Valentin Lab
6 years ago
15 changed files with 706 additions and 0 deletions
-
2apache/lib/common
-
94peertube/README.org
-
20peertube/build/.env
-
100peertube/build/Dockerfile
-
26peertube/build/dbname.patch
-
73peertube/build/docker-compose.yml
-
87peertube/hooks/init
-
25peertube/hooks/postgres_database-relation-joined
-
24peertube/hooks/redis_database-relation-joined
-
22peertube/hooks/web_proxy-relation-joined
-
135peertube/metadata.yml
-
18redis/build/Dockerfile
-
59redis/hooks/init
-
12redis/hooks/redis_database-relation-joined
-
9redis/metadata.yml
@ -0,0 +1,94 @@ |
|||
#+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d |
|||
#+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d |
|||
#+PROPERTY: header-args:python :var filename=(buffer-file-name) |
|||
#+PROPERTY: header-args:sh :var filename=(buffer-file-name) |
|||
#+TODO: TODO WIP BLOCKED | DONE CANCELED |
|||
#+LATEX_HEADER: \usepackage[margin=0.5in]{geometry} |
|||
#+LaTeX_CLASS: article |
|||
#+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc |
|||
#+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort) |
|||
|
|||
#+begin_LaTeX |
|||
\hypersetup{ |
|||
linkcolor=blue, |
|||
pdfborder={0 0 0 0} |
|||
} |
|||
#+end_LaTeX |
|||
|
|||
#+TITLE: Peertube charm management |
|||
|
|||
#+LATEX: \pagebreak |
|||
|
|||
Keep information related to the usage and the development of the charm. |
|||
|
|||
#+LATEX: \pagebreak |
|||
|
|||
#+LATEX: \pagebreak |
|||
|
|||
* Todos |
|||
|
|||
** TODO Logrotatability |
|||
|
|||
Peertube uses ``winston`` nodejs logging mecanism, and has what I |
|||
understand, hard-written transports to file: |
|||
|
|||
Content of =server/helpers/logger.ts= |
|||
#+BEGIN_SRC ts |
|||
... |
|||
const logger = winston.createLogger({ |
|||
level: CONFIG.LOG.LEVEL, |
|||
format: winston.format.combine( |
|||
labelFormatter, |
|||
winston.format.splat() |
|||
), |
|||
transports: [ |
|||
new winston.transports.File({ |
|||
filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube.log'), |
|||
handleExceptions: true, |
|||
maxsize: 1024 * 1024 * 12, |
|||
maxFiles: 5, |
|||
format: winston.format.combine( |
|||
winston.format.timestamp(), |
|||
jsonLoggerFormat |
|||
) |
|||
}), |
|||
new winston.transports.Console({ |
|||
handleExceptions: true, |
|||
format: winston.format.combine( |
|||
timestampFormatter, |
|||
winston.format.colorize(), |
|||
consoleLoggerFormat |
|||
) |
|||
}) |
|||
], |
|||
exitOnError: true |
|||
}) |
|||
|
|||
#+END_SRC |
|||
|
|||
This will ensure some part of the rotation. Which is bad. |
|||
|
|||
We don't want peertube to manage the logs. So depending on what we |
|||
want to do in the future with the managing of logs, I'll need to patch |
|||
peertube to probably use only stdout, and/or send it to rsyslog. |
|||
|
|||
For now, situation of log rotation with all charm is using logrotate, |
|||
but I know this might not be the perfect solution as I'd like to stick |
|||
to =logs are streams=, and avoid having to find mecanism of reloading |
|||
application after rotation. |
|||
|
|||
A good solution would be to use the stdout/stderr of the application, |
|||
and have a generic solution using ``docker logs`` json output. |
|||
** TODO changing root password |
|||
|
|||
