Improve docker doc and fix missing keys on update

support/doc/docker.md

@@ -6,56 +6,65 @@ You can quickly get a server running using Docker. You need to have
 
 ## Production
 
-### Build your own Docker image
-
-```bash
-$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube
-$ cd /tmp/peertube
-$ docker build . -f ./support/docker/production/Dockerfile.stretch
-```
-
-### Run a preconfigured setup with all dependencies
+### Install
 
 PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want
 to quickly set up a full environment, either for trying the service or in
 production, you can use a `docker-compose` setup.
 
 ```bash
-$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube
-$ cd /tmp/peertube
+$ cd /your/peertube/directory
+$ mkdir ./docker-volume && mkdir ./docker-volume/traefik
+$ curl "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml" > ./docker-volume/traefik/traefik.toml
+$ touch ./docker-volume/traefik/acme.json && chmod 600 ./docker-volume/traefik/acme.json
+$ curl -s "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml" > ./docker-compose.yml
+```
+
+Update the reverse proxy configuration:
+
 ```
+$ vim ./docker-volume/traefik/traefik.toml
+```
+
+Tweak the `docker-compose.yml` file there according to your needs:
 
-Then tweak the `docker-compose.yml` file there according to your needs. Then
-you can use the regular `up` command to set it up, with possible overrides of
+```
+$ vim ./docker-compose.yaml
+```
+
+You can use the regular `up` command to set it up, with possible overrides of
 the environment variables:
 
 ```bash
-$ PEERTUBE_WEBSERVER_HOSTNAME=peertube.lvh.me \
-  PEERTUBE_ADMIN_EMAIL=test@example.com \
-  PEERTUBE_TRANSCODING_ENABLED=true \
-  PEERTUBE_SIGNUP_ENABLED=true \
-  PEERTUBE_SMTP_HOST=mail.lvh.me \
-  PEERTUBE_SMTP_PORT=1025 \
-  PEERTUBE_SMTP_FROM=noreply@peertube.lvh.me \
-    docker-compose -f support/docker/production/docker-compose.yml --project-directory . up
+$ PEERTUBE_WEBSERVER_HOSTNAME="domain.tld" docker-compose up
 ```
 
 Other environment variables are used in
 `support/docker/production/config/custom-environment-variables.yaml` and can be
 intuited from usage.
 
-For this example configuration, a reverse proxy is quite recommended. The
-example Docker Compose file provides example labels for a Traefik load
-balancer, although any HTTP reverse proxy will work fine. See the example
-Nginx configuration `support/nginx/peertube` file to get an idea of
-recommendations and requirements to run PeerTube the most efficiently.
-
 **Important**: note that you'll get the initial `root` user password from the
 program output, so check out your logs to find them.
 
+### Upgrade
+
+Pull the latest images and rerun PeerTube:
+
+```
+$ docker-compose pull
+$ PEERTUBE_WEBSERVER_HOSTNAME="domain.tld" docker-compose up
+```
+
+
+## Build your own Docker image
+
+```bash
+$ git clone https://github.com/chocobozzz/PeerTube /tmp/peertube
+$ cd /tmp/peertube
+$ docker build . -f ./support/docker/production/Dockerfile.stretch
+```
+
 ## Development
 
-The Docker image that's preconfigured in `support/docker/dev` contains all the
-services embedded in one image, so as to work correctly on
-[Janitor](https://janitor.technology). It is much not advised to use it in
-production.
+We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/develop/.github/CONTRIBUTING.md#develop)
+for more information on how you can hack PeerTube!
\ No newline at end of file

support/docker/production/config/traefik.toml

+# Uncomment this line in order to enable debugging through logs
+# debug = true
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+
+# Enable ACME (Let's Encrypt): automatic SSL.
+[acme]
+
+# Email address used for registration.
+#
+# Required
+#
+email = "<MY EMAIL ADDRESS>"
+
+# File or key used for certificates storage.
+#
+# Required
+#
+storage = "/etc/acme.json"
+# or `storage = "traefik/acme/account"` if using KV store.
+
+# Entrypoint to proxy acme apply certificates to.
+# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
+#
+# Required
+#
+entryPoint = "https"
+
+# Domains list.
+#
+[[acme.domains]]
+  main = "<MY DOMAIN>"
+
+# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
+#
+# Optional but recommend
+#
+[acme.httpChallenge]
+
+  # EntryPoint to use for the challenges.
+  #
+  # Required
+  #
+  entryPoint = "http"

support/docker/production/docker-compose.yml

@@ -2,6 +2,19 @@ version: "3.3"
 
 services:
 
+  reverse-proxy:
+    image: traefik
+    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
+    ports:
+      - "80:80"     # The HTTP port
+      - "443:443"   # The HTTPS port
+      - "8080:8080" # The Web UI (enabled by --api)
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+      - ./docker-volume/traefik/acme.json:/etc/acme.json
+      - ./docker-volume/traefik/traefik.toml:/traefik.toml
+    restart: "always"
+
   peertube:
     # If you don't want to use the official image and build one from sources
     # build:
@@ -49,9 +62,13 @@ services:
     volumes:
       - ./docker-volume/db:/var/lib/postgresql/data
     restart: "always"
+    labels:
+      traefik.enable: "false"
 
   redis:
     image: redis:4-alpine
     volumes:
       - ./docker-volume/redis:/data
     restart: "always"
+    labels:
+      traefik.enable: "false"
\ No newline at end of file

support/docker/production/docker-entrypoint.sh

@@ -4,10 +4,12 @@ set -e
 # Populate config directory
 if [ -z "$(ls -A /config)" ]; then
     cp /app/support/docker/production/config/* /config
-    cp /app/config/default.yaml /config
-    chown -R peertube:peertube /config
 fi
 
+# Always copy default configuration file, in cases where new keys were added
+cp /app/config/default.yaml /config
+chown -R peertube:peertube /config
+
 # first arg is `-f` or `--some-option`
 # or first arg is `something.conf`
 if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then