generated from coop-cloud/example
Compare commits
No commits in common. "main" and "95aa921e4e85eefe3861474ad753164bfb63dfb3" have entirely different histories.
main
...
95aa921e4e
24
.drone.yml
24
.drone.yml
|
@ -3,13 +3,10 @@ kind: pipeline
|
|||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: peertube
|
||||
generate_secrets: true
|
||||
networks:
|
||||
- proxy
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
|
@ -17,25 +14,16 @@ steps:
|
|||
DOMAIN: peertube.swarm-test.autonomic.zone
|
||||
STACK_NAME: peertube
|
||||
LETS_ENCRYPT_ENV: production
|
||||
NGINX_CONFIG_VERSION: v1
|
||||
APP_ENTRYPOINT_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
name: recipe release
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
command: recipe peertube release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
|
|
|
@ -42,9 +42,3 @@ SECRET_DB_PASSWORD_VERSION=v1
|
|||
|
||||
## Live stream settings
|
||||
#COMPOSE_FILE="compose.yml:compose.rtmp.yml"
|
||||
|
||||
## Live chat settings
|
||||
#PEERTUBE_LIVE_CHAT_ENABLED=1
|
||||
|
||||
## Healthcheck settings
|
||||
PEERTUBE_LOG_PING_REQUESTS=false
|
||||
|
|
40
README.md
40
README.md
|
@ -6,14 +6,14 @@ An ActivityPub-federated video streaming platform using P2P directly in your web
|
|||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**: 2, beta
|
||||
* **Image**: [`chocobozzz/peertube`](https://hub.docker.com/r/chocobozzz/peertube), 4, upstream
|
||||
* **Healthcheck**: 3
|
||||
* **Backups**: 1
|
||||
* **Email**: 3
|
||||
* **Tests**: No
|
||||
* **SSO**: 1
|
||||
- **Category**: Applications
|
||||
- **Status**: ❷💛
|
||||
- **Image**: [`chocobozzz/peertube`](https://hub.docker.com/r/chocobozzz/peertube), ❷💛, official
|
||||
- **Healthcheck**: ❶💚
|
||||
- **Backups**: ❸🍎
|
||||
- **Email**: ❶💚
|
||||
- **Tests**: ❌
|
||||
- **SSO**: ❸🍎
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
|
@ -22,35 +22,21 @@ An ActivityPub-federated video streaming platform using P2P directly in your web
|
|||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new peertube --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
6. Open the configured domain in your browser to finish set-up
|
||||
|
||||
## Host-mode networking
|
||||
|
||||
To avoid issues with performance, it is recommended to deploy your Traefik instance with:
|
||||
|
||||
```
|
||||
COMPOSE_FILE="compose.yml:compose.host.yml:compose.peertube.yml"
|
||||
```
|
||||
|
||||
This will avoid issues like [`#7`](https://git.coopcloud.tech/coop-cloud/peertube/issues/7).
|
||||
|
||||
## Email
|
||||
|
||||
1. Deploy [`coop-cloud/postfix-relay`] or use an external SMTP relay
|
||||
2. `abra app config YOURAPPDOMAIN`, and uncomment the email lines and adjust as needed
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
2. `abra app YOURAPPDOMAIN config`, and uncomment the email lines and adjust as needed
|
||||
3. `abra app YOURAPPDOMAIN deploy`
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
[`coop-cloud/postfix-relay`]: https://git.autonomic.zone/coop-cloud/postfix-relay
|
||||
|
||||
## Plugins
|
||||
|
||||
- [`peertube-plugin-auth-openid-connect`](https://www.npmjs.com/package/peertube-plugin-auth-openid-connect) is the trusted OAuth2 support plugin (Keycloak integrations works!)