This will probably require also a patch, as the password is set for |
|||
user 'root' automatically and is to be read in the logs (duh !). |
|||
|
|||
We can't initialise the application (and ask for postgres table, and |
|||
root user to be created, then quit). So we can't do that in the |
|||
=hooks/init= script in a reasonable manner. |
|||
|
|||
There is a special ``npm run reset-password`` with odd arguments that |
|||
can reset root password, only if database already populated. |
|||
|
|||
I need a patch to simply set password from base server configuration. |
@ -0,0 +1,20 @@ |
|||
PEERTUBE_DB_USERNAME=postgres_user |
|||
PEERTUBE_DB_PASSWORD=postgres_password |
|||
PEERTUBE_WEBSERVER_HOSTNAME=domain.tld |
|||
PEERTUBE_WEBSERVER_PORT=443 |
|||
PEERTUBE_WEBSERVER_HTTPS=true |
|||
# If you need more than one IP as trust_proxy |
|||
# pass them as a comma separated array: |
|||
PEERTUBE_TRUST_PROXY=["127.0.0.1"] |
|||
#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"] |
|||
PEERTUBE_SMTP_USERNAME= |
|||
PEERTUBE_SMTP_PASSWORD= |
|||
PEERTUBE_SMTP_HOSTNAME=postfix |
|||
PEERTUBE_SMTP_PORT=25 |
|||
PEERTUBE_SMTP_FROM=noreply@domain.tld |
|||
PEERTUBE_SMTP_TLS=true |
|||
PEERTUBE_SMTP_DISABLE_STARTTLS=false |
|||
PEERTUBE_ADMIN_EMAIL=admin@domain.tld |
|||
# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ |
|||
#PEERTUBE_SIGNUP_ENABLED=true |
|||
#PEERTUBE_TRANSCODING_ENABLED=true |
@ -0,0 +1,100 @@ |
|||
FROM alpine:3.7 AS common |
|||
|
|||
RUN apk add gnupg ffmpeg |
|||
|
|||
# Add peertube user |
|||
RUN addgroup -S peertube && \ |
|||
adduser -S -G peertube -h /var/lib/peertube peertube |
|||
|
|||
|
|||
FROM common AS builder |
|||
|
|||
## |
|||
## Download target release |
|||
## |
|||
|
|||
ENV PEERTUBE_RELEASE=v1.1.0 |
|||
|
|||
|
|||
RUN apk add wget |
|||
COPY ./*.patch /tmp |
|||
RUN mkdir -p /opt/apps/peertube && \ |
|||
cd /opt/apps/peertube && \ |
|||
wget https://github.com/Chocobozzz/PeerTube/releases/download/${PEERTUBE_RELEASE}/peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
|||
tar -xJf peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
|||
rm peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
|||
mv peertube-${PEERTUBE_RELEASE}/* . && \ |
|||
rmdir peertube-${PEERTUBE_RELEASE} && \ |
|||
cat /tmp/*.patch | patch -p1 && \ |
|||
mkdir -p /etc/peertube /var/lib/peertube && \ |
|||
ln -sf /var/lib/peertube /opt/apps/peertube/storage |
|||
|
|||
RUN apk add yarn ## Build command |
|||
RUN apk add git build-base python bash ## Build deps |
|||
|
|||
RUN chown -R peertube:peertube /opt/apps/peertube |
|||
|
|||
USER peertube |
|||
|
|||
RUN cd /opt/apps/peertube && \ |
|||
yarn install --production --pure-lockfile && \ |
|||
yarn cache clean |
|||
|
|||
## XXXvlab: without this in current docker version, it'll |
|||
## permeate in next image to be built. |
|||
USER root |
|||
|
|||
# RUN apk add nodejs yarn |
|||
# |
|||
## Source build (very long) |
|||
# |
|||
# ## To download source |
|||
# RUN apk add git |
|||
# RUN git clone https://github.com/chocobozzz/PeerTube /tmp/peertube --depth 1 |
|||
|
|||
# ## for installation of dependencies |
|||
# RUN apk add build-base python |
|||
# RUN cd /tmp/peertube && \ |
|||
# yarn install --pure-lockfile |
|||
|
|||
# ## for scripts run by ``npm run build`` |
|||
