move traefik to its own override file
This commit is contained in:
parent
e604efcb71
commit
b8f3e6b00b
|
@ -0,0 +1,44 @@
|
|||
### Docker + Traefik
|
||||
|
||||
After following the [docker guide](/support/doc/docker.md), you can choose to run traefik
|
||||
as your reverse-proxy.
|
||||
|
||||
#### Create the reverse proxy configuration directory
|
||||
|
||||
```shell
|
||||
mkdir -p ./docker-volume/traefik
|
||||
```
|
||||
|
||||
#### Get the latest reverse proxy configuration
|
||||
|
||||
```shell
|
||||
curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
|
||||
```
|
||||
|
||||
View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
|
||||
|
||||
#### Create Let's Encrypt ACME certificates as JSON file
|
||||
|
||||
```shell
|
||||
touch ./docker-volume/traefik/acme.json
|
||||
```
|
||||
Needs to have file mode 600:
|
||||
```shell
|
||||
chmod 600 ./docker-volume/traefik/acme.json
|
||||
```
|
||||
|
||||
#### Update the reverse proxy configuration
|
||||
|
||||
```shell
|
||||
$EDITOR ./docker-volume/traefik/traefik.toml
|
||||
```
|
||||
|
||||
~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
|
||||
|
||||
More at: https://docs.traefik.io/v1.7
|
||||
|
||||
#### Run with traefik
|
||||
|
||||
```shell
|
||||
docker-compose -f {docker-compose.yml,docker-compose.traefik.yml} up -d
|
||||
```
|
|
@ -1,48 +1,21 @@
|
|||
# Docker guide
|
||||
|
||||
You can quickly get a server running using Docker. You need to have
|
||||
[docker](https://www.docker.com/community-edition) and
|
||||
This guide requires [docker](https://www.docker.com/community-edition) and
|
||||
[docker-compose](https://docs.docker.com/compose/install/) installed.
|
||||
|
||||
## Production
|
||||
|
||||
### Install
|
||||
|
||||
**PeerTube does not support webserver host change**. Keep in mind your domain name is definitive after your first PeerTube start.
|
||||
|
||||
PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want
|
||||
to quickly set up a full environment, either for trying the service or in
|
||||
production, you can use a `docker-compose` setup.
|
||||
**PeerTube does not support webserver host change**. Keep in mind your domain
|
||||
name is definitive after your first PeerTube start.
|
||||
|
||||
#### Go to your peertube workdir
|
||||
|
||||
```shell
|
||||
cd /your/peertube/directory
|
||||
```
|
||||
|
||||
#### Create the reverse proxy configuration directory
|
||||
|
||||
```shell
|
||||
mkdir -p ./docker-volume/traefik
|
||||
```
|
||||
|
||||
#### Get the latest reverse proxy configuration
|
||||
|
||||
```shell
|
||||
curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
|
||||
```
|
||||
|
||||
View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
|
||||
|
||||
#### Create Let's Encrypt ACME certificates as JSON file
|
||||
|
||||
```shell
|
||||
touch ./docker-volume/traefik/acme.json
|
||||
```
|
||||
Needs to have file mode 600:
|
||||
```shell
|
||||
chmod 600 ./docker-volume/traefik/acme.json
|
||||
```
|
||||
|
||||
#### Get the latest Compose file
|
||||
|
||||
```shell
|
||||
|
@ -51,7 +24,6 @@ curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker
|
|||
|
||||
View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml)
|
||||
|
||||
|
||||
#### Get the latest env_file
|
||||
|
||||
```shell
|
||||
|
@ -60,27 +32,18 @@ curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker
|
|||
|
||||
View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env)
|
||||
|
||||
#### Update the reverse proxy configuration
|
||||
|
||||
```shell
|
||||
vim ./docker-volume/traefik/traefik.toml
|
||||
```
|
||||
|
||||
~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
|
||||
|
||||
More at: https://docs.traefik.io/v1.7
|
||||
|
||||
#### Tweak the `docker-compose.yml` file there according to your needs
|
||||
|
||||
```shell
|
||||
vim ./docker-compose.yml
|
||||
$EDITOR ./docker-compose.yml
|
||||
```
|
||||
|
||||
#### Then tweak the `.env` file to change the environment variables
|
||||
|
||||
```shell
|
||||
vim ./.env
|
||||
$EDITOR ./.env
|
||||
```
|
||||
|
||||
In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace:
|
||||
- `<MY POSTGRES USERNAME>`
|
||||
- `<MY POSTGRES PASSWORD>`
|
||||
|
@ -103,10 +66,12 @@ To test locally your Docker setup, you must add your domain (`<MY DOMAIN>`) in `
|
|||
```shell
|
||||
docker-compose up
|
||||
```
|
||||
### Obtaining Your Automatically Generated Admin Credentials
|
||||
Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password.
|
||||
You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this.
|
||||
```BASH
|
||||
|
||||
### Obtaining your automatically-generated admin credentials
|
||||
|
||||
Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this.
