Add production Alpine and Debian Stretch Docker images (#225)

* First pass at a (swarm-compatible) docker image

Uses an existing traefik server as a https reverse proxy.

* Add example config for a Docker swarm deployment

* Point to traefik config for docker compose setup

* Clarify that traefik is needed for the example config

* Use node:8-stretch base image and don't install yarn

(The base image already contains yarn.)

* Initial commit for an Alpine Docker image

* Fix docker volume path

* Merge #213 and #225 and move files around

* Remove unnecessary dependencies from the alpine build

* Update Dockerfiles to match install path, config path, etc.

* Update the configuration in the example compose file

* Update the configuration in the example swarm file

* Remove the declared networks and volumes from the compose example, which are not strictly required

* Update attachment path in the documentation

* Display traefik as a suggestion and not a required dependency

* Update the Docker ignored files

* Fix typos reported in #225

* Move production Dockerfiles to a production directory

* Add the redis configuration settings

* Add Docker files to the dockerignore

* Make the signup limit configurable

.dockerignore

@@ -0,0 +1,10 @@
+*.swp
+*.md
+.git
+.github
+config
+support/doc
+support/nginx
+support/systemd
+support/docker/*/Dockerfile.*
+support/docker/*/*.yml

README.md

@@ -65,8 +65,8 @@ donating to them](https://soutenir.framasoft.org/en/).**
 Want to see it in action?
 
    * Demonstration servers:
-     * [peertube.cpy.re](http://peertube.cpy.re) 
+     * [peertube.cpy.re](http://peertube.cpy.re)
-     * [peertube2.cpy.re](http://peertube2.cpy.re) 
+     * [peertube2.cpy.re](http://peertube2.cpy.re)
      * [peertube3.cpy.re](http://peertube3.cpy.re)
    * [Video](https://peertube.cpy.re/videos/watch/f78a97f8-a142-4ce1-a5bd-154bf9386504)
      to see what the "decentralization feature" looks like
@@ -139,6 +139,26 @@ BitTorrent) inside the web browser, as of today.
   * OpenSSL (cli)
   * FFmpeg
 
+## Run using Docker
+
+You can quickly get a server running using Docker. You need to have [docker](https://www.docker.com/community-edition) and [docker-compose](https://docs.docker.com/compose/install/) installed.
+
+For this example configuration, you should also run a reverse proxy. The example
+Docker Compose file provides example labels for the Traefik load balancer,
+though any HTTP reverse proxy is compatible.
+
+Example for running a peertube server locally:
+
+```bash
+sudo \
+  PEERTUBE_HOSTNAME=peertube.lvh.me \
+  PEERTUBE_ADMIN_EMAIL=test@example.com \
+  PEERTUBE_TRANSCODING_ENABLED=true \
+  docker-compose up app
+```
+
+(Get the initial root user password from the program output.)
+
 ## Production
 
 See the [production guide](support/doc/production.md).