# RUN apk add bash |
|||
# RUN cd /tmp/peertube && \ |
|||
# npm run build |
|||
|
|||
# RUN cd /tmp/peertube && \ |
|||
# rm -r ./node_modules ./client/node_modules && \ |
|||
# yarn install --pure-lockfile --production && \ |
|||
# yarn cache clean |
|||
|
|||
|
|||
FROM common |
|||
|
|||
# Install PeerTube |
|||
COPY --from=builder /opt/apps/peertube /opt/apps/peertube |
|||
|
|||
|
|||
# RUN mkdir -p /var/lib/peertube /etc/peertube && \ |
|||
# chown -R peertube:peertube /var/lib/peertube /etc/peertube |
|||
|
|||
# ENV PEERTUBE_APP_DIR=/opt/apps/peertube |
|||
# ENV PEERTUBE_DATA_DIR=/var/lib/peertube |
|||
|
|||
## This is important to set config dir of peertube |
|||
ENV NODE_CONFIG_DIR=/etc/peertube |
|||
ENV NODE_ENV=prod |
|||
|
|||
VOLUME /var/lib/peertube |
|||
VOLUME /etc/peertube |
|||
|
|||
EXPOSE 9000 |
|||
|
|||
RUN apk add nodejs-npm |
|||
|
|||
## runtime deps |
|||
RUN apk add openssl |
|||
|
|||
USER peertube |
|||
WORKDIR /opt/apps/peertube |
|||
|
|||
CMD ["npm", "start"] |
@ -0,0 +1,26 @@ |
|||
diff --git a/dist/server/initializers/checker-before-init.js b/dist/server/initializers/checker-before-init.js
|
|||
index 7ff18d0..c75dff2 100644
|
|||
--- a/dist/server/initializers/checker-before-init.js
|
|||
+++ b/dist/server/initializers/checker-before-init.js
|
|||
@@ -15,7 +15,7 @@ function checkMissedConfig() {
|
|||
const required = ['listen.port', 'listen.hostname', |
|||
'webserver.https', 'webserver.hostname', 'webserver.port', |
|||
'trust_proxy', |
|||
- 'database.hostname', 'database.port', 'database.suffix', 'database.username', 'database.password', 'database.pool.max',
|
|||
+ 'database.hostname', 'database.port', 'database.dbname', 'database.username', 'database.password', 'database.pool.max',
|
|||
'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', |
|||
'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', |
|||
'log.level', |
|||
diff --git a/dist/server/initializers/constants.js b/dist/server/initializers/constants.js
|
|||
index d5a3350..7efaabd 100644
|
|||
--- a/dist/server/initializers/constants.js
|
|||
+++ b/dist/server/initializers/constants.js
|
|||
@@ -143,7 +143,7 @@ const CONFIG = {
|
|||
HOSTNAME: config.get('listen.hostname') |
|||
}, |
|||
DATABASE: { |
|||
- DBNAME: 'peertube' + config.get('database.suffix'),
|
|||
+ DBNAME: config.get('database.dbname'),
|
|||
HOSTNAME: config.get('database.hostname'), |
|||
PORT: config.get('database.port'), |
|||
USERNAME: config.get('database.username'), |
@ -0,0 +1,73 @@ |
|||
version: "3.3" |
|||
|
|||
services: |
|||
|
|||
reverse-proxy: |
|||
image: traefik |
|||
command: --docker # Tells Træfik to listen to docker |
|||
ports: |
|||
- "80:80" # The HTTP port |
|||
- "443:443" # The HTTPS port |
|||
volumes: |
|||
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events |
|||
- ./docker-volume/traefik/acme.json:/etc/acme.json |
|||
- ./docker-volume/traefik/traefik.toml:/traefik.toml |
|||
restart: "always" |
|||
# If you want to use the Traefik dashboard, you should expose it on a |
|||
# subdomain with HTTPS and authentification: |
|||
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f |
|||
# https://github.com/containous/traefik/issues/880#issuecomment-310301168 |
|||
|
|||
peertube: |
|||
