Commit baa6484a authored by ppom's avatar ppom
Browse files

[peertube] improvements on docker compose (picasoft corporate)

parent 9ef0619c
version: "3.3"
networks:
peertube:
ipam:
driver: default
config:
- subnet: 172.18.0.0/16
proxy:
external: true
services:
peertube:
# If you don't want to use the official image and build one from sources
......@@ -13,15 +22,22 @@ services:
# Traefik labels are suggested as an example for people using Traefik,
# remove them if you are using another reverse proxy.
labels:
traefik.http.routers.peertube-app.entrypoints: websecure
traefik.http.routers.peertube-app.rule: Host(`peertube.test.picasoft.net`)
traefik.http.services.peertube-app.loadbalancer.server.port: "9000"
# Added because it is in their upstream traefik.toml
# (because Peertube permit to view a video hosted by host A on site B)
traefik.http.middlewares.peertube-app.headers.framedeny: false
traefik.enable: "true"
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
traefik.port: "9000"
# If you don't want to use a reverse proxy (not suitable for production!)
# ports:
# - "80:9000"
volumes:
- ./docker-volume/data:/data
- ./docker-volume/config:/config
networks:
- peertube
- proxy
depends_on:
- postgres
- redis
......@@ -34,6 +50,8 @@ services:
- .env
volumes:
- ./docker-volume/db:/var/lib/postgresql/data
networks:
- peertube
restart: "always"
labels:
traefik.enable: "false"
......@@ -42,6 +60,8 @@ services:
image: redis:4-alpine
volumes:
- ./docker-volume/redis:/data
networks:
- peertube
restart: "always"
labels:
traefik.enable: "false"
......@@ -52,13 +72,8 @@ services:
- .env
volumes:
- ./docker-volume/opendkim/keys:/etc/opendkim/keys
networks:
- peertube
labels:
traefik.enable: "false"
restart: "always"
networks:
default:
ipam:
driver: default
config:
- subnet: 172.18.0.0/16
# Peertube's upstream traefix.toml
# Uncomment this line in order to enable debugging through logs
# debug = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CurvePreferences = [
"CurveP521",
"CurveP384",
"CurveP256"
]
PreferServerCipherSuites = true
CipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA"
]
# ppom: Seems important :
FrameDeny = false # here we don't want to deny frames since we have an embed
STSIncludeSubdomains = true
STSSeconds = 315360000
STSPreload = true
ContentTypeNosniff = true
BrowserXssFilter = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
# File or key used for certificates storage.
#
# Required
#
storage = "/etc/acme.json"
# or `storage = "traefik/acme/account"` if using KV store.
# Entrypoint to proxy acme apply certificates to.
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#
# Optional but recommend
#
[acme.httpChallenge]
# EntryPoint to use for the challenges.
#
# Required
#
entryPoint = "http"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment