From b8f3e6b00b3300f4ebf37bf77711739964c9e5d6 Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Mon, 22 Jun 2020 13:06:54 +0200 Subject: move traefik to its own override file --- .../docker/production/docker-compose.traefik.yml | 27 ++++++++++++++++++ support/docker/production/docker-compose.yml | 32 ++++------------------ support/docker/production/entrypoint.nginx.sh | 10 +++---- 3 files changed, 37 insertions(+), 32 deletions(-) create mode 100644 support/docker/production/docker-compose.traefik.yml (limited to 'support/docker') diff --git a/support/docker/production/docker-compose.traefik.yml b/support/docker/production/docker-compose.traefik.yml new file mode 100644 index 000000000..bbea75783 --- /dev/null +++ b/support/docker/production/docker-compose.traefik.yml @@ -0,0 +1,27 @@ +version: "3.3" + +services: + + # The reverse-proxy only does SSL termination and automatic certificate generation. You can + # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. + reverse-proxy: + image: traefik:v1.7 + network_mode: "host" + command: + - "--docker" # Tells Træfik to listen to docker + - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email + - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list + ports: + - "80:80" # serving HTTP + - "443:443" # serving HTTPS + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events + - ./docker-volume/traefik/acme.json:/etc/acme.json + - ./docker-volume/traefik/traefik.toml:/traefik.toml + restart: "always" + + webserver: + labels: + traefik.enable: "true" + traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" + traefik.port: "80" diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index 51de964e8..d17dbd0df 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml @@ -2,27 +2,9 @@ version: "3.3" services: - # The reverse-proxy only does SSL termination and automatic certificate generation. You can - # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. - reverse-proxy: - image: traefik:v1.7 - network_mode: "host" - command: - - "--docker" # Tells Træfik to listen to docker - - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email - - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list - ports: - - "80:80" # The HTTP port - - "443:443" # The HTTPS port - volumes: - - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events - - ./docker-volume/traefik/acme.json:/etc/acme.json - - ./docker-volume/traefik/traefik.toml:/traefik.toml - restart: "always" - # The webserver is not required, but recommended since a lot of optimizations went to its # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, - # so use it in production in tandem with an SSL-terminating reverse-proxy like above. + # so use it in production in tandem with an SSL-terminating reverse-proxy. webserver: build: context: . @@ -31,7 +13,7 @@ services: - .env # If you provide your own reverse-proxy, otherwise not suitable for production: #ports: - # - "80:80" + # - "9000:80" # serving HTTP volumes: - type: bind # Switch sources if you downloaded the nginx configuration without the whole repository @@ -43,10 +25,6 @@ services: depends_on: - peertube restart: "always" - labels: - traefik.enable: "true" - traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" - traefik.port: "80" peertube: # If you don't want to use the official image and build one from sources: @@ -58,7 +36,7 @@ services: - .env # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: #ports: - # - "80:9000" + # - "80:9000" # serving HTTP volumes: - assets:/app/client/dist - ./docker-volume/data:/data @@ -70,7 +48,7 @@ services: restart: "always" postgres: - image: postgres:12-alpine + image: postgres:10-alpine env_file: - .env volumes: @@ -96,7 +74,7 @@ networks: ipam: driver: default config: - - subnet: 172.18.0.0/16 + - subnet: 172.18.0.0/16 volumes: assets: diff --git a/support/docker/production/entrypoint.nginx.sh b/support/docker/production/entrypoint.nginx.sh index 903806936..4d2ead966 100644 --- a/support/docker/production/entrypoint.nginx.sh +++ b/support/docker/production/entrypoint.nginx.sh @@ -1,15 +1,15 @@ #!/bin/sh set -e -# Process nginx template -SOURCE="/etc/nginx/conf.d/peertube.template" -TARGET="/etc/nginx/conf.d/default.conf" +# Process the nginx template +SOURCE_FILE="/etc/nginx/conf.d/peertube.template" +TARGET_FILE="/etc/nginx/conf.d/default.conf" export WEBSERVER_HOST="default_server" export PEERTUBE_HOST="peertube:9000" -envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET +envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE # Remove HTTPS/SSL from nginx conf -sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET +sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE nginx -g "daemon off;" \ No newline at end of file -- cgit v1.2.3