# If you don't want to use the official image and build one from sources |
|||
# build: |
|||
# context: . |
|||
# dockerfile: ./support/docker/production/Dockerfile.stretch |
|||
image: chocobozzz/peertube:production-stretch |
|||
env_file: |
|||
- .env |
|||
# Traefik labels are suggested as an example for people using Traefik, |
|||
# remove them if you are using another reverse proxy. |
|||
labels: |
|||
traefik.enable: "true" |
|||
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" |
|||
traefik.port: "9000" |
|||
# If you don't want to use a reverse proxy (not suitable for production!) |
|||
# ports: |
|||
# - "80:9000" |
|||
volumes: |
|||
- ./docker-volume/data:/data |
|||
- ./docker-volume/config:/config |
|||
depends_on: |
|||
- postgres |
|||
- redis |
|||
- postfix |
|||
restart: "always" |
|||
|
|||
postgres: |
|||
image: postgres:10-alpine |
|||
environment: |
|||
POSTGRES_USER: ${PEERTUBE_DB_USERNAME} |
|||
POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD} |
|||
POSTGRES_DB: peertube |
|||
volumes: |
|||
- ./docker-volume/db:/var/lib/postgresql/data |
|||
restart: "always" |
|||
labels: |
|||
traefik.enable: "false" |
|||
|
|||
redis: |
|||
image: redis:4-alpine |
|||
volumes: |
|||
- ./docker-volume/redis:/data |
|||
restart: "always" |
|||
labels: |
|||
traefik.enable: "false" |
|||
|
|||
postfix: |
|||
image: mwader/postfix-relay |
|||
environment: |
|||
- POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} |
|||
labels: |
|||
traefik.enable: "false" |
|||
restart: "always" |
@ -0,0 +1,87 @@ |
|||
#!/bin/bash |
|||
|
|||
## Init is run on host |
|||
## For now it is run every time the script is launched, but |
|||
## it should be launched only once after build. |
|||
|
|||
## Accessible variables are: |
|||
## - SERVICE_NAME Name of current service |
|||
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
|||
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
|||
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
|||
|
|||
set -e |
|||
|
|||
peertube_uid=$(docker_get_uid "$SERVICE_NAME" "peertube") |
|||
|
|||
PEERTUBE_APP_DIR=/opt/apps/peertube |
|||
PEERTUBE_DATA_DIR=/var/lib/peertube |
|||
PEERTUBE_LOG_DIR=/var/log/peertube |
|||
PEERTUBE_CACHE_DIR=/var/cache/peertube |
|||
PEERTUBE_CONFIG_DIR=/etc/peertube |
|||
|
|||
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
|||
HOST_DATA_DIR=$SERVICE_DATASTORE/$PEERTUBE_DATA_DIR |
|||
|
|||
|
|||
mkdir -p "$HOST_CONFIG_DIR" |
|||
|
|||
## Always copy default and custom env configuration file, in cases where new keys were added |
|||
ln -sf "$PEERTUBE_APP_DIR"/config/default.yaml "$HOST_CONFIG_DIR" |
|||
|
|||
|
|||
cat <<EOF > "$HOST_CONFIG_DIR/local.yaml" |
|||
|
|||
listen: |
|||
hostname: '0.0.0.0' |
|||
port: 9000 |
|||
|
|||
storage: |
|||
|
|||
avatars: '$PEERTUBE_DATA_DIR/avatars/' |
|||
videos: '$PEERTUBE_DATA_DIR/videos/' |
|||
redundancy: '$PEERTUBE_DATA_DIR/redundancy/' |
|||
previews: '$PEERTUBE_DATA_DIR/previews/' |
|||
thumbnails: '$PEERTUBE_DATA_DIR/thumbnails/' |
|||
torrents: '$PEERTUBE_DATA_DIR/torrents/' |
|||
captions: '$PEERTUBE_DATA_DIR/captions/' |
|||
|
|||
logs: '/var/log/peertube/' |
|||
|
|||
cache: '/var/cache/peertube/' |
|||
tmp: '/var/tmp/peertube/' |
|||
|
|||
EOF |
|||
|
|||
|
|||
VALID_SECTION=( |
