Commit 83b92550 authored by ppom's avatar ppom

[peertube] README update and some environment adjustments before the production.

parent 894f1cd8
## Peertube
This is a WIP Peertube at picasoft.
For now, it is based on the upstream docker image.
Problem is, there are no recent version tags. The only up-to-date tag is a rolling tag.
Ce dossier contient les fichiers nécessaires pour monter une instance de [PeerTube](https://joinpeertube.org), un service d'hébergement de vidéos libre et fédéré.
## Configuration
Copier les fichiers de secret en enlevant le `.example` et en mettant à jour les variables dedans avec les bons secrets.
## Lancement
Simplement lancer le fichier compose.
Au premier lancement :
- L'initialisation est automatique.
- Elle échoue si PeerTube n'arrive pas à se connecter au serveur SMTP.
- Le mot de passe root est dans les logs !
## Mise à jour
Pour l'instant (au 12/11/2020), l'image Docker officielle n'a pas de tags de versions à jour.
Le seul tag à jour est un *rolling* tag, `production-buster`.
À suivre !
......@@ -27,7 +27,7 @@ services:
- ./secrets/peertube-db.secrets
labels:
traefik.http.routers.peertube-app.entrypoints: websecure
traefik.http.routers.peertube-app.rule: Host(`peertube.test.picasoft.net`)
traefik.http.routers.peertube-app.rule: Host(`tube.picasoft.net`)
traefik.http.services.peertube-app.loadbalancer.server.port: "9000"
# Added because it is in their upstream traefik.toml
# (because Peertube permit to view a video hosted by host A on site B)
......
......@@ -15,19 +15,11 @@ PEERTUBE_SMTP_PASSWORD=ChangeMe
# May be the hostname of your Custom SMTP server
PEERTUBE_SMTP_HOSTNAME=mail.picasoft.net
PEERTUBE_SMTP_PORT=587
PEERTUBE_SMTP_FROM=peertube@.picasoft.net
PEERTUBE_SMTP_TLS=true
PEERTUBE_SMTP_FROM=peertube@picasoft.net
PEERTUBE_SMTP_TLS=false
PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=peertube@picasoft.net
# Postfix service configuration
POSTFIX_myhostname=picasoft.net
# If you need to generate a list of sub/DOMAIN keys
# pass them as a whitespace separated string <DOMAIN>=<selector>
OPENDKIM_DOMAINS=<MY DOMAIN>=peertube
# see https://github.com/wader/postfix-relay/pull/18
OPENDKIM_RequireSafeKeys=no
# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
#PEERTUBE_SIGNUP_ENABLED=true
#PEERTUBE_TRANSCODING_ENABLED=true
......
# Peertube's upstream traefix.toml
# Uncomment this line in order to enable debugging through logs
# debug = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CurvePreferences = [
"CurveP521",
"CurveP384",
"CurveP256"
]
PreferServerCipherSuites = true
CipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA"
]
# ppom: Seems important :
FrameDeny = false # here we don't want to deny frames since we have an embed
STSIncludeSubdomains = true
STSSeconds = 315360000
STSPreload = true
ContentTypeNosniff = true
BrowserXssFilter = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
# File or key used for certificates storage.
#
# Required
#
storage = "/etc/acme.json"
# or `storage = "traefik/acme/account"` if using KV store.
# Entrypoint to proxy acme apply certificates to.
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#
# Optional but recommend
#
[acme.httpChallenge]
# EntryPoint to use for the challenges.
#
# Required
#
entryPoint = "http"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment