Add production Alpine and Debian Stretch Docker images (#225)

* First pass at a (swarm-compatible) docker image

Uses an existing traefik server as a https reverse proxy.

* Add example config for a Docker swarm deployment

* Point to traefik config for docker compose setup

* Clarify that traefik is needed for the example config

* Use node:8-stretch base image and don't install yarn

(The base image already contains yarn.)

* Initial commit for an Alpine Docker image

* Fix docker volume path

* Merge #213 and #225 and move files around

* Remove unnecessary dependencies from the alpine build

* Update Dockerfiles to match install path, config path, etc.

* Update the configuration in the example compose file

* Update the configuration in the example swarm file

* Remove the declared networks and volumes from the compose example, which are not strictly required

* Update attachment path in the documentation

* Display traefik as a suggestion and not a required dependency

* Update the Docker ignored files

* Fix typos reported in #225

* Move production Dockerfiles to a production directory

* Add the redis configuration settings

* Add Docker files to the dockerignore

* Make the signup limit configurable
pull/267/head
kaiyou 2018-01-29 08:52:20 +01:00 committed by Chocobozzz
parent 8dfd8fd7ca
commit e8395f027b
9 changed files with 290 additions and 2 deletions

10
.dockerignore Normal file
View File

@ -0,0 +1,10 @@
*.swp
*.md
.git
.github
config
support/doc
support/nginx
support/systemd
support/docker/*/Dockerfile.*
support/docker/*/*.yml

View File

@ -139,6 +139,26 @@ BitTorrent) inside the web browser, as of today.
* OpenSSL (cli)
* FFmpeg
## Run using Docker
You can quickly get a server running using Docker. You need to have [docker](https://www.docker.com/community-edition) and [docker-compose](https://docs.docker.com/compose/install/) installed.
For this example configuration, you should also run a reverse proxy. The example
Docker Compose file provides example labels for the Traefik load balancer,
though any HTTP reverse proxy is compatible.
Example for running a peertube server locally:
```bash
sudo \
PEERTUBE_HOSTNAME=peertube.lvh.me \
PEERTUBE_ADMIN_EMAIL=test@example.com \
PEERTUBE_TRANSCODING_ENABLED=true \
docker-compose up app
```
(Get the initial root user password from the program output.)
## Production
See the [production guide](support/doc/production.md).