|
||||
|
||||
```bash
|
||||
user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root
|
||||
|
||||
peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root
|
||||
|
@ -114,9 +79,12 @@ peertube_1 | [example.com:443] 2019-11-16 04:26:06.083 info: User password: abc
|
|||
```
|
||||
|
||||
### Obtaining Your Automatically Generated DKIM DNS TXT Record
|
||||
|
||||
[DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/).
|
||||
Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain :
|
||||
```BASH
|
||||
|
||||
Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain :
|
||||
|
||||
```bash
|
||||
user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt
|
||||
|
||||
peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
|
||||
|
@ -154,5 +122,4 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster
|
|||
|
||||
## Development
|
||||
|
||||
We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop)
|
||||
for more information on how you can hack PeerTube!
|
||||
We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) for more information on how you can hack PeerTube!
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
version: "3.3"
|
||||
|
||||
services:
|
||||
|
||||
# The reverse-proxy only does SSL termination and automatic certificate generation. You can
|
||||
# replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
|
||||
reverse-proxy:
|
||||
image: traefik:v1.7
|
||||
network_mode: "host"
|
||||
command:
|
||||
- "--docker" # Tells Træfik to listen to docker
|
||||
- "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
|
||||
- "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
|
||||
ports:
|
||||
- "80:80" # serving HTTP
|
||||
- "443:443" # serving HTTPS
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
|
||||
- ./docker-volume/traefik/acme.json:/etc/acme.json
|
||||
- ./docker-volume/traefik/traefik.toml:/traefik.toml
|
||||
restart: "always"
|
||||
|
||||
webserver:
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
||||
traefik.port: "80"
|
|
@ -2,27 +2,9 @@ version: "3.3"
|
|||
|
||||
services:
|
||||
|
||||
# The reverse-proxy only does SSL termination and automatic certificate generation. You can
|
||||
# replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
|
||||
reverse-proxy:
|
||||
image: traefik:v1.7
|
||||
network_mode: "host"
|
||||
command:
|
||||
- "--docker" # Tells Træfik to listen to docker
|
||||
- "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
|
||||
- "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
|
||||
ports:
|
||||
- "80:80" # The HTTP port
|
||||
- "443:443" # The HTTPS port
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
|
||||
- ./docker-volume/traefik/acme.json:/etc/acme.json
|
||||
- ./docker-volume/traefik/traefik.toml:/traefik.toml
|
||||
restart: "always"
|
||||
|
||||
# The webserver is not required, but recommended since a lot of optimizations went to its
|
||||
# nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL,
|
||||
# so use it in production in tandem with an SSL-terminating reverse-proxy like above.
|
||||
# so use it in production in tandem with an SSL-terminating reverse-proxy.
|
||||
webserver:
|
||||
build:
|
||||
context: .
|
||||
|
@ -31,7 +13,7 @@ services:
|
|||
- .env
|
||||
# If you provide your own reverse-proxy, otherwise not suitable for production:
|
||||
#ports:
|
||||
# - "80:80"
|
||||
# - "9000:80" # serving HTTP
|
||||
volumes:
|
||||
- type: bind
|
||||
# Switch sources if you downloaded the nginx configuration without the whole repository
|
||||
|
@ -43,10 +25,6 @@ services:
|
|||
depends_on:
|
||||
- peertube
|
||||
restart: "always"
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
|
||||
traefik.port: "80"
|
||||
|
||||
peertube:
|
||||
# If you don't want to use the official image and build one from sources:
|
||||
|
@ -58,7 +36,7 @@ services:
|
|||
- .env
|
||||
# If you provide your own webserver and reverse-proxy, otherwise not suitable for production:
|
||||
#ports:
|
||||
# - "80:9000"
|
||||
# - "80:9000" # serving HTTP
|
||||
volumes:
|
||||
- assets:/app/client/dist
|
||||
- ./docker-volume/data:/data
|
||||
|
@ -70,7 +48,7 @@ services:
|
|||
restart: "always"
|
||||
|
||||
postgres:
|
||||
image: postgres:12-alpine
|
||||
image: postgres:10-alpine
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
|
@ -96,7 +74,7 @@ networks:
|
|||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 172.18.0.0/16
|
||||
- subnet: 172.18.0.0/16
|
||||
|
||||
volumes:
|
||||
assets:
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Process nginx template
|
||||
SOURCE="/etc/nginx/conf.d/peertube.template"
|
||||
TARGET="/etc/nginx/conf.d/default.conf"
|
||||
# Process the nginx template
|
||||
SOURCE_FILE="/etc/nginx/conf.d/peertube.template"
|
||||
TARGET_FILE="/etc/nginx/conf.d/default.conf"
|
||||
export WEBSERVER_HOST="default_server"
|
||||
export PEERTUBE_HOST="peertube:9000"
|
||||
|
||||
envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET
|
||||
envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE
|
||||
|
||||
# Remove HTTPS/SSL from nginx conf
|
||||
sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET
|
||||
sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE
|
||||
|
||||
nginx -g "daemon off;"
|
Loading…
Reference in New Issue