はじまりの大地

2024-07-15 09:14:04 +09:00
@@ -0,0 +1,58 @@
+# Database / Postgres service configuration
+POSTGRES_USER=<MY POSTGRES USERNAME>
+POSTGRES_PASSWORD=<MY POSTGRES PASSWORD>
+# Postgres database name "peertube"
+POSTGRES_DB=peertube
+# The database name used by PeerTube will be PEERTUBE_DB_NAME (only if set) *OR* 'peertube'+PEERTUBE_DB_SUFFIX
+#PEERTUBE_DB_NAME=<MY POSTGRES DB NAME>
+#PEERTUBE_DB_SUFFIX=_prod
+# Database username and password used by PeerTube must match Postgres', so they are copied:
+PEERTUBE_DB_USERNAME=$POSTGRES_USER
+PEERTUBE_DB_PASSWORD=$POSTGRES_PASSWORD
+PEERTUBE_DB_SSL=false
+# Default to Postgres service name "postgres" in docker-compose.yml
+PEERTUBE_DB_HOSTNAME=postgres
+
+# PeerTube server configuration
+# If you test PeerTube in local: use "peertube.localhost" and add this domain to your host file resolving on 127.0.0.1
+PEERTUBE_WEBSERVER_HOSTNAME=<MY DOMAIN>
+# If you just want to test PeerTube on local
+#PEERTUBE_WEBSERVER_PORT=9000
+#PEERTUBE_WEBSERVER_HTTPS=false
+# If you need more than one IP as trust_proxy
+# pass them as a comma separated array:
+PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
+
+# Generate one using `openssl rand -hex 32`
+PEERTUBE_SECRET=<MY PEERTUBE SECRET>
+
+# E-mail configuration
+# If you use a Custom SMTP server
+#PEERTUBE_SMTP_USERNAME=
+#PEERTUBE_SMTP_PASSWORD=
+# Default to Postfix service name "postfix" in docker-compose.yml
+# May be the hostname of your Custom SMTP server
+PEERTUBE_SMTP_HOSTNAME=postfix
+PEERTUBE_SMTP_PORT=25
+PEERTUBE_SMTP_FROM=noreply@<MY DOMAIN>
+PEERTUBE_SMTP_TLS=false
+PEERTUBE_SMTP_DISABLE_STARTTLS=false
+PEERTUBE_ADMIN_EMAIL=<MY EMAIL ADDRESS>
+
+# Postfix service configuration
+POSTFIX_myhostname=<MY DOMAIN>
+# If you need to generate a list of sub/DOMAIN keys
+# pass them as a whitespace separated string <DOMAIN>=<selector>
+OPENDKIM_DOMAINS=<MY DOMAIN>=peertube
+# see https://github.com/wader/postfix-relay/pull/18
+OPENDKIM_RequireSafeKeys=no
+
+PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
+PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
+
+#PEERTUBE_LOG_LEVEL=info
+
+# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
+#PEERTUBE_SIGNUP_ENABLED=true
+#PEERTUBE_TRANSCODING_ENABLED=true
+#PEERTUBE_CONTACT_FORM_ENABLED=true
@@ -0,0 +1,3 @@
+data/
+db/
+redis/
@@ -0,0 +1,52 @@
+FROM node:18-bookworm-slim
+
+ARG ALREADY_BUILT=0
+
+# Install dependencies
+RUN apt update \
+ && apt install -y --no-install-recommends openssl ffmpeg python3 python3-pip ca-certificates gnupg gosu build-essential curl git \
+ && gosu nobody true \
+ && rm /var/lib/apt/lists/* -fR
+
+# Add peertube user
+RUN groupadd -r peertube \
+    && useradd -r -g peertube -m peertube
+
+# Install PeerTube
+COPY --chown=peertube:peertube . /app
+WORKDIR /app
+
+USER peertube
+
+# Install manually client dependencies to apply our network timeout option
+RUN if [ "${ALREADY_BUILT}" = 0 ]; then \
+    cd client && yarn install --pure-lockfile --network-timeout 1200000 && cd ../ \
+    && yarn install --pure-lockfile --network-timeout 1200000 \
+    && npm run build; \
+  else \
+    echo "Do not build application inside Docker because of ALREADY_BUILT build argument"; \
+  fi; \
+  rm -rf ./node_modules ./client/node_modules ./client/.angular \
+  && NOCLIENT=1 yarn install --pure-lockfile --production --network-timeout 1200000 --network-concurrency 20 \
+  && yarn cache clean
+
+USER root
+
+RUN mkdir /data /config
+RUN chown -R peertube:peertube /data /config
+
+ENV NODE_ENV production
+ENV NODE_CONFIG_DIR /app/config:/app/support/docker/production/config:/config
+ENV PEERTUBE_LOCAL_CONFIG /config
+
+VOLUME /data
+VOLUME /config
+
+COPY ./support/docker/production/entrypoint.sh /usr/local/bin/entrypoint.sh
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
+
+# Expose API and RTMP
+EXPOSE 9000 1935
+
+# Run the application
+CMD [ "node", "dist/server" ]
@@ -0,0 +1,8 @@
+FROM nginx:alpine
+
+COPY ./support/docker/production/entrypoint.nginx.sh .
