+# Required
+#
+entryPoint = "https"
+# Domains list.
+#
+[[acme.domains]]
+  main = "<MY DOMAIN>"
+# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
+#
+# Optional but recommend
+#
+[acme.httpChallenge]
+  # EntryPoint to use for the challenges.
+  #
+  # Required
+  #
+  entryPoint = "http"
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index eefd6e5bb..5f8822ad3 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -2,6 +2,19 @@ version: "3.3"
 services:
+  reverse-proxy:
+    image: traefik
+    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
+    ports:
+      - "80:80"     # The HTTP port
+      - "443:443"   # The HTTPS port
+      - "8080:8080" # The Web UI (enabled by --api)
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+      - ./docker-volume/traefik/acme.json:/etc/acme.json
+      - ./docker-volume/traefik/traefik.toml:/traefik.toml
+    restart: "always"
  peertube:
    # If you don't want to use the official image and build one from sources
    # build:
@@ -49,9 +62,13 @@ services:
    volumes:
      - ./docker-volume/db:/var/lib/postgresql/data
    restart: "always"
+    labels:
+      traefik.enable: "false"
  redis:
    image: redis:4-alpine
    volumes:
      - ./docker-volume/redis:/data
    restart: "always"
+    labels:
+      traefik.enable: "false"
+\ No newline at end of file
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh
index 8ee968b3d..447cf7fa4 100755
--- a/support/docker/production/docker-entrypoint.sh
+++ b/support/docker/production/docker-entrypoint.sh
@@ -4,10 +4,12 @@ set -e
 # Populate config directory
 if [ -z "$(ls -A /config)" ]; then
    cp /app/support/docker/production/config/* /config
-    cp /app/config/default.yaml /config
-    chown -R peertube:peertube /config
 fi
+# Always copy default configuration file, in cases where new keys were added
+cp /app/config/default.yaml /config
+chown -R peertube:peertube /config
 # first arg is `-f` or `--some-option`
 # or first arg is `something.conf`
 if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then

diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml new file mode 100644 index 000000000..775a26515 --- /dev/null +++ b/support/docker/production/config/traefik.toml
@@ -0,0 +1,49 @@
		1	# Uncomment this line in order to enable debugging through logs
		2	# debug = true
		3	defaultEntryPoints = ["http", "https"]
		4	[entryPoints]
		5	[entryPoints.http]
		6	address = ":80"
		7	[entryPoints.https]
		8	address = ":443"
		9	[entryPoints.https.tls]
		10
		11	# Enable ACME (Let's Encrypt): automatic SSL.
		12	[acme]
		13
		14	# Email address used for registration.
		15	#
		16	# Required
		17	#
		18	email = "<MY EMAIL ADDRESS>"
		19
		20	# File or key used for certificates storage.
		21	#
		22	# Required
		23	#
		24	storage = "/etc/acme.json"
		25	# or `storage = "traefik/acme/account"` if using KV store.
		26
		27	# Entrypoint to proxy acme apply certificates to.
		28	# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
		29	#
		30	# Required
		31	#
		32	entryPoint = "https"
		33
		34	# Domains list.
		35	#
		36	[[acme.domains]]
		37	main = "<MY DOMAIN>"
		38
		39	# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
		40	#
		41	# Optional but recommend
		42	#
		43	[acme.httpChallenge]
		44
		45	# EntryPoint to use for the challenges.
		46	#
		47	# Required
		48	#
		49	entryPoint = "http"


diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index eefd6e5bb..5f8822ad3 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml
@@ -2,6 +2,19 @@ version: "3.3"
2		2
3	services:	3	services:
4		4
		5	reverse-proxy:
		6	image: traefik
		7	command: --api --docker # Enables the web UI and tells Træfik to listen to docker
		8	ports:
		9	- "80:80" # The HTTP port
		10	- "443:443" # The HTTPS port
		11	- "8080:8080" # The Web UI (enabled by --api)
		12	volumes:
		13	- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
		14	- ./docker-volume/traefik/acme.json:/etc/acme.json
		15	- ./docker-volume/traefik/traefik.toml:/traefik.toml
		16	restart: "always"
		17
5	peertube:	18	peertube:
6	# If you don't want to use the official image and build one from sources	19	# If you don't want to use the official image and build one from sources
7	# build:	20	# build:
@@ -49,9 +62,13 @@ services:
49	volumes:	62	volumes:
50	- ./docker-volume/db:/var/lib/postgresql/data	63	- ./docker-volume/db:/var/lib/postgresql/data
51	restart: "always"	64	restart: "always"
		65	labels:
		66	traefik.enable: "false"
52		67
53	redis:	68	redis:
54	image: redis:4-alpine	69	image: redis:4-alpine
55	volumes:	70	volumes:
56	- ./docker-volume/redis:/data	71	- ./docker-volume/redis:/data
57	restart: "always"	72	restart: "always"
		73	labels:
		74	traefik.enable: "false" \ No newline at end of file


diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh index 8ee968b3d..447cf7fa4 100755 --- a/support/docker/production/docker-entrypoint.sh +++ b/support/docker/production/docker-entrypoint.sh
@@ -4,10 +4,12 @@ set -e
4	# Populate config directory	4	# Populate config directory
5	if [ -z "$(ls -A /config)" ]; then	5	if [ -z "$(ls -A /config)" ]; then
6	cp /app/support/docker/production/config/* /config	6	cp /app/support/docker/production/config/* /config
7	cp /app/config/default.yaml /config
8	chown -R peertube:peertube /config
9	fi	7	fi
10		8
		9	# Always copy default configuration file, in cases where new keys were added
		10	cp /app/config/default.yaml /config
		11	chown -R peertube:peertube /config
		12
11	# first arg is `-f` or `--some-option`	13	# first arg is `-f` or `--some-option`
12	# or first arg is `something.conf`	14	# or first arg is `something.conf`
13	if [ "${1#-}" != "$1" ] \|\| [ "${1%.conf}" != "$1" ]; then	15	if [ "${1#-}" != "$1" ] \|\| [ "${1%.conf}" != "$1" ]; then