View File

@ -315,3 +315,21 @@ $ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19
pg_restore -U peertube -c -d peertube_prod "$SQL_BACKUP_PATH"
sudo systemctl restart peertube
```
## Installation on Docker Swarm
There is an example configuration for deploying peertube and a postgres database as a Docker swarm stack. It works like this:
(_Note_: You need to make sure to set `traefik` and `peertube` labels on the target node(s) for this configuration to work.)
1. Install a traefik loadbalancer stack (including Let's Encrypt) on your docker swarm. [Here](https://gist.github.com/djmaze/2684fbf147d775c8ee441b4302554823) is an example configuration.
2. Copy the [example stack file](support/docker/production/docker-stack.example.yml) for peertube:
scp support/docker/production/docker-stack.example.yml root@your-server:/path/to/your/swarm-config/peertube.yml
2. Have a look at the file and adjust the variables to your need.
3. Deploy the stack:
docker stack deploy -c peertube.yml peertube

View File

@ -0,0 +1,24 @@
FROM node:8-alpine
# Install dependencies
RUN apk add --no-cache ffmpeg openssl bash make g++ git \
&& apk add --no-cache --repository https://dl-3.alpinelinux.org/alpine/edge/testing/ vips-dev fftw-dev
# Install the application
WORKDIR /app
COPY . ./
RUN bash -c 'yarn install --pure-lockfile && npm run build'
# Configure the application
RUN addgroup -g 991 peertube \
&& adduser -D -u 991 -G peertube -h /data peertube
USER peertube
ENV NODE_ENV production
ENV NODE_CONFIG_DIR /app/support/docker/production/config/
# Run the application
CMD ["npm", "start"]
VOLUME ["/data"]
EXPOSE 9000

View File

@ -0,0 +1,25 @@
FROM node:8-stretch
# Install dependencies
RUN apt-get update \
&& apt-get -y install ffmpeg \
&& rm /var/lib/apt/lists/* -fR
# Install the application
WORKDIR /app
COPY . ./
RUN yarn install --pure-lockfile && npm run build
# Configure the application
RUN groupadd -g 991 peertube \
&& useradd -u 991 -g peertube -d /data -m peertube
USER peertube
ENV NODE_ENV production
ENV NODE_CONFIG_DIR /app/support/docker/production/config
# Run the application
CMD ["npm", "start"]
VOLUME ["/data"]
EXPOSE 9000

View File

@ -0,0 +1,40 @@
webserver:
hostname: "PEERTUBE_HOSTNAME"
port:
__name: "PEERTUBE_PORT"
__format: "json"
https:
__name: "PEERTUBE_HTTPS"
__format: "json"
database:
hostname: "PEERTUBE_DB_HOSTNAME"
port:
__name: "PEERTUBE_DB_PORT"
__format: "json"
suffix: "PEERTUBE_DB_SUFFIX"
username: "PEERTUBE_DB_USERNAME"
password: "PEERTUBE_DB_PASSWORD"
redis:
hostname: "PEERTUBE_REDIS_HOSTNAME"
port:
__name: "PEERTUBE_REDIS_PORT"
__format: "json"
auth: "PEERTUBE_REDIS_AUTH"
admin:
email: "PEERTUBE_ADMIN_EMAIL"
signup:
enabled:
__name: "PEERTUBE_SIGNUP_ENABLED"
__format: "json"
limit:
__name: "PEETUBE_SIGNUP_LIMIT"
__format: "json"
transcoding:
enabled:
__name: "PEERTUBE_TRANSCODING_ENABLED"
__format: "json"

View File

@ -0,0 +1,64 @@
listen:
port: 9000
# Correspond to your reverse proxy "listen" configuration
webserver:
https: true
hostname: undefined
port: 443
# Your database name will be "peertube"+database.suffix
database:
hostname: 'db'
port: 5432
suffix: ''
username: 'postgres'
password: 'postgres'
# Redis server for short time storage
redis:
hostname: 'redis'
port: 6379
auth: null
# From the project root directory
storage:
avatars: '../data/avatars/'
certs: '../data/certs/'
videos: '../data/videos/'
logs: '../data/logs/'
previews: '../data/previews/'
thumbnails: '../data/thumbnails/'
torrents: '../data/torrents/'
cache: '../data/cache/'
log:
level: 'info' # debug/info/warning/error
cache:
previews:
size: 100 # Max number of previews you want to cache
admin:
email: undefined
signup:
enabled: false
limit: -1
user:
# Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
# -1 == unlimited
video_quota: -1
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# Uses a lot of CPU!
transcoding:
enabled: false
threads: 2
resolutions: # Only created if the original video has a higher resolution
240p: true
360p: true
480p: true
720p: true
1080p: true

View File

@ -0,0 +1,35 @@
version: "3.3"
services:
peertube:
build: .
image: peertube:stretch
environment:
PEERTUBE_HOSTNAME: my.domain.tld
PEERTUBE_PORT: 443
PEERTUBE_HTTPS: true
PEERTUBE_ADMIN_EMAIL: admin@domain.tld
PEERTUBE_DB_USERNAME: user
PEERTUBE_DB_PASSWORD: password
PEERTUBE_SIGNUP_ENABLED: true
PEERTUBE_TRANSCODING_ENABLED: true
# Traefik labels are suggested as an example for people using Traefik,
# remove them if you are using another reverse proxy.
labels:
traefik.enable: "true"
traefik.frontend.rule: "Host:${PEERTUBE_HOSTNAME}"
traefik.port: "9000"
volumes:
- ./data:/usr/src/app/data
depends_on:
- db
db:
image: postgres:10
environment:
POSTGRES_USERNAME: user
POSTGRES_PASSWORD: password
POSTGRES_DB: peertube_prod
volumes:
- ./db:/var/lib/postgresql/data

View File

@ -0,0 +1,52 @@
version: "3.3"
services:
app:
image: peertube:stretch
environment:
PEERTUBE_HOSTNAME: my.domain.tld
PEERTUBE_PORT: 443
PEERTUBE_HTTPS: true
PEERTUBE_ADMIN_EMAIL: admin@domain.tld
PEERTUBE_DB_USERNAME: user
PEERTUBE_DB_PASSWORD: password
PEERTUBE_SIGNUP_ENABLED: true
PEERTUBE_TRANSCODING_ENABLED: true
labels: &labels
traefik.frontend.rule: "Host:my.domain.tld"
traefik.docker.network: traefik
traefik.port: "9000"
volumes:
- app_data:/usr/src/app/data
networks:
- traefik
- backend
depends_on:
- db
deploy:
labels: *labels
placement:
constraints:
- node.labels.peertube == 1
db:
image: postgres:10
environment:
POSTGRES_DB: peertube_prod
volumes:
- db_data:/var/lib/postgresql/data
networks:
- backend
deploy:
placement:
constraints:
- node.labels.peertube == 1
volumes:
app_data:
db_data:
networks:
backend:
traefik:
external: true