+RUN chmod +x entrypoint.nginx.sh
+
+EXPOSE 80 443
+ENTRYPOINT []
+CMD ["/bin/sh", "entrypoint.nginx.sh"]
@@ -0,0 +1,209 @@
+#
+# This file will be read by node-config
+# See https://github.com/node-config/node-config/wiki/Environment-Variables#custom-environment-variables
+#
+
+webserver:
+  hostname: "PEERTUBE_WEBSERVER_HOSTNAME"
+  port:
+    __name: "PEERTUBE_WEBSERVER_PORT"
+    __format: "json"
+  https:
+    __name: "PEERTUBE_WEBSERVER_HTTPS"
+    __format: "json"
+
+federation:
+  sign_federated_fetches:
+    __name: "PEERTUBE_SIGN_FEDERATED_FETCHES"
+    __format: "json"
+
+secrets:
+  peertube: "PEERTUBE_SECRET"
+
+trust_proxy:
+  __name: "PEERTUBE_TRUST_PROXY"
+  __format: "json"
+
+database:
+  hostname: "PEERTUBE_DB_HOSTNAME"
+  port:
+    __name: "PEERTUBE_DB_PORT"
+    __format: "json"
+  name: "PEERTUBE_DB_NAME"
+  suffix: "PEERTUBE_DB_SUFFIX"
+  username: "PEERTUBE_DB_USERNAME"
+  password: "PEERTUBE_DB_PASSWORD"
+  ssl:
+    __name: "PEERTUBE_DB_SSL"
+    __format: "json"
+
+redis:
+  hostname: "PEERTUBE_REDIS_HOSTNAME"
+  port:
+    __name: "PEERTUBE_REDIS_PORT"
+    __format: "json"
+  auth: "PEERTUBE_REDIS_AUTH"
+
+smtp:
+  hostname: "PEERTUBE_SMTP_HOSTNAME"
+  port:
+    __name: "PEERTUBE_SMTP_PORT"
+    __format: "json"
+  username: "PEERTUBE_SMTP_USERNAME"
+  password: "PEERTUBE_SMTP_PASSWORD"
+  tls:
+    __name: "PEERTUBE_SMTP_TLS"
+    __format: "json"
+  disable_starttls:
+    __name: "PEERTUBE_SMTP_DISABLE_STARTTLS"
+    __format: "json"
+  from_address: "PEERTUBE_SMTP_FROM"
+
+object_storage:
+  enabled:
+    __name: "PEERTUBE_OBJECT_STORAGE_ENABLED"
+    __format: "json"
+
+  endpoint: "PEERTUBE_OBJECT_STORAGE_ENDPOINT"
+
+  region: "PEERTUBE_OBJECT_STORAGE_REGION"
+
+  upload_acl:
+    public: "PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC"
+    private: "PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE"
+
+  proxy:
+    proxify_private_files:
+      __name: "PEERTUBE_OBJECT_STORAGE_PROXY_PROXIFY_PRIVATE_FILES"
+      __format: "json"
+
+  credentials:
+    access_key_id: "PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID"
+    secret_access_key: 'PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY'
+
+  max_upload_part:
+    __name: "PEERTUBE_OBJECT_STORAGE_MAX_UPLOAD_PART"
+    __format: "json"
+
+  streaming_playlists:
+    bucket_name: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME"
+    prefix: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX"
+    base_url: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BASE_URL"
+    store_live_streams:
+      __name: "PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_STORE_LIVE_STREAMS"
+      __format: "json"
+
+  web_videos:
+    bucket_name: "PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_BUCKET_NAME"
+    prefix: "PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_PREFIX"
+    base_url: "PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_BASE_URL"
+
+  user_exports:
+    bucket_name: "PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_BUCKET_NAME"
+    prefix: "PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_PREFIX"
+    base_url: "PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_BASE_URL"
+
+  original_video_files:
+    bucket_name: "PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_BUCKET_NAME"
+    prefix: "PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_PREFIX"
+    base_url: "PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_BASE_URL"
+
+webadmin:
+  configuration:
+    edition:
+      allowed:
+        __name: "PEERTUBE_WEBADMIN_CONFIGURATION_EDITION_ALLOWED"
+        __format: "json"
+
+log:
+  level: "PEERTUBE_LOG_LEVEL"
+  log_ping_requests:
+    __name: "PEERTUBE_LOG_PING_REQUESTS"
+    __format: "json"
+
+user:
+  video_quota:
+    __name: "PEERTUBE_USER_VIDEO_QUOTA"
+    __format: "json"
+
+admin:
+  email: "PEERTUBE_ADMIN_EMAIL"
+
+contact_form:
+  enabled:
+    __name: "PEERTUBE_CONTACT_FORM_ENABLED"
+    __format: "json"
+
+signup:
+  enabled:
+    __name: "PEERTUBE_SIGNUP_ENABLED"
+    __format: "json"
+  limit:
+    __name: "PEERTUBE_SIGNUP_LIMIT"
+    __format: "json"
+
+search:
+  remote_uri:
+    users:
+      __name: "PEERTUBE_SEARCH_REMOTEURI_USERS"