|||
instance services import transcoding |
|||
user signup admin cache redundancy |
|||
trending search log |
|||
) |
|||
for section in "${VALID_SECTION[@]}"; do |
|||
if val=$(options-get "$section" 2>/dev/null); then |
|||
yaml_key_val_str "$section" "$val" |
|||
fi |
|||
done >> "$HOST_CONFIG_DIR/local.yaml" |
|||
|
|||
if ! [ -e "$HOST_DATA_DIR/config.json" ]; then |
|||
touch "$HOST_DATA_DIR/config.json" |
|||
fi |
|||
|
|||
ln -sf "$PEERTUBE_DATA_DIR"/config.json "$HOST_CONFIG_DIR/local-prod.json" |
|||
|
|||
|
|||
dirs=(/var/tmp/peertube /var/cache/peertube |
|||
"$PEERTUBE_CACHE_DIR" "$PEERTUBE_LOG_DIR" "$PEERTUBE_DATA_DIR") |
|||
host_dirs=() |
|||
for dir in "${dirs[@]}"; do |
|||
host_dirs+=("$SERVICE_DATASTORE$dir") |
|||
done |
|||
|
|||
mkdir -p "${host_dirs[@]}" |
|||
find "${host_dirs[@]}" \! -user "$peertube_uid" \ |
|||
-exec chown -v "$peertube_uid" {} + || true |
|||
|
|||
|
|||
true |
@ -0,0 +1,25 @@ |
|||
#!/bin/bash |
|||
|
|||
set -e |
|||
|
|||
PEERTUBE_CONFIG_DIR=/etc/peertube |
|||
|
|||
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
|||
|
|||
PASSWORD="$(relation-get password)" |
|||
USER="$(relation-get user)" |
|||
DBNAME="$(relation-get dbname)" |
|||
|
|||
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
|||
|
|||
database: |
|||
hostname: '$TARGET_SERVICE_NAME' |
|||
## We had to patch peertube to have a direct dbname (doh!) |
|||
dbname: '$DBNAME' |
|||
port: 5432 |
|||
username: '$USER' |
|||
password: '$PASSWORD' |
|||
|
|||
EOF |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,24 @@ |
|||
#!/bin/bash |
|||
|
|||
set -e |
|||
|
|||
PEERTUBE_CONFIG_DIR=/etc/peertube |
|||
|
|||
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
|||
|
|||
password=$(relation-get password) || { |
|||
err "Can't get password for '$SERVICE_NAME' from '$TARGET_SERVICE_NAME'." |
|||
exit 1 |
|||
} |
|||
|
|||
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
|||
|
|||
## XXXvlab: to be added by redis relation |
|||
redis: |
|||
hostname: '$TARGET_SERVICE_NAME' |
|||
port: 6379 |
|||
auth: $password |
|||
|
|||
EOF |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,22 @@ |
|||
#!/bin/bash |
|||
|
|||
set -e |
|||
|
|||
PEERTUBE_CONFIG_DIR=/etc/peertube |
|||
|
|||
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
|||
|
|||
domain=$(relation-get domain) || { |
|||
err "Can't get domain value." |
|||
exit 1 |
|||
} |
|||
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
|||
|
|||
webserver: |
|||
https: true |
|||
hostname: '$domain' |
|||
port: 443 |
|||
|
|||
EOF |
|||
|
|||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,135 @@ |
|||
description: "PeerTube Server" |
|||
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" |
|||
## XXXvlab: docker uses the 'build' directory or the 'image:' option here. |
|||
#docker-image: chocobozzz/peertube:production-stretch ## YYY: to save in our docker-registry |
|||
data-resources: |
|||
- /var/lib/peertube |
|||
- /var/log/peertube |
|||
- /var/cache/peertube |
|||
config-resources: |
|||
- /etc/peertube |
|||
|
|||
## XXXvlab: options here are the one provided to the server as |
|||
## defaults BUT that can be changed from within the web |
|||
## interface. |
|||
default-options: |
|||
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag |
