commit 5a3c073def176fd741d6935e724468fc91bdad3e Author: Felix Ableitner Date: Mon Mar 11 15:28:12 2019 +0100 Initial commit with config for testing.peertube.social diff --git a/.env b/.env new file mode 100644 index 0000000..4be50bd --- /dev/null +++ b/.env @@ -0,0 +1,17 @@ +PEERTUBE_DB_USERNAME=peertube +PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg +PEERTUBE_WEBSERVER_HOSTNAME=testing.peertube.social +PEERTUBE_WEBSERVER_PORT=443 +PEERTUBE_WEBSERVER_HTTPS=true +PEERTUBE_TRUST_PROXY=["127.0.0.1"] +# If you need more than one IP as trust_proxy +# pass them as a comma separated array: +#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"] +#PEERTUBE_SMTP_USERNAME= +#PEERTUBE_SMTP_PASSWORD= +PEERTUBE_SMTP_HOSTNAME=postfix +PEERTUBE_SMTP_PORT=25 +PEERTUBE_SMTP_FROM=info@testing.peertube.social +PEERTUBE_SMTP_TLS=false +#PEERTUBE_SMTP_DISABLE_STARTTLS=false +PEERTUBE_ADMIN_EMAIL=info@testing.peertube.social diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1e14d28 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +docker-volume/ diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..d9594a2 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,64 @@ +version: "3.3" + +services: + + traefik: + image: traefik:1.7-alpine + command: --docker # Tells Træfik to listen to docker + ports: + - "80:80" # The HTTP port + - "443:443" # The HTTPS port + volumes: + - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events + - ./docker-volume/traefik/acme.json:/etc/acme.json + - ./traefik.toml:/traefik.toml + restart: "always" + # If you want to use the Traefik dashboard, you should expose it on a + # subdomain with HTTPS and authentification: + # https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f + # https://github.com/containous/traefik/issues/880#issuecomment-310301168 + + peertube: + image: chocobozzz/peertube:v1.2.1-stretch + env_file: + - .env + labels: + traefik.enable: "true" + traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" + traefik.port: "9000" + volumes: + - ./docker-volume/data:/data + - ./docker-volume/config:/config + depends_on: + - postgres + - redis + - postfix + restart: "always" + + postgres: + image: postgres:10-alpine + environment: + POSTGRES_USER: ${PEERTUBE_DB_USERNAME} + POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD} + POSTGRES_DB: peertube + volumes: + - ./docker-volume/db:/var/lib/postgresql/data + restart: "always" + labels: + traefik.enable: "false" + + redis: + image: redis:5-alpine + volumes: + - ./docker-volume/redis:/data + restart: "always" + labels: + - "traefik.enable=false" + + postfix: + image: mwader/postfix-relay + environment: + - POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} + labels: + traefik.enable: "false" + restart: "always" diff --git a/traefik.toml b/traefik.toml new file mode 100644 index 0000000..ffcac5e --- /dev/null +++ b/traefik.toml @@ -0,0 +1,75 @@ +# Uncomment this line in order to enable debugging through logs +# debug = true +defaultEntryPoints = ["http", "https"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + MinVersion = "VersionTLS12" + CurvePreferences = [ + "CurveP521", + "CurveP384", + "CurveP256" + ] + PreferServerCipherSuites = true + CipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_256_CBC_SHA" + ] + FrameDeny = false # here we don't want to deny frames since we have an embed + STSIncludeSubdomains = true + STSSeconds = 315360000 + STSPreload = true + ContentTypeNosniff = true + BrowserXssFilter = true + + +# Enable ACME (Let's Encrypt): automatic SSL. +[acme] + +# Email address used for registration. +# +# Required +# +email = "me@nutomic.com" + +# File or key used for certificates storage. +# +# Required +# +storage = "/etc/acme.json" +# or `storage = "traefik/acme/account"` if using KV store. + +# Entrypoint to proxy acme apply certificates to. +# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443 +# +# Required +# +entryPoint = "https" + +# Domains list. +# +[[acme.domains]] + main = "testing.peertube.social" + +# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge +# +# Optional but recommend +# +[acme.httpChallenge] + + # EntryPoint to use for the challenges. + # + # Required + # + entryPoint = "http"