+      __format: "json"
+    anonymous:
+      __name: "PEERTUBE_SEARCH_REMOTEURI_ANONYMOUS"
+      __format: "json"
+
+import:
+  videos:
+    http:
+      enabled:
+        __name: "PEERTUBE_IMPORT_VIDEOS_HTTP"
+        __format: "json"
+    torrent:
+      enabled:
+        __name: "PEERTUBE_IMPORT_VIDEOS_TORRENT"
+        __format: "json"
+
+transcoding:
+  enabled:
+    __name: "PEERTUBE_TRANSCODING_ENABLED"
+    __format: "json"
+  threads:
+    __name: "PEERTUBE_TRANSCODING_THREADS"
+    __format: "json"
+  resolutions:
+    144p:
+      __name: "PEERTUBE_TRANSCODING_144P"
+      __format: "json"
+    240p:
+      __name: "PEERTUBE_TRANSCODING_240P"
+      __format: "json"
+    360p:
+      __name: "PEERTUBE_TRANSCODING_360P"
+      __format: "json"
+    480p:
+      __name: "PEERTUBE_TRANSCODING_480P"
+      __format: "json"
+    720p:
+      __name: "PEERTUBE_TRANSCODING_720P"
+      __format: "json"
+    1080p:
+      __name: "PEERTUBE_TRANSCODING_1080P"
+      __format: "json"
+    1440p:
+      __name: "PEERTUBE_TRANSCODING_1440P"
+      __format: "json"
+    2160p:
+      __name: "PEERTUBE_TRANSCODING_2160P"
+      __format: "json"
+  web_videos:
+    enabled:
+      __name: "PEERTUBE_TRANSCODING_WEB_VIDEOS_ENABLED"
+      __format: "json"
+  hls:
+    enabled:
+      __name: "PEERTUBE_TRANSCODING_HLS_ENABLED"
+      __format: "json"
+
+instance:
+  name: "PEERTUBE_INSTANCE_NAME"
+  description: "PEERTUBE_INSTANCE_DESCRIPTION"
+  terms: "PEERTUBE_INSTANCE_TERMS"
@@ -0,0 +1,88 @@
+listen:
+  hostname: '0.0.0.0'
+  port: 9000
+
+# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
+webserver:
+  https: true
+  hostname: undefined
+  port: 443
+
+rates_limit:
+  login:
+    # 15 attempts in 5 min
+    window: 5 minutes
+    max: 15
+  ask_send_email:
+    # 3 attempts in 5 min
+    window: 5 minutes
+    max: 3
+
+# Proxies to trust to get real client IP
+# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
+# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
+trust_proxy:
+  - 'loopback'
+  - 'linklocal'
+  - 'uniquelocal'
+
+# Your database name will be database.name OR 'peertube'+database.suffix
+database:
+  hostname: 'postgres'
+  port: 5432
+  ssl: false
+  suffix: ''
+  username: 'postgres'
+  password: 'postgres'
+
+# Redis server for short time storage
+redis:
+  hostname: 'redis'
+  port: 6379
+  auth: null
+
+# From the project root directory
+storage:
+  tmp: '../data/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
+  tmp_persistent: '../data/tmp-persistent/' # As tmp but the directory is not cleaned up between PeerTube restarts
+  bin: '../data/bin/'
+  avatars: '../data/avatars/'
+  web_videos: '../data/web-videos/'
+  streaming_playlists: '../data/streaming-playlists'
+  redundancy: '../data/redundancy/'
+  logs: '../data/logs/'
+  previews: '../data/previews/'
+  thumbnails: '../data/thumbnails/'
+  storyboards: '../data/storyboards/'
+  torrents: '../data/torrents/'
+  captions: '../data/captions/'
+  cache: '../data/cache/'
+  plugins: '../data/plugins/'
+  well_known: '../data/well-known/'
+  # Overridable client files in client/dist/assets/images :
+  # - logo.svg
+  # - favicon.png
+  # - default-playlist.jpg
+  # - default-avatar-account.png
+  # - default-avatar-video-channel.png
+  # - and icons/*.png (PWA)
+  # Could contain for example assets/images/favicon.png
+  # If the file exists, peertube will serve it
+  # If not, peertube will fallback to the default fil
+  client_overrides: '../data/client-overrides/'
+
+
+object_storage:
+  upload_acl:
+    public: null # Set to null here because we can't using env variables
+    private: null
+
+log:
+  level: 'info' # 'debug' | 'info' | 'warn' | 'error'
+
+tracker:
+  enabled: true
+  reject_too_many_announces: false # false because we have issues with docker ws ip/port forwarding
+
+admin:
+  email: null
@@ -0,0 +1,100 @@
+services:
+
+  # You can comment this webserver section if you want to use another webserver/proxy or test PeerTube in local
+  webserver:
+    image: chocobozzz/peertube-webserver:latest
+    # If you don't want to use the official image and build one from sources:
+    # build:
+    #   context: .
