- support/docker/production/docker-compose.yml: addition of a nginx
image reusing support/nginx/peertube nginx conf to improve performance,
and lessen setup differences between the docker-compose install and the
typical production install.
- support/docker/production/docker-compose.yml: postgres 10 -> postgres
12, redis 4 -> redis 5. Postgres major updates implies manual upgrade.
- support/nginx/peertube: HTTP -> HTTPS redirection is now commented
by default, to allow its reuse in support/docker/production/docker-compose.yml.
* Update APP_DIR and CONFIG_DIR
APP_DIR is now in /var/www/peertube/peertube-latest (symbolic link).
CONFIG_DIR is now in /var/www/peertube/config
* Add OpenRC service script
Tested on Gentoo Linux.
* Suggest TCP/IP CoDel and BBR congestion control in production guide
This seems to be helping lots on my server, where the default
(Debian 9) was to use FIFO queueing which would cause buffer bloat
and huge latency for clients on slower network links.
* add import-youtube guide inside documentation
* safer to use unlink instead of rm to delete symbolic link, avoid risk of deleting entire directories in case of syntax error
* spelling mistake corrections
* anonymise URLs
* git also needed as dependencies to run yarn install
- added precisions and suggestions about how to generate Let's Encrypt certificates. Users have reported their installations didn't work when the problem came from missing certificates (false positives).
- security defaults of Nginx follow the basic robustness principle "be conservative in what you send, be liberal in what you accept", which isn't enough with modern security standards, so we should be picky with the cipher suites we use, among other things. Extra comments (especially for the TLS1.3 protocol support parameter) make the requirement of a recent Nginx installation obvious, and the downgrade alternative remains clear to the system administrator.
All in all, we should aknowledge users will most often copy and paste the configuration files. Making them secure by default may force a few users to read their configuration, but on the long run we are making the fediverse more secure.
Since I've come to modify a bit the Nginx config in `support/doc/production.md`, I've merged it with the template so that they stay consistent.
on ubuntu `sudo -u` doesn't set homedirectory of the targeted user althought debian does. it requires the option `-H`. I think with this option it works in both case.
* First pass at a (swarm-compatible) docker image
Uses an existing traefik server as a https reverse proxy.
* Add example config for a Docker swarm deployment
* Point to traefik config for docker compose setup
* Clarify that traefik is needed for the example config
* Use node:8-stretch base image and don't install yarn
(The base image already contains yarn.)
* Initial commit for an Alpine Docker image
* Fix docker volume path
* Merge #213 and #225 and move files around
* Remove unnecessary dependencies from the alpine build
* Update Dockerfiles to match install path, config path, etc.
* Update the configuration in the example compose file
* Update the configuration in the example swarm file
* Remove the declared networks and volumes from the compose example, which are not strictly required
* Update attachment path in the documentation
* Display traefik as a suggestion and not a required dependency
* Update the Docker ignored files
* Fix typos reported in #225
* Move production Dockerfiles to a production directory
* Add the redis configuration settings
* Add Docker files to the dockerignore
* Make the signup limit configurable