From b8f3e6b00b3300f4ebf37bf77711739964c9e5d6 Mon Sep 17 00:00:00 2001
From: Rigel Kent <sendmemail@rigelk.eu>
Date: Mon, 22 Jun 2020 13:06:54 +0200
Subject: move traefik to its own override file

---
 .../docker/production/docker-compose.traefik.yml   | 27 ++++++++++++++++++
 support/docker/production/docker-compose.yml       | 32 ++++------------------
 support/docker/production/entrypoint.nginx.sh      | 10 +++----
 3 files changed, 37 insertions(+), 32 deletions(-)
 create mode 100644 support/docker/production/docker-compose.traefik.yml

(limited to 'support/docker')

diff --git a/support/docker/production/docker-compose.traefik.yml b/support/docker/production/docker-compose.traefik.yml
new file mode 100644
index 000000000..bbea75783
--- /dev/null
+++ b/support/docker/production/docker-compose.traefik.yml
@@ -0,0 +1,27 @@
+version: "3.3"
+
+services:
+
+  # The reverse-proxy only does SSL termination and automatic certificate generation. You can
+  # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
+  reverse-proxy:
+    image: traefik:v1.7
+    network_mode: "host"
+    command:
+      - "--docker"                                # Tells Træfik to listen to docker
+      - "--acme.email=${TRAEFIK_ACME_EMAIL}"      # Let's Encrypt ACME email
+      - "--acme.domains=${TRAEFIK_ACME_DOMAINS}"  # Let's Encrypt ACME domain list
+    ports:
+      - "80:80"    # serving HTTP
+      - "443:443"  # serving HTTPS
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
+      - ./docker-volume/traefik/acme.json:/etc/acme.json
+      - ./docker-volume/traefik/traefik.toml:/traefik.toml
+    restart: "always"
+
+  webserver:
+    labels:
+      traefik.enable: "true"
+      traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
+      traefik.port: "80"
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index 51de964e8..d17dbd0df 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -2,27 +2,9 @@ version: "3.3"
 
 services:
 
-  # The reverse-proxy only does SSL termination and automatic certificate generation. You can
-  # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
-  reverse-proxy:
-    image: traefik:v1.7
-    network_mode: "host"
-    command:
-      - "--docker"                                # Tells Træfik to listen to docker
-      - "--acme.email=${TRAEFIK_ACME_EMAIL}"      # Let's Encrypt ACME email
-      - "--acme.domains=${TRAEFIK_ACME_DOMAINS}"  # Let's Encrypt ACME domain list
-    ports:
-      - "80:80"    # The HTTP port
-      - "443:443"  # The HTTPS port
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
-      - ./docker-volume/traefik/acme.json:/etc/acme.json
-      - ./docker-volume/traefik/traefik.toml:/traefik.toml
-    restart: "always"
-
   # The webserver is not required, but recommended since a lot of optimizations went to its
   # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL,
-  # so use it in production in tandem with an SSL-terminating reverse-proxy like above.
+  # so use it in production in tandem with an SSL-terminating reverse-proxy.
   webserver:
     build:
       context: .
@@ -31,7 +13,7 @@ services:
       - .env
     # If you provide your own reverse-proxy, otherwise not suitable for production:
     #ports:
-    #  - "80:80"
+    #  - "9000:80" # serving HTTP
     volumes:
       - type: bind
         # Switch sources if you downloaded the nginx configuration without the whole repository
@@ -43,10 +25,6 @@ services:
     depends_on:
       - peertube
     restart: "always"
-    labels:
-      traefik.enable: "true"
-      traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
-      traefik.port: "80"
 
   peertube:
     # If you don't want to use the official image and build one from sources:
@@ -58,7 +36,7 @@ services:
       - .env
     # If you provide your own webserver and reverse-proxy, otherwise not suitable for production:
     #ports:
-    #  - "80:9000"
+    #  - "80:9000" # serving HTTP
     volumes:
       - assets:/app/client/dist
       - ./docker-volume/data:/data
@@ -70,7 +48,7 @@ services:
     restart: "always"
 
   postgres:
-    image: postgres:12-alpine
+    image: postgres:10-alpine
     env_file:
       - .env
     volumes:
@@ -96,7 +74,7 @@ networks:
     ipam:
       driver: default
       config:
-      - subnet:  172.18.0.0/16
+      - subnet: 172.18.0.0/16
 
 volumes:
   assets:
diff --git a/support/docker/production/entrypoint.nginx.sh b/support/docker/production/entrypoint.nginx.sh
index 903806936..4d2ead966 100644
--- a/support/docker/production/entrypoint.nginx.sh
+++ b/support/docker/production/entrypoint.nginx.sh
@@ -1,15 +1,15 @@
 #!/bin/sh
 set -e
 
-# Process nginx template
-SOURCE="/etc/nginx/conf.d/peertube.template"
-TARGET="/etc/nginx/conf.d/default.conf"
+# Process the nginx template
+SOURCE_FILE="/etc/nginx/conf.d/peertube.template"
+TARGET_FILE="/etc/nginx/conf.d/default.conf"
 export WEBSERVER_HOST="default_server"
 export PEERTUBE_HOST="peertube:9000"
 
-envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET
+envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE
 
 # Remove HTTPS/SSL from nginx conf
-sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET
+sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE
 
 nginx -g "daemon off;"
\ No newline at end of file
-- 
cgit v1.2.3