From fef13f148028f0922c0643eee999f141fee3a2c7 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Wed, 21 Nov 2018 15:35:26 +0100
Subject: Various improvements for docker-compose

---
 support/docker/production/.env                |  2 +-
 support/docker/production/config/traefik.toml |  3 +++
 support/docker/production/docker-compose.yml  | 16 ++++++++++++++--
 3 files changed, 18 insertions(+), 3 deletions(-)

(limited to 'support/docker/production')

diff --git a/support/docker/production/.env b/support/docker/production/.env
index 4a649d655..f27def3b4 100644
--- a/support/docker/production/.env
+++ b/support/docker/production/.env
@@ -9,7 +9,7 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1"]
 #PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
 PEERTUBE_SMTP_USERNAME=
 PEERTUBE_SMTP_PASSWORD=
-PEERTUBE_SMTP_HOSTNAME=
+PEERTUBE_SMTP_HOSTNAME=postfix
 PEERTUBE_SMTP_PORT=25
 PEERTUBE_SMTP_FROM=noreply@domain.tld
 PEERTUBE_SMTP_TLS=true
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml
index 882c95548..6abced3db 100644
--- a/support/docker/production/config/traefik.toml
+++ b/support/docker/production/config/traefik.toml
@@ -1,9 +1,12 @@
 # Uncomment this line in order to enable debugging through logs
 # debug = true
 defaultEntryPoints = ["http", "https"]
+
 [entryPoints]
   [entryPoints.http]
   address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
   [entryPoints.https]
   address = ":443"
     [entryPoints.https.tls]
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index 220c19fba..1b0a28ffb 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -4,16 +4,19 @@ services:
 
   reverse-proxy:
     image: traefik
-    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
+    command: --docker # Tells Træfik to listen to docker
     ports:
       - "80:80"     # The HTTP port
       - "443:443"   # The HTTPS port
-      - "8080:8080" # The Web UI (enabled by --api)
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
       - ./docker-volume/traefik/acme.json:/etc/acme.json
       - ./docker-volume/traefik/traefik.toml:/traefik.toml
     restart: "always"
+    # If you want to use the Traefik dashboard, you should expose it on a 
+    # subdomain with HTTPS and authentification:
+    # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
+    # https://github.com/containous/traefik/issues/880#issuecomment-310301168
 
   peertube:
     # If you don't want to use the official image and build one from sources
@@ -38,6 +41,7 @@ services:
     depends_on:
       - postgres
       - redis
+      - postfix
     restart: "always"
 
   postgres:
@@ -59,3 +63,11 @@ services:
     restart: "always"
     labels:
       traefik.enable: "false"
+
+  postfix:
+    image: mwader/postfix-relay
+    environment:
+      - POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME}
+    labels:
+      traefik.enable: "false"
+    restart: "always"
-- 
cgit v1.2.3