Getting peertube up and running in docker using traefik as a web proxy turned out to be quite straightforward.
The peertube docker instructions are good. Traefik is being used as the webserver proxy so we can comment out that section. I also use a wildcard LetsEncrypt certificate with DNS validation so the certbot section is also commented out. I then only had to make a couple of changes to the docker-compose file to add the traefik labels and set up a volume for the peertube assets. In the file below, change:
version: "3.3"
services:
# # You can comment this webserver section if you want to use another webserver/proxy or test PeerTube in local
# webserver:
# image: chocobozzz/peertube-webserver:latest
# # If you don't want to use the official image and build one from sources:
# # build:
# # context: .
# # dockerfile: Dockerfile.nginx
# env_file:
# - .env
# ports:
# - "80:80"
# - "443:443"
# volumes:
# - type: bind
# # Switch sources if you downloaded the whole repository
# #source: ../../nginx/peertube
# source: ./docker-volume/nginx/peertube
# target: /etc/nginx/conf.d/peertube.template
# - ./docker-colume/assets:/var/www/peertube/peertube-latest/client/dist:ro
# - ./docker-volume/data:/var/www/peertube/storage
# - certbot-www:/var/www/certbot
# - ./docker-volume/certbot/conf:/etc/letsencrypt
# depends_on:
# - peertube
# restart: "always"
#
# # You can comment this certbot section if you want to use another webserver/proxy or test PeerTube in local
# certbot:
# container_name: certbot
# image: certbot/certbot
# volumes:
# - ./docker-volume/certbot/conf:/etc/letsencrypt
# - certbot-www:/var/www/certbot
# restart: unless-stopped
# entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wai># depends_on:
# - webserver
peertube:
# If you don't want to use the official image and build one from sources:
# build:
# context: .
# dockerfile: ./support/docker/production/Dockerfile.bullseye
image: chocobozzz/peertube:production-bullseye
# Use a static IP for this container because nginx does not handle proxy host change without reload
# This container could be restarted on crash or until the postgresql database is ready for connection
networks:
internal:
ipv4_address: 172.19.0.42
proxy:
env_file:
- .env
# ports:
# - "1935:1935" # Comment if you don't want to use the live feature
# - "9000:9000" # Uncomment if you use another webserver/proxy or test PeerTube in local, otherwise not suitable> volumes:
- assets:/app/client/dist
- ./docker-volume/data:/data
- ./docker-volume/config:/config
depends_on:
- postgres
- redis
- postfix
restart: "always"
labels:
- "traefik.enable=true"
- "traefik.http.routers.peertube-web.rule=Host(`PEERTUBE-HOSTNAME`)"
- "traefik.http.services.peertube-web.loadbalancer.server.port=9000"
- "traefik.http.routers.peertube-web.entrypoints=websecure"
- "traefik.docker.network=proxy"
postgres:
image: postgres:13-alpine
env_file:
- .env
volumes:
- ./docker-volume/db:/var/lib/postgresql/data
restart: "always"
networks:
internal:
redis:
image: redis:6-alpine
volumes:
- ./docker-volume/redis:/data
restart: "always"
networks:
internal:
postfix:
image: mwader/postfix-relay
env_file:
- .env
volumes:
- ./docker-volume/opendkim/keys:/etc/opendkim/keys
restart: "always"
networks:
internal:
networks:
internal:
ipam:
driver: default
config:
- subnet: 172.19.0.0/16
proxy:
external: true
volumes:
assets:
driver: local
driver_opts:
o: bind
type: none
device: /PATH-TO-PEERTUBE-ASSESTS
The peertube .env file is well documented. Here’s the relevant section for the changes we need to make:
# PeerTube server configuration
# If you test PeerTube in local: use "peertube.localhost" and add this domain to your host file resolving on 127.0.0.1
PEERTUBE_WEBSERVER_HOSTNAME=PEERTUBE-HOSTNAME
# If you just want to test PeerTube on local
PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true
# If you need more than one IP as trust_proxy
# pass them as a comma separated array:
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16", "ADD-TRAEFIK-PROXY-NETWORK"]
That’s it!