|||
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. |
|||
# Please, do not disable transcoding since many uploaded videos will not work |
|||
transcoding: |
|||
enabled: true |
|||
threads: 1 |
|||
resolutions: # Only created if the original video has a higher resolution, uses more storage! |
|||
240p: true |
|||
360p: true |
|||
480p: true |
|||
720p: true |
|||
1080p: true |
|||
|
|||
import: |
|||
# Add ability for your users to import remote videos (from YouTube, torrent...) |
|||
videos: |
|||
http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html |
|||
enabled: true |
|||
torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) |
|||
enabled: true |
|||
|
|||
signup: |
|||
enabled: true |
|||
|
|||
|
|||
uses: |
|||
postgres-database: |
|||
constraint: required |
|||
auto: summon |
|||
solves: |
|||
database: "main storage" |
|||
default-options: |
|||
extensions: |
|||
- pg_trgm |
|||
- unaccent |
|||
redis-database: |
|||
constraint: required |
|||
auto: summon |
|||
solves: |
|||
database: "short time storage" |
|||
# log-rotate: |
|||
# constraint: recommended |
|||
# auto: pair |
|||
# solves: |
|||
# disk-leak: "/var/log/peertube" |
|||
web-proxy: |
|||
constraint: required |
|||
auto: pair |
|||
solves: |
|||
proxy: "Public access" |
|||
default-options: |
|||
apache-custom-rules: |
|||
- | |
|||
## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7 |
|||
|
|||
Protocols h2 http/1.1 |
|||
|
|||
# HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly) |
|||
#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" |
|||
|
|||
Header always set X-Content-Type-Options nosniff |
|||
Header always set X-Robots-Tag none |
|||
Header always set X-XSS-Protection "1; mode=block" |
|||
|
|||
# Hard limit, PeerTube does not support videos > 4GB |
|||
LimitRequestBody 4294967294 |
|||
|
|||
# Set caching on assets for 1 year |
|||
<FilesMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$> |
|||
Header append Cache-Control "public, max-age=31536000, immutable" |
|||
</FilesMatch> |
|||
AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1 |
|||
|
|||
# Set caching on image files for 1 year |
|||
<FilesMatch ^/static/(thumbnails|avatars)/(.*)$> |
|||
Header append Cache-Control "public, max-age=31536000, immutable" |
|||
</FilesMatch> |
|||
AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2 |
|||
|
|||
# Bypass PeerTube webseed route for better performances |
|||
Alias /static/webseed /var/www/peertube/storage/videos |
|||
<Location /static/webseed> |
|||
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client |
|||
SetOutputFilter RATE_LIMIT |
|||
SetEnv rate-limit 800 |
|||
|
|||
SetEnvIf Request_Method "GET" GETMETH=1 |
|||
|
|||
Header set Access-Control-Allow-Origin "*" env=GETMETH |
|||
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH |
|||
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH |
|||
Header set toto "foo" env=GETMETH |
|||
SetEnvIf GETMETH "1" dontlog |
|||
|
|||
SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1 |
|||
|
|||
Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH |
|||
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH |
|||
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH |
|||