|
||||
|
||||
## Acknowledgements
|
||||
|
||||
Thanks to [@mirsal](https://git.coopcloud.tech/mirsal) for the packaging work :heart:
|
||||
Thanks to [@mirsal](https://git.autonomic.zone/mirsal) for the packaging work :heart:
|
||||
|
|
4
abra.sh
4
abra.sh
|
@ -1,7 +1,7 @@
|
|||
# shellcheck disable=SC2034,SC2145
|
||||
|
||||
export NGINX_CONFIG_VERSION=v4
|
||||
export APP_ENTRYPOINT_VERSION=v6
|
||||
export NGINX_CONFIG_VERSION=v2
|
||||
export APP_ENTRYPOINT_VERSION=v1
|
||||
|
||||
sub_npm() {
|
||||
abra__service_="app"
|
||||
|
|
68
compose.yml
68
compose.yml
|
@ -1,9 +1,7 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.26.0
|
||||
image: nginx:1.20.0
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
|
@ -24,41 +22,27 @@ services:
|
|||
configs:
|
||||
- source: nginx_config
|
||||
target: /etc/nginx/nginx.conf
|
||||
healthcheck:
|
||||
test: curl -f http://app:9000/v1/api/ping || exit 1
|
||||
interval: 5s
|
||||
timeout: 3s
|
||||
retries: 20
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
rollback_config:
|
||||
order: start-first
|
||||
restart_policy:
|
||||
max_attempts: 10
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
- coop-cloud.${STACK_NAME}.web.version=1.20.0-ea4560b8
|
||||
app:
|
||||
image: chocobozzz/peertube:v5.2.1-bullseye
|
||||
image: chocobozzz/peertube:v3.2.1-buster
|
||||
environment:
|
||||
- PEERTUBE_ADMIN_EMAIL
|
||||
- PEERTUBE_CONTACT_FORM_ENABLED
|
||||
- PEERTUBE_DB_HOSTNAME=db
|
||||
- PEERTUBE_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- PEERTUBE_DB_PORT=5432
|
||||
- PEERTUBE_DB_USERNAME=peertube
|
||||
- PEERTUBE_LIVE_CHAT_ENABLED
|
||||
- PEERTUBE_LOG_PING_REQUESTS
|
||||
- PEERTUBE_REDIS_HOSTNAME=cache
|
||||
- PEERTUBE_SIGNUP_ENABLED
|
||||
- PEERTUBE_SMTP_ENABLED
|
||||
- PEERTUBE_TRANSCODING_ENABLED
|
||||
- PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.16.0.0/12", "10.0.0.0/8"]
|
||||
- PEERTUBE_WEBSERVER_HOSTNAME=${DOMAIN}
|
||||
|
@ -67,26 +51,25 @@ services:
|
|||
volumes:
|
||||
- app-data:/data
|
||||
- app-config:/config
|
||||
- app-assets:/srv/client/dist
|
||||
- app-assets:/app/client/dist
|
||||
secrets:
|
||||
- db_password
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
command: node dist/server
|
||||
command: npm start
|
||||
healthcheck:
|
||||
test: curl -f http://localhost:9000/v1/api/ping || exit 1
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 20
|
||||
test: 'nodejs -e "http.get(''http://localhost:9000/api/v1/ping'', (res) => { console.log(''status: '', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });"'
|
||||
interval: 1m
|
||||
timeout: 30s
|
||||
retries: 3
|
||||
start_period: 1m
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=4.1.0+v5.2.1-bullseye"
|
||||
|
||||
labels: ["coop-cloud.${STACK_NAME}.app.version=v3.2.1-buster-e4f797ee"]
|
||||
db:
|
||||
image: postgres:10-alpine
|
||||
environment:
|
||||
|
@ -99,29 +82,23 @@ services:
|
|||
- postgres-data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: pg_isready -U peertube
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels: ['coop-cloud.${STACK_NAME}.db.version=10-alpine-131220fe']
|
||||
cache:
|
||||
image: redis:7-alpine
|
||||
image: redis:4-alpine
|
||||
volumes:
|
||||
- redis-data:/data
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: redis-cli ping
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
|
||||
deploy:
|
||||
labels: ['coop-cloud.${STACK_NAME}.cache.version=4-alpine-aaf7c123']
|
||||
networks:
|
||||
internal:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
app-data:
|
||||
app-config:
|
||||
|
@ -130,7 +107,6 @@ volumes:
|
|||
nginx-cache:
|
||||
postgres-data:
|
||||
redis-data:
|
||||
|
||||
configs:
|
||||
nginx_config:
|
||||
name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
|
||||
|
@ -138,9 +114,7 @@ configs:
|
|||
template_driver: golang
|
||||
