From b44a96300c1f82e24cfc296de821d809bf031f38 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 28 May 2018 10:53:57 +0200 Subject: Improve docker doc and fix missing keys on update --- support/docker/production/config/traefik.toml | 49 ++++++++++++++++++++++++++ support/docker/production/docker-compose.yml | 17 +++++++++ support/docker/production/docker-entrypoint.sh | 6 ++-- 3 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 support/docker/production/config/traefik.toml (limited to 'support/docker/production') diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml new file mode 100644 index 000000000..775a26515 --- /dev/null +++ b/support/docker/production/config/traefik.toml @@ -0,0 +1,49 @@ +# Uncomment this line in order to enable debugging through logs +# debug = true +defaultEntryPoints = ["http", "https"] +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + +# Enable ACME (Let's Encrypt): automatic SSL. +[acme] + +# Email address used for registration. +# +# Required +# +email = "" + +# File or key used for certificates storage. +# +# Required +# +storage = "/etc/acme.json" +# or `storage = "traefik/acme/account"` if using KV store. + +# Entrypoint to proxy acme apply certificates to. +# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443 +# +# Required +# +entryPoint = "https" + +# Domains list. +# +[[acme.domains]] + main = "" + +# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge +# +# Optional but recommend +# +[acme.httpChallenge] + + # EntryPoint to use for the challenges. + # + # Required + # + entryPoint = "http" diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index eefd6e5bb..5f8822ad3 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml @@ -2,6 +2,19 @@ version: "3.3" services: + reverse-proxy: + image: traefik + command: --api --docker # Enables the web UI and tells Træfik to listen to docker + ports: + - "80:80" # The HTTP port + - "443:443" # The HTTPS port + - "8080:8080" # The Web UI (enabled by --api) + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events + - ./docker-volume/traefik/acme.json:/etc/acme.json + - ./docker-volume/traefik/traefik.toml:/traefik.toml + restart: "always" + peertube: # If you don't want to use the official image and build one from sources # build: @@ -49,9 +62,13 @@ services: volumes: - ./docker-volume/db:/var/lib/postgresql/data restart: "always" + labels: + traefik.enable: "false" redis: image: redis:4-alpine volumes: - ./docker-volume/redis:/data restart: "always" + labels: + traefik.enable: "false" \ No newline at end of file diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh index 8ee968b3d..447cf7fa4 100755 --- a/support/docker/production/docker-entrypoint.sh +++ b/support/docker/production/docker-entrypoint.sh @@ -4,10 +4,12 @@ set -e # Populate config directory if [ -z "$(ls -A /config)" ]; then cp /app/support/docker/production/config/* /config - cp /app/config/default.yaml /config - chown -R peertube:peertube /config fi +# Always copy default configuration file, in cases where new keys were added +cp /app/config/default.yaml /config +chown -R peertube:peertube /config + # first arg is `-f` or `--some-option` # or first arg is `something.conf` if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then -- cgit v1.2.3