[peertube] README update and some environment adjustments before the production.

83b92550 · ppom · 894f1cd8 · 83b92550 · 83b92550 · 83b92550
Commit 83b92550 authored 4 years ago by ppom
--- a/pica-peertube/README.md
+++ b/pica-peertube/README.md
 ## Peertube

-This is a WIP Peertube at picasoft.
-For now, it is based on the upstream docker image.
-Problem is, there are no recent version tags. The only up-to-date tag is a rolling tag.
+Ce dossier contient les fichiers nécessaires pour monter une instance de [PeerTube](https://joinpeertube.org), un service d'hébergement de vidéos libre et fédéré.

+## Configuration
+
+Copier les fichiers de secret en enlevant le `.example` et en mettant à jour les variables dedans avec les bons secrets.
+
+## Lancement
+
+Simplement lancer le fichier compose.
+
+Au premier lancement :
+- L'initialisation est automatique.
+- Elle échoue si PeerTube n'arrive pas à se connecter au serveur SMTP.
+- Le mot de passe root est dans les logs !
+
+## Mise à jour
+
+Pour l'instant (au 12/11/2020), l'image Docker officielle n'a pas de tags de versions à jour.
+Le seul tag à jour est un *rolling* tag, `production-buster`.
+À suivre !
--- a/pica-peertube/docker-compose.yml
+++ b/pica-peertube/docker-compose.yml
@@ -27,7 +27,7 @@ services:
      - ./secrets/peertube-db.secrets
    labels:
      traefik.http.routers.peertube-app.entrypoints: websecure
-      traefik.http.routers.peertube-app.rule: Host(`peertube.test.picasoft.net`)
+      traefik.http.routers.peertube-app.rule: Host(`tube.picasoft.net`)
      traefik.http.services.peertube-app.loadbalancer.server.port: "9000"
      # Added because it is in their upstream traefik.toml
      # (because Peertube permit to view a video hosted by host A on site B)

--- a/pica-peertube/secrets/peertube.secrets.example
+++ b/pica-peertube/secrets/peertube.secrets.example
@@ -15,19 +15,11 @@ PEERTUBE_SMTP_PASSWORD=ChangeMe
 # May be the hostname of your Custom SMTP server
 PEERTUBE_SMTP_HOSTNAME=mail.picasoft.net
 PEERTUBE_SMTP_PORT=587
-PEERTUBE_SMTP_FROM=peertube@.picasoft.net
-PEERTUBE_SMTP_TLS=true
+PEERTUBE_SMTP_FROM=peertube@picasoft.net
+PEERTUBE_SMTP_TLS=false
 PEERTUBE_SMTP_DISABLE_STARTTLS=false
 PEERTUBE_ADMIN_EMAIL=peertube@picasoft.net

-# Postfix service configuration
-POSTFIX_myhostname=picasoft.net
-# If you need to generate a list of sub/DOMAIN keys
-# pass them as a whitespace separated string <DOMAIN>=<selector>
-OPENDKIM_DOMAINS=<MY DOMAIN>=peertube
-# see https://github.com/wader/postfix-relay/pull/18
-OPENDKIM_RequireSafeKeys=no
-
 # /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
 #PEERTUBE_SIGNUP_ENABLED=true
 #PEERTUBE_TRANSCODING_ENABLED=true

--- a/pica-peertube/traefik.upstream.toml
+++ b/pica-peertube/traefik.upstream.toml
-# Peertube's upstream traefix.toml
-
-# Uncomment this line in order to enable debugging through logs
-# debug = true
-defaultEntryPoints = ["http", "https"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-    MinVersion = "VersionTLS12"
-    CurvePreferences = [
-      "CurveP521",
-      "CurveP384",
-      "CurveP256"
-    ]
-    PreferServerCipherSuites = true
-    CipherSuites = [
-      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
-      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
-      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-      "TLS_RSA_WITH_AES_256_GCM_SHA384",
-      "TLS_RSA_WITH_AES_256_CBC_SHA"
-    ]
-    # ppom: Seems important :
-    FrameDeny = false # here we don't want to deny frames since we have an embed
-    STSIncludeSubdomains = true
-    STSSeconds = 315360000
-    STSPreload = true
-    ContentTypeNosniff = true
-    BrowserXssFilter = true
-
-
-# Enable ACME (Let's Encrypt): automatic SSL.
-[acme]
-
-# File or key used for certificates storage.
-#
-# Required
-#
-storage = "/etc/acme.json"
-# or `storage = "traefik/acme/account"` if using KV store.
-
-# Entrypoint to proxy acme apply certificates to.
-# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
-#
-# Required
-#
-entryPoint = "https"
-
-# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
-#
-# Optional but recommend
-#
-[acme.httpChallenge]
-
-  # EntryPoint to use for the challenges.
-  #
-  # Required
-  #
-  entryPoint = "http"