app_entrypoint:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
file: entrypoint.sh
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
|
|
|
@ -24,20 +24,11 @@ file_env() {
|
|||
unset "$fileVar"
|
||||
}
|
||||
|
||||
export PEERTUBE_DB_PASSWORD=$(cat /run/secrets/db_password)
|
||||
file_env "PEERTUBE_DB_PASSWORD"
|
||||
|
||||
{{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }}
|
||||
file_env "PEERTUBE_SMTP_PASSWORD"
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "PEERTUBE_LIVE_CHAT_ENABLED") "1" }}
|
||||
apt -y update && apt install -y prosody && apt -y clean
|
||||
mkdir -p /run/prosody && chown prosody:prosody /run/prosody
|
||||
{{ end }}
|
||||
|
||||
# Copy the client files over to a named volume
|
||||
# so that they may be served by nginx directly
|
||||
cp -ar /app/client/dist /srv/client
|
||||
if [ -z "$PEERTUBE_SMTP_ENABLED" ]; then
|
||||
file_env "PEERTUBE_SMTP_PASSWORD"
|
||||
fi
|
||||
|
||||
# upstream entrypoint
|
||||
# https://github.com/Chocobozzz/PeerTube/blob/66f77f63437c6774acbd72584a9839a7636ea167/support/docker/production/entrypoint.sh
|
|
@ -170,21 +170,6 @@ http {
|
|||
try_files $uri @api;
|
||||
}
|
||||
|
||||
# Plugin websocket routes
|
||||
location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
|
||||
# We can't rate limit a try_files directive, so we need to duplicate @api
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_limit_rate 5M;
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
||||
limit_rate_after 5M;
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
This major release went fairly smoothly, there are 2 post-migration steps which
|
||||
are listed on the release notes:
|
||||
|
||||
https://github.com/Chocobozzz/PeerTube/releases/tag/v4.0.0
|
||||
|
||||
However, you need to do the second part first, adding additional config options
|
||||
and/or changing the old ones. When you try to run the data migration, it'll
|
||||
error out telling you which one you need to deal with, so that will help to guide.
|
||||
|
||||
Here's what I did:
|
||||
|
||||
abra app run tv.lumbung.space app bash
|
||||
apt update && apt install vim
|
||||
vi /config/production.yml # change options
|
||||
|
||||
Then, in another shell:
|
||||
|
||||
abra app run --user peertube tv.lumbung.space app bash
|
||||
|
||||
export NODE_CONFIG_DIR=/config
|
||||
export NODE_ENV=production
|
||||
export PEERTUBE_DB_PASSWORD=$(cat /run/secrets/db_password)
|
||||
node dist/scripts/migrations/peertube-4.0.js
|
||||
|
||||
After, this I ran a restart of the app service, and things went fine.
|
||||
|
||||
abra app restart tv.lumbung.space app
|
|
@ -1,4 +0,0 @@
|
|||
Redis needs to be ugpraded to >= 6 and you can't downgrade afterwards, so
|
||||
beware!
|
||||
|
||||
-- @decentral1se / Autonomic
|
|
@ -1,14 +0,0 @@
|
|||
This will break your deployment!
|
||||
You need to add new lines to /config/production.yaml as shown here:
|
||||
https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L14
|
||||
https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L153
|
||||
|
||||
you can do that from the host as the file is inside a volume. It should be in /var/lib/docker/volumes/<peertube stack name>_app-config/_data/production.yaml on your host machine. It's important to save the secret that you're putting in the file somewhere else, as the container has write access to the file, and it's possible it could overwrite it, causing the secret to disappear. We don't know what happens to your data if you lose that secret.
|
||||
|
||||
You'll also have to run a migration as described in https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0
|
||||
|
||||
abra app run <app name> app bash -u peertube
|
||||
and when inside the container:
|
||||
node dist/scripts/migrations/peertube-5.0.js
|
||||
|
||||
knoflook & decentralise @ Autonomic Co-op
|
Loading…
Reference in New Issue