From e962e1c3c52b77075ec7b46ed0984476684551ab Mon Sep 17 00:00:00 2001 From: Kim <1877318+kimsible@users.noreply.github.com> Date: Mon, 24 Feb 2020 15:30:14 +0100 Subject: [PATCH] Chore/docker-documentation-improvements (#2494) * unify env_var names to replace * detail more and improve docker doc * fix title * move acme email and domains to traefik command * add details about TRAEFIK_ACME_* variables * Fix preview links from /develop to /master --- support/doc/docker.md | 88 +++++++++++++++---- support/docker/production/.env | 23 +++-- support/docker/production/config/traefik.toml | 11 --- support/docker/production/docker-compose.yml | 5 +- 4 files changed, 88 insertions(+), 39 deletions(-) diff --git a/support/doc/docker.md b/support/doc/docker.md index b251329d0..2ee922b87 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md @@ -14,43 +14,95 @@ PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want to quickly set up a full environment, either for trying the service or in production, you can use a `docker-compose` setup. +#### Go to your peertube workdir ```shell -$ cd /your/peertube/directory -$ mkdir ./docker-volume && mkdir ./docker-volume/traefik -$ curl "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml" > ./docker-volume/traefik/traefik.toml -$ touch ./docker-volume/traefik/acme.json && chmod 600 ./docker-volume/traefik/acme.json -$ curl -s "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml" -o docker-compose.yml "https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env" -o .env +cd /your/peertube/directory ``` -View the source of the files you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/docker-compose.yml) and the [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/config/traefik.toml) and the [.env](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env) -Update the reverse proxy configuration: +#### Create the reverse proxy configuration directory ```shell -$ vim ./docker-volume/traefik/traefik.toml +mkdir -p ./docker-volume/traefik ``` -Tweak the `docker-compose.yml` file there according to your needs: +#### Get the latest reverse proxy configuration ```shell -$ vim ./docker-compose.yml +curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml ``` -Then tweak the `.env` file to change the environment variables: +View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml) + +#### Create Let's Encrypt ACME certificates as JSON file ```shell -$ vim ./.env +touch ./docker-volume/traefik/acme.json ``` -If you did not download the .env file above, here you can look at the variables that can be set: -https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env +Needs to have file mode 600: +```shell +chmod 600 ./docker-volume/traefik/acme.json +``` + +#### Get the latest Compose file + +```shell +curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml +``` + +View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml) + + +#### Get the latest env_file + +```shell +curl https://raw.github.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env +``` + +View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env) + +#### Update the reverse proxy configuration + +```shell +vim ./docker-volume/traefik/traefik.toml +``` + +~~You must replace `` and `` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file. + +More at: https://docs.traefik.io/v1.7 + +#### Tweak the `docker-compose.yml` file there according to your needs + +```shell +vim ./docker-compose.yml +``` + +#### Then tweak the `.env` file to change the environment variables + +```shell +vim ./.env +``` +In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace: +- `` +- `` +- `` +- `` without 'https://' +- `` Other environment variables are used in -`support/docker/production/config/custom-environment-variables.yaml` and can be +[/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be intuited from usage. -You can use the regular `up` command to set it up: +#### Testing local Docker setup + +To test locally your Docker setup, you must add your domain (``) in `/etc/hosts`: +``` +127.0.0.1 localhost mydomain.tld +``` + +#### You can use the regular `up` command to set it up ```shell -$ docker-compose up +docker-compose up ``` ### Obtaining Your Automatically Generated Admin Credentials Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. @@ -88,5 +140,5 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster ## Development -We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/develop/.github/CONTRIBUTING.md#develop) +We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) for more information on how you can hack PeerTube! diff --git a/support/docker/production/.env b/support/docker/production/.env index 95ca42d69..0321b04ae 100644 --- a/support/docker/production/.env +++ b/support/docker/production/.env @@ -1,10 +1,11 @@ -POSTGRES_USER=peertube -POSTGRES_PASSWORD=peertube -POSTGRES_DB=peertube -PEERTUBE_DB_USERNAME=$(POSTGRES_USER) -PEERTUBE_DB_PASSWORD=$(POSTGRES_PASSWORD) +POSTGRES_USER= +POSTGRES_PASSWORD= +POSTGRES_DB= +PEERTUBE_DB_USERNAME= +PEERTUBE_DB_PASSWORD= +# PEERTUBE_DB_HOSTNAME is the Postgres service name in docker-compose.yml PEERTUBE_DB_HOSTNAME=postgres -PEERTUBE_WEBSERVER_HOSTNAME=domain.tld +PEERTUBE_WEBSERVER_HOSTNAME= PEERTUBE_WEBSERVER_PORT=443 PEERTUBE_WEBSERVER_HTTPS=true # If you need more than one IP as trust_proxy @@ -14,11 +15,15 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"] #PEERTUBE_SMTP_PASSWORD= PEERTUBE_SMTP_HOSTNAME=postfix PEERTUBE_SMTP_PORT=25 -PEERTUBE_SMTP_FROM=noreply@domain.tld +PEERTUBE_SMTP_FROM=noreply@ PEERTUBE_SMTP_TLS=false PEERTUBE_SMTP_DISABLE_STARTTLS=false -PEERTUBE_ADMIN_EMAIL=admin@domain.tld -POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} +PEERTUBE_ADMIN_EMAIL= +POSTFIX_myhostname= +TRAEFIK_ACME_EMAIL= +# If you need to obtain ACME certificates for more than one DOMAIN +# pass them as a comma separated string +TRAEFIK_ACME_DOMAINS= # /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ #PEERTUBE_SIGNUP_ENABLED=true #PEERTUBE_TRANSCODING_ENABLED=true diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml index 6abced3db..1d7d207fd 100644 --- a/support/docker/production/config/traefik.toml +++ b/support/docker/production/config/traefik.toml @@ -37,12 +37,6 @@ defaultEntryPoints = ["http", "https"] # Enable ACME (Let's Encrypt): automatic SSL. [acme] -# Email address used for registration. -# -# Required -# -email = "" - # File or key used for certificates storage. # # Required @@ -57,11 +51,6 @@ storage = "/etc/acme.json" # entryPoint = "https" -# Domains list. -# -[[acme.domains]] - main = "" - # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge # # Optional but recommend diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index b81a8745b..72b08b855 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml @@ -5,7 +5,10 @@ services: reverse-proxy: image: traefik:v1.7 network_mode: "host" - command: --docker # Tells Træfik to listen to docker + command: + - "--docker" # Tells Træfik to listen to docker + - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email + - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list ports: - "80:80" # The HTTP port - "443:443" # The HTTPS port -- 2.25.1