+    #   dockerfile: Dockerfile.nginx
+    env_file:
+      - .env
+    ports:
+     - "80:80"
+     - "443:443"
+    volumes:
+      - type: bind
+        # Switch sources if you downloaded the whole repository
+        #source: ../../nginx/peertube
+        source: ./docker-volume/nginx/peertube
+        target: /etc/nginx/conf.d/peertube.template
+      - assets:/var/www/peertube/peertube-latest/client/dist:ro
+      - ./docker-volume/data:/var/www/peertube/storage
+      - certbot-www:/var/www/certbot
+      - ./docker-volume/certbot/conf:/etc/letsencrypt
+    depends_on:
+      - peertube
+    restart: "always"
+
+  # You can comment this certbot section if you want to use another webserver/proxy or test PeerTube in local
+  certbot:
+    container_name: certbot
+    image: certbot/certbot
+    volumes:
+      - ./docker-volume/certbot/conf:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    restart: unless-stopped
+    entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
+    depends_on:
+      - webserver
+
+  peertube:
+    # If you don't want to use the official image and build one from sources:
+    # build:
+    #   context: .
+    #   dockerfile: ./support/docker/production/Dockerfile.bookworm
+    image: chocobozzz/peertube:production-bookworm
+    # Use a static IP for this container because nginx does not handle proxy host change without reload
+    # This container could be restarted on crash or until the postgresql database is ready for connection
+    networks:
+      default:
+        ipv4_address: 172.18.0.42
+    env_file:
+      - .env
+
+    ports:
+     - "1935:1935" # Comment if you don't want to use the live feature
+    #  - "9000:9000" # Uncomment if you use another webserver/proxy or test PeerTube in local, otherwise not suitable for production
+    volumes:
+      # Remove the following line if you want to use another webserver/proxy or test PeerTube in local
+      - assets:/app/client/dist
+      - ./docker-volume/data:/data
+      - ./docker-volume/config:/config
+    depends_on:
+      - postgres
+      - redis
+      - postfix
+    restart: "always"
+
+  postgres:
+    image: postgres:13-alpine
+    env_file:
+      - .env
+    volumes:
+      - ./docker-volume/db:/var/lib/postgresql/data
+    restart: "always"
+
+  redis:
+    image: redis:6-alpine
+    volumes:
+      - ./docker-volume/redis:/data
+    restart: "always"
+
+  postfix:
+    image: mwader/postfix-relay
+    env_file:
+      - .env
+    volumes:
+      - ./docker-volume/opendkim/keys:/etc/opendkim/keys
+    restart: "always"
+
+networks:
+  default:
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.18.0.0/16
+
+volumes:
+  assets:
+  certbot-www:
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# Process the nginx template
+SOURCE_FILE="/etc/nginx/conf.d/peertube.template"
+TARGET_FILE="/etc/nginx/conf.d/default.conf"
+export WEBSERVER_HOST="$PEERTUBE_WEBSERVER_HOSTNAME"
+export PEERTUBE_HOST="peertube:9000"
+
+envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE
+
+while :; do
+  sleep 12h & wait $!;
+  nginx -s reload;
+done &
+
+nginx -g 'daemon off;'
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -e
+
+
+find /config ! -user peertube -exec chown peertube:peertube {} \; || true
+
+# first arg is `-f` or `--some-option`
+# or first arg is `something.conf`
+if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
+    set -- node "$@"
+fi
+
+# allow the container to be started with `--user`
+if [ "$1" = 'node' -a "$(id -u)" = '0' ]; then
+    find /data ! -user peertube -exec  chown peertube:peertube {} \;
+    exec gosu peertube "$0" "$@"
+fi
+
+exec "$@"