support/doc/production.md

@@ -315,3 +315,21 @@ $ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19
     pg_restore -U peertube -c -d peertube_prod "$SQL_BACKUP_PATH"
     sudo systemctl restart peertube
 ```
+
+## Installation on Docker Swarm
+
+There is an example configuration for deploying peertube and a postgres database as a Docker swarm stack. It works like this:
+
+(_Note_: You need to make sure to set `traefik` and `peertube` labels on the target node(s) for this configuration to work.)
+
+1. Install a traefik loadbalancer stack (including Let's Encrypt) on your docker swarm. [Here](https://gist.github.com/djmaze/2684fbf147d775c8ee441b4302554823) is an example configuration.
+
+2. Copy the [example stack file](support/docker/production/docker-stack.example.yml) for peertube:
+
+        scp support/docker/production/docker-stack.example.yml root@your-server:/path/to/your/swarm-config/peertube.yml
+
+2. Have a look at the file and adjust the variables to your need.
+
+3. Deploy the stack:
+
+        docker stack deploy -c peertube.yml peertube

support/docker/production/Dockerfile.alpine

@@ -0,0 +1,24 @@
+FROM node:8-alpine
+
+# Install dependencies
+RUN apk add --no-cache ffmpeg openssl bash make g++ git \
+ && apk add --no-cache --repository https://dl-3.alpinelinux.org/alpine/edge/testing/ vips-dev fftw-dev
+
+# Install the application
+WORKDIR /app
+
+COPY . ./
+RUN bash -c 'yarn install --pure-lockfile && npm run build'
+
+# Configure the application
+RUN addgroup -g 991 peertube \
+ && adduser -D -u 991 -G peertube -h /data peertube
+USER peertube
+
+ENV NODE_ENV production
+ENV NODE_CONFIG_DIR /app/support/docker/production/config/
+
+# Run the application
+CMD ["npm", "start"]
+VOLUME ["/data"]
+EXPOSE 9000

support/docker/production/Dockerfile.stretch

@@ -0,0 +1,25 @@
+FROM node:8-stretch
+
+# Install dependencies
+RUN apt-get update \
+ && apt-get -y install ffmpeg \
+ && rm /var/lib/apt/lists/* -fR
+
+# Install the application
+WORKDIR /app
+
+COPY . ./
+RUN yarn install --pure-lockfile && npm run build
+
+# Configure the application
+RUN groupadd -g 991 peertube \
+ && useradd -u 991 -g peertube -d /data -m peertube
+USER peertube
+
+ENV NODE_ENV production
+ENV NODE_CONFIG_DIR /app/support/docker/production/config
+
+# Run the application
+CMD ["npm", "start"]
+VOLUME ["/data"]
+EXPOSE 9000

support/docker/production/config/custom-environment-variables.yaml

@@ -0,0 +1,40 @@
+webserver:
+  hostname: "PEERTUBE_HOSTNAME"
+  port:
+    __name: "PEERTUBE_PORT"
+    __format: "json"
+  https:
+    __name: "PEERTUBE_HTTPS"
+    __format: "json"
+
+database:
+  hostname: "PEERTUBE_DB_HOSTNAME"
+  port:
+    __name: "PEERTUBE_DB_PORT"
+    __format: "json"
+  suffix: "PEERTUBE_DB_SUFFIX"
+  username: "PEERTUBE_DB_USERNAME"
+  password: "PEERTUBE_DB_PASSWORD"
+
+redis:
+  hostname: "PEERTUBE_REDIS_HOSTNAME"
+  port:
+    __name: "PEERTUBE_REDIS_PORT"
+    __format: "json"
+  auth: "PEERTUBE_REDIS_AUTH"
+
+admin:
+  email: "PEERTUBE_ADMIN_EMAIL"
+
+signup:
+  enabled:
+    __name: "PEERTUBE_SIGNUP_ENABLED"
+    __format: "json"
+  limit:
+    __name: "PEETUBE_SIGNUP_LIMIT"
+    __format: "json"
+
+transcoding:
+  enabled:
+    __name: "PEERTUBE_TRANSCODING_ENABLED"
+    __format: "json"

support/docker/production/config/production.yaml

@@ -0,0 +1,64 @@
+listen:
+  port: 9000
+
+# Correspond to your reverse proxy "listen" configuration
+webserver:
+  https: true
+  hostname: undefined
+  port: 443
+
+# Your database name will be "peertube"+database.suffix
+database:
+  hostname: 'db'
+  port: 5432
+  suffix: ''
+  username: 'postgres'
+  password: 'postgres'
+
+# Redis server for short time storage
+redis:
+  hostname: 'redis'
+  port: 6379
+  auth: null
+
+# From the project root directory
+storage:
+  avatars: '../data/avatars/'
+  certs: '../data/certs/'
+  videos: '../data/videos/'
+  logs: '../data/logs/'
+  previews: '../data/previews/'
+  thumbnails: '../data/thumbnails/'
+  torrents: '../data/torrents/'
+  cache: '../data/cache/'
+
+log:
+  level: 'info' # debug/info/warning/error
+
+cache:
+  previews:
+    size: 100 # Max number of previews you want to cache
+
+admin:
+  email: undefined
+
+signup:
+  enabled: false
+  limit: -1
+
+user:
+  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
+  # -1 == unlimited
+  video_quota: -1
+
+# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
+# Uses a lot of CPU!
+transcoding:
+  enabled: false
+  threads: 2
+  resolutions: # Only created if the original video has a higher resolution
+    240p: true
+    360p: true
+    480p: true
+    720p: true
+    1080p: true

support/docker/production/docker-compose.yml

@@ -0,0 +1,35 @@
+version: "3.3"
+
+services:
+  peertube:
+
+    build: .
+    image: peertube:stretch
+    environment:
+      PEERTUBE_HOSTNAME: my.domain.tld
+      PEERTUBE_PORT: 443
+      PEERTUBE_HTTPS: true
+      PEERTUBE_ADMIN_EMAIL: admin@domain.tld
+      PEERTUBE_DB_USERNAME: user
+      PEERTUBE_DB_PASSWORD: password
+      PEERTUBE_SIGNUP_ENABLED: true
+      PEERTUBE_TRANSCODING_ENABLED: true
+    # Traefik labels are suggested as an example for people using Traefik,
+    # remove them if you are using another reverse proxy.
+    labels:
+      traefik.enable: "true"
+      traefik.frontend.rule: "Host:${PEERTUBE_HOSTNAME}"
+      traefik.port: "9000"
+    volumes:
+      - ./data:/usr/src/app/data
+    depends_on:
+      - db
+
+  db:
+    image: postgres:10
+    environment:
+      POSTGRES_USERNAME: user
+      POSTGRES_PASSWORD: password
+      POSTGRES_DB: peertube_prod
+    volumes:
+      - ./db:/var/lib/postgresql/data

support/docker/production/swarm-stack.sample.yml

@@ -0,0 +1,52 @@
+version: "3.3"
+
+services:
+  app:
+    image: peertube:stretch
+    environment:
+      PEERTUBE_HOSTNAME: my.domain.tld
+      PEERTUBE_PORT: 443
+      PEERTUBE_HTTPS: true
+      PEERTUBE_ADMIN_EMAIL: admin@domain.tld
+      PEERTUBE_DB_USERNAME: user
+      PEERTUBE_DB_PASSWORD: password
+      PEERTUBE_SIGNUP_ENABLED: true
+      PEERTUBE_TRANSCODING_ENABLED: true
+    labels: &labels
+      traefik.frontend.rule: "Host:my.domain.tld"
+      traefik.docker.network: traefik
+      traefik.port: "9000"
+    volumes:
+      - app_data:/usr/src/app/data
+    networks:
+      - traefik
+      - backend
+    depends_on:
+      - db
+    deploy:
+      labels: *labels
+      placement:
+        constraints:
+        - node.labels.peertube == 1
+
+  db:
+    image: postgres:10
+    environment:
+      POSTGRES_DB: peertube_prod
+    volumes:
+      - db_data:/var/lib/postgresql/data
+    networks:
+      - backend
+    deploy:
+      placement:
+        constraints:
+        - node.labels.peertube == 1
+
+volumes:
+  app_data:
+  db_data:
+
+networks:
+  backend:
+  traefik:
+    external: true