Initial commit with config for testing.peertube.social

This commit is contained in:
Felix Ableitner 2019-03-11 15:28:12 +01:00
commit 5a3c073def
4 changed files with 157 additions and 0 deletions

17
.env Normal file
View file

@ -0,0 +1,17 @@
PEERTUBE_DB_USERNAME=peertube
PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg
PEERTUBE_WEBSERVER_HOSTNAME=testing.peertube.social
PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true
PEERTUBE_TRUST_PROXY=["127.0.0.1"]
# If you need more than one IP as trust_proxy
# pass them as a comma separated array:
#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=
PEERTUBE_SMTP_HOSTNAME=postfix
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=info@testing.peertube.social
PEERTUBE_SMTP_TLS=false
#PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=info@testing.peertube.social

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
docker-volume/

64
docker-compose.yaml Normal file
View file

@ -0,0 +1,64 @@
version: "3.3"
services:
traefik:
image: traefik:1.7-alpine
command: --docker # Tells Træfik to listen to docker
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./docker-volume/traefik/acme.json:/etc/acme.json
- ./traefik.toml:/traefik.toml
restart: "always"
# If you want to use the Traefik dashboard, you should expose it on a
# subdomain with HTTPS and authentification:
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f
# https://github.com/containous/traefik/issues/880#issuecomment-310301168
peertube:
image: chocobozzz/peertube:v1.2.1-stretch
env_file:
- .env
labels:
traefik.enable: "true"
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
traefik.port: "9000"
volumes:
- ./docker-volume/data:/data
- ./docker-volume/config:/config
depends_on:
- postgres
- redis
- postfix
restart: "always"
postgres:
image: postgres:10-alpine
environment:
POSTGRES_USER: ${PEERTUBE_DB_USERNAME}
POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD}
POSTGRES_DB: peertube
volumes:
- ./docker-volume/db:/var/lib/postgresql/data
restart: "always"
labels:
traefik.enable: "false"
redis:
image: redis:5-alpine
volumes:
- ./docker-volume/redis:/data
restart: "always"
labels:
- "traefik.enable=false"
postfix:
image: mwader/postfix-relay
environment:
- POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME}
labels:
traefik.enable: "false"
restart: "always"

75
traefik.toml Normal file
View file

@ -0,0 +1,75 @@
# Uncomment this line in order to enable debugging through logs
# debug = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CurvePreferences = [
"CurveP521",
"CurveP384",
"CurveP256"
]
PreferServerCipherSuites = true
CipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA"
]
FrameDeny = false # here we don't want to deny frames since we have an embed
STSIncludeSubdomains = true
STSSeconds = 315360000
STSPreload = true
ContentTypeNosniff = true
BrowserXssFilter = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
# Email address used for registration.
#
# Required
#
email = "me@nutomic.com"
# File or key used for certificates storage.
#
# Required
#
storage = "/etc/acme.json"
# or `storage = "traefik/acme/account"` if using KV store.
# Entrypoint to proxy acme apply certificates to.
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"
# Domains list.
#
[[acme.domains]]
main = "testing.peertube.social"
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#
# Optional but recommend
#
[acme.httpChallenge]
# EntryPoint to use for the challenges.
#
# Required
#
entryPoint = "http"