diff options
Diffstat (limited to 'support/docker')
-rw-r--r-- | support/docker/production/docker-compose.traefik.yml | 27 | ||||
-rw-r--r-- | support/docker/production/docker-compose.yml | 32 | ||||
-rw-r--r-- | support/docker/production/entrypoint.nginx.sh | 10 |
3 files changed, 37 insertions, 32 deletions
diff --git a/support/docker/production/docker-compose.traefik.yml b/support/docker/production/docker-compose.traefik.yml new file mode 100644 index 000000000..bbea75783 --- /dev/null +++ b/support/docker/production/docker-compose.traefik.yml | |||
@@ -0,0 +1,27 @@ | |||
1 | version: "3.3" | ||
2 | |||
3 | services: | ||
4 | |||
5 | # The reverse-proxy only does SSL termination and automatic certificate generation. You can | ||
6 | # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. | ||
7 | reverse-proxy: | ||
8 | image: traefik:v1.7 | ||
9 | network_mode: "host" | ||
10 | command: | ||
11 | - "--docker" # Tells Træfik to listen to docker | ||
12 | - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email | ||
13 | - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list | ||
14 | ports: | ||
15 | - "80:80" # serving HTTP | ||
16 | - "443:443" # serving HTTPS | ||
17 | volumes: | ||
18 | - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events | ||
19 | - ./docker-volume/traefik/acme.json:/etc/acme.json | ||
20 | - ./docker-volume/traefik/traefik.toml:/traefik.toml | ||
21 | restart: "always" | ||
22 | |||
23 | webserver: | ||
24 | labels: | ||
25 | traefik.enable: "true" | ||
26 | traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" | ||
27 | traefik.port: "80" | ||
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index 51de964e8..d17dbd0df 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml | |||
@@ -2,27 +2,9 @@ version: "3.3" | |||
2 | 2 | ||
3 | services: | 3 | services: |
4 | 4 | ||
5 | # The reverse-proxy only does SSL termination and automatic certificate generation. You can | ||
6 | # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. | ||
7 | reverse-proxy: | ||
8 | image: traefik:v1.7 | ||
9 | network_mode: "host" | ||
10 | command: | ||
11 | - "--docker" # Tells Træfik to listen to docker | ||
12 | - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email | ||
13 | - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list | ||
14 | ports: | ||
15 | - "80:80" # The HTTP port | ||
16 | - "443:443" # The HTTPS port | ||
17 | volumes: | ||
18 | - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events | ||
19 | - ./docker-volume/traefik/acme.json:/etc/acme.json | ||
20 | - ./docker-volume/traefik/traefik.toml:/traefik.toml | ||
21 | restart: "always" | ||
22 | |||
23 | # The webserver is not required, but recommended since a lot of optimizations went to its | 5 | # The webserver is not required, but recommended since a lot of optimizations went to its |
24 | # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, | 6 | # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, |
25 | # so use it in production in tandem with an SSL-terminating reverse-proxy like above. | 7 | # so use it in production in tandem with an SSL-terminating reverse-proxy. |
26 | webserver: | 8 | webserver: |
27 | build: | 9 | build: |
28 | context: . | 10 | context: . |
@@ -31,7 +13,7 @@ services: | |||
31 | - .env | 13 | - .env |
32 | # If you provide your own reverse-proxy, otherwise not suitable for production: | 14 | # If you provide your own reverse-proxy, otherwise not suitable for production: |
33 | #ports: | 15 | #ports: |
34 | # - "80:80" | 16 | # - "9000:80" # serving HTTP |
35 | volumes: | 17 | volumes: |
36 | - type: bind | 18 | - type: bind |
37 | # Switch sources if you downloaded the nginx configuration without the whole repository | 19 | # Switch sources if you downloaded the nginx configuration without the whole repository |
@@ -43,10 +25,6 @@ services: | |||
43 | depends_on: | 25 | depends_on: |
44 | - peertube | 26 | - peertube |
45 | restart: "always" | 27 | restart: "always" |
46 | labels: | ||
47 | traefik.enable: "true" | ||
48 | traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" | ||
49 | traefik.port: "80" | ||
50 | 28 | ||
51 | peertube: | 29 | peertube: |
52 | # If you don't want to use the official image and build one from sources: | 30 | # If you don't want to use the official image and build one from sources: |
@@ -58,7 +36,7 @@ services: | |||
58 | - .env | 36 | - .env |
59 | # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: | 37 | # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: |
60 | #ports: | 38 | #ports: |
61 | # - "80:9000" | 39 | # - "80:9000" # serving HTTP |
62 | volumes: | 40 | volumes: |
63 | - assets:/app/client/dist | 41 | - assets:/app/client/dist |
64 | - ./docker-volume/data:/data | 42 | - ./docker-volume/data:/data |
@@ -70,7 +48,7 @@ services: | |||
70 | restart: "always" | 48 | restart: "always" |
71 | 49 | ||
72 | postgres: | 50 | postgres: |
73 | image: postgres:12-alpine | 51 | image: postgres:10-alpine |
74 | env_file: | 52 | env_file: |
75 | - .env | 53 | - .env |
76 | volumes: | 54 | volumes: |
@@ -96,7 +74,7 @@ networks: | |||
96 | ipam: | 74 | ipam: |
97 | driver: default | 75 | driver: default |
98 | config: | 76 | config: |
99 | - subnet: 172.18.0.0/16 | 77 | - subnet: 172.18.0.0/16 |
100 | 78 | ||
101 | volumes: | 79 | volumes: |
102 | assets: | 80 | assets: |
diff --git a/support/docker/production/entrypoint.nginx.sh b/support/docker/production/entrypoint.nginx.sh index 903806936..4d2ead966 100644 --- a/support/docker/production/entrypoint.nginx.sh +++ b/support/docker/production/entrypoint.nginx.sh | |||
@@ -1,15 +1,15 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | set -e | 2 | set -e |
3 | 3 | ||
4 | # Process nginx template | 4 | # Process the nginx template |
5 | SOURCE="/etc/nginx/conf.d/peertube.template" | 5 | SOURCE_FILE="/etc/nginx/conf.d/peertube.template" |
6 | TARGET="/etc/nginx/conf.d/default.conf" | 6 | TARGET_FILE="/etc/nginx/conf.d/default.conf" |
7 | export WEBSERVER_HOST="default_server" | 7 | export WEBSERVER_HOST="default_server" |
8 | export PEERTUBE_HOST="peertube:9000" | 8 | export PEERTUBE_HOST="peertube:9000" |
9 | 9 | ||
10 | envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET | 10 | envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE |
11 | 11 | ||
12 | # Remove HTTPS/SSL from nginx conf | 12 | # Remove HTTPS/SSL from nginx conf |
13 | sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET | 13 | sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE |
14 | 14 | ||
15 | nginx -g "daemon off;" \ No newline at end of file | 15 | nginx -g "daemon off;" \ No newline at end of file |