From b44a96300c1f82e24cfc296de821d809bf031f38 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 28 May 2018 10:53:57 +0200 Subject: Improve docker doc and fix missing keys on update --- support/doc/docker.md | 71 +++++++++++++++----------- support/docker/production/config/traefik.toml | 49 ++++++++++++++++++ support/docker/production/docker-compose.yml | 17 ++++++ support/docker/production/docker-entrypoint.sh | 6 ++- 4 files changed, 110 insertions(+), 33 deletions(-) create mode 100644 support/docker/production/config/traefik.toml diff --git a/support/doc/docker.md b/support/doc/docker.md index ae2b0f9c0..410db1136 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md @@ -6,56 +6,65 @@ You can quickly get a server running using Docker. You need to have ## Production -### Build your own Docker image - -```bash -$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube -$ cd /tmp/peertube -$ docker build . -f ./support/docker/production/Dockerfile.stretch -``` - -### Run a preconfigured setup with all dependencies +### Install PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want to quickly set up a full environment, either for trying the service or in production, you can use a `docker-compose` setup. ```bash -$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube -$ cd /tmp/peertube +$ cd /your/peertube/directory +$ mkdir ./docker-volume && mkdir ./docker-volume/traefik +$ curl "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml" > ./docker-volume/traefik/traefik.toml +$ touch ./docker-volume/traefik/acme.json && chmod 600 ./docker-volume/traefik/acme.json +$ curl -s "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml" > ./docker-compose.yml +``` + +Update the reverse proxy configuration: + ``` +$ vim ./docker-volume/traefik/traefik.toml +``` + +Tweak the `docker-compose.yml` file there according to your needs: -Then tweak the `docker-compose.yml` file there according to your needs. Then -you can use the regular `up` command to set it up, with possible overrides of +``` +$ vim ./docker-compose.yaml +``` + +You can use the regular `up` command to set it up, with possible overrides of the environment variables: ```bash -$ PEERTUBE_WEBSERVER_HOSTNAME=peertube.lvh.me \ - PEERTUBE_ADMIN_EMAIL=test@example.com \ - PEERTUBE_TRANSCODING_ENABLED=true \ - PEERTUBE_SIGNUP_ENABLED=true \ - PEERTUBE_SMTP_HOST=mail.lvh.me \ - PEERTUBE_SMTP_PORT=1025 \ - PEERTUBE_SMTP_FROM=noreply@peertube.lvh.me \ - docker-compose -f support/docker/production/docker-compose.yml --project-directory . up +$ PEERTUBE_WEBSERVER_HOSTNAME="domain.tld" docker-compose up ``` Other environment variables are used in `support/docker/production/config/custom-environment-variables.yaml` and can be intuited from usage. -For this example configuration, a reverse proxy is quite recommended. The -example Docker Compose file provides example labels for a Traefik load -balancer, although any HTTP reverse proxy will work fine. See the example -Nginx configuration `support/nginx/peertube` file to get an idea of -recommendations and requirements to run PeerTube the most efficiently. - **Important**: note that you'll get the initial `root` user password from the program output, so check out your logs to find them. +### Upgrade + +Pull the latest images and rerun PeerTube: + +``` +$ docker-compose pull +$ PEERTUBE_WEBSERVER_HOSTNAME="domain.tld" docker-compose up +``` + + +## Build your own Docker image + +```bash +$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube +$ cd /tmp/peertube +$ docker build . -f ./support/docker/production/Dockerfile.stretch +``` + ## Development -The Docker image that's preconfigured in `support/docker/dev` contains all the -services embedded in one image, so as to work correctly on -[Janitor](https://janitor.technology). It is much not advised to use it in -production. +We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/develop/.github/CONTRIBUTING.md#develop) +for more information on how you can hack PeerTube! \ No newline at end of file diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml new file mode 100644 index 000000000..775a26515 --- /dev/null +++ b/support/docker/production/config/traefik.toml @@ -0,0 +1,49 @@ +# Uncomment this line in order to enable debugging through logs +# debug = true +defaultEntryPoints = ["http", "https"] +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + +# Enable ACME (Let's Encrypt): automatic SSL. +[acme] + +# Email address used for registration. +# +# Required +# +email = "" + +# File or key used for certificates storage. +# +# Required +# +storage = "/etc/acme.json" +# or `storage = "traefik/acme/account"` if using KV store. + +# Entrypoint to proxy acme apply certificates to. +# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443 +# +# Required +# +entryPoint = "https" + +# Domains list. +# +[[acme.domains]] + main = "" + +# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge +# +# Optional but recommend +# +[acme.httpChallenge] + + # EntryPoint to use for the challenges. + # + # Required + # + entryPoint = "http" diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index eefd6e5bb..5f8822ad3 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml @@ -2,6 +2,19 @@ version: "3.3" services: + reverse-proxy: + image: traefik + command: --api --docker # Enables the web UI and tells Træfik to listen to docker + ports: + - "80:80" # The HTTP port + - "443:443" # The HTTPS port + - "8080:8080" # The Web UI (enabled by --api) + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events + - ./docker-volume/traefik/acme.json:/etc/acme.json + - ./docker-volume/traefik/traefik.toml:/traefik.toml + restart: "always" + peertube: # If you don't want to use the official image and build one from sources # build: @@ -49,9 +62,13 @@ services: volumes: - ./docker-volume/db:/var/lib/postgresql/data restart: "always" + labels: + traefik.enable: "false" redis: image: redis:4-alpine volumes: - ./docker-volume/redis:/data restart: "always" + labels: + traefik.enable: "false" \ No newline at end of file diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh index 8ee968b3d..447cf7fa4 100755 --- a/support/docker/production/docker-entrypoint.sh +++ b/support/docker/production/docker-entrypoint.sh @@ -4,10 +4,12 @@ set -e # Populate config directory if [ -z "$(ls -A /config)" ]; then cp /app/support/docker/production/config/* /config - cp /app/config/default.yaml /config - chown -R peertube:peertube /config fi +# Always copy default configuration file, in cases where new keys were added +cp /app/config/default.yaml /config +chown -R peertube:peertube /config + # first arg is `-f` or `--some-option` # or first arg is `something.conf` if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then -- cgit v1.2.3