Header set Access-Control-Max-Age "1000" env=OPTIONSMETH |
|||
Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH |
|||
Header set Content-Length "0" env=OPTIONSMETH |
|||
</Location> |
|||
|
|||
<Location /videos/embed> |
|||
Header unset X-Frame-Options |
|||
</Location> |
|||
|
|||
ProxyPreserveHost On |
|||
ProxyRequests On |
|||
ProxyTimeout 600 |
|||
|
|||
# Websocket tracker |
|||
RewriteEngine On |
|||
RewriteCond %{HTTP:Upgrade} websocket [NC] |
|||
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L] |
|||
|
|||
# <Location /> |
|||
# ProxyPass http://127.0.0.1:9000/ |
|||
# </Location> |
@ -0,0 +1,18 @@ |
|||
## is a simple copy of postgres:10-alpine |
|||
FROM docker.0k.io/alpine:3.7 as common |
|||
|
|||
RUN apk add redis |
|||
|
|||
RUN mkdir -p /var/lib/redis |
|||
RUN chown -R redis:redis /var/lib/redis |
|||
|
|||
RUN echo -e "include /etc/redis-local.conf\n" >> /etc/redis.conf |
|||
|
|||
VOLUME ["/var/lib/redis"] |
|||
|
|||
# Expose the ports for redis |
|||
EXPOSE 6379 |
|||
|
|||
USER redis |
|||
|
|||
ENTRYPOINT ["redis-server", "/etc/redis.conf"] |
@ -0,0 +1,59 @@ |
|||
#!/bin/bash |
|||
|
|||
## Init is run on host |
|||
## For now it is run every time the script is launched, but |
|||
## it should be launched only once after build. |
|||
|
|||
## Accessible variables are: |
|||
## - SERVICE_NAME Name of current service |
|||
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
|||
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
|||
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
|||
|
|||
set -e |
|||
|
|||
uid=$(docker_get_uid "$SERVICE_NAME" "redis") |
|||
|
|||
CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf |
|||
|
|||
PASSWORD=$(options-get password 2>/dev/null) || { |
|||
if [ -e "$CONFIG" ]; then |
|||
PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') |
|||
fi |
|||
if [ -z "$ADMIN_PASSWORD" ]; then |
|||
info "Generating odoo admin password" |
|||
PASSWORD=$(gen_password 64) |
|||
fi |
|||
} |
|||
|
|||
|
|||
|
|||
mkdir -p "$(dirname "$CONFIG")" |
|||
cat <<EOF > "$CONFIG" |
|||
daemonize no |
|||
loglevel notice |
|||
logfile "" |
|||
bind 0.0.0.0 |
|||
requirepass $PASSWORD |
|||
|
|||
EOF |
|||
chown -v "$uid" "$CONFIG" |
|||
|
|||
|
|||
dirs=(/var/log/redis /var/lib/redis) |
|||
host_dirs=() |
|||
for dir in "${dirs[@]}"; do |
|||
host_dirs+=("$SERVICE_DATASTORE$dir") |
|||
done |
|||
|
|||
mkdir -p "${host_dirs[@]}" |
|||
find "${host_dirs[@]}" \! -user "$uid" \ |
|||
-exec chown -v "$uid" {} + || true |
|||
|
|||
|
|||
config_hash=$(cat "$CONFIG" | md5_compat) || exit 1 |
|||
init-config-add " |
|||
$MASTER_BASE_SERVICE_NAME: |
|||
labels: |
|||
- compose.config_hash=$config_hash |
|||
" |
@ -0,0 +1,12 @@ |
|||
#!/bin/bash |
|||
|
|||
|
|||
CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf |
|||
|
|||
set -e |
|||
|
|||
PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') |
|||
|
|||
relation-set password "$PASSWORD" |
|||
|
|||
true |
@ -0,0 +1,9 @@ |
|||
summary: "Redis server" |
|||
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" |
|||
data-resources: |
|||
- /var/lib/redis |
|||
- /var/log/redis |
|||
config-resources: |
|||
- /etc/redis-local.conf |
|||
provides: |
|||
redis-database: |
Write
Preview
Loading…
Cancel
Save
Reference in new issue