example with TLS wrapper (RTMPS) and traefik (#608)

* example with TLS wrapper (RTMPS) and traefik * added example configuration for a MinIO S3 storage * separate example
4 years ago · 31d0ef8065
2 changed files with 130 additions and 0 deletions
--- a/examples/docker-compose.tls-rtmp.yaml
+++ b/examples/docker-compose.tls-rtmp.yaml
@ -0,0 +1,50 @@
				@@ -0,0 +1,50 @@
+version: '2'
+
+services:
+  owncast:
+    image: gabekangas/owncast:latest
+    restart: unless-stopped
+    volumes:
+      - ${PWD}/config-example.yaml:/app/config.yaml # Adjust once you create your own config.yaml
+      - owncast_db:/db # Remove if you don't want chat persistant
+    command: /app/owncast -configFile=config.yaml -database=/db/chat.db
+    ports:
+    - 8080:8080
+    labels:
+      - "traefik.enable=false"
+      - "traefik.http.routers.owncast.rule=Host(`live.your.org`)"
+      - "traefik.http.routers.owncast.entrypoints=web,websecure"
+      - "traefik.http.routers.owncast.tls.certresolver=mytlschallenge"
+      - "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
+      - "traefik.tcp.routers.rtmpcast.rule=HostSNI(`live.your.org`)"
+      - "traefik.tcp.routers.rtmpcast.service=rtmpcast"
+      - "traefik.tcp.routers.rtmpcast.tls=true"
+      - "traefik.tcp.routers.rtmpcast.tls.certresolver=mytlschallenge"
+      - "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
+  traefik:
+    image: traefik:latest
+    restart: unless-stopped
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.rtmp.address=:1935
+      - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true
+      # CHANGE THE ADDRESS BELOW TO YOUR ADDRESS
+      - --certificatesresolvers.mytlschallenge.acme.email=postmaster@mydomain.com
+      # COMMENT OUT THE LINE BELOW TO GET LIVE CERT
+      - --certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json
+    volumes:
+      - traefik_certs:/letsencrypt/
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+    - 80:80
+    - 443:443
+    - 1935:1935
+
+volumes:
+  owncast_db:
+  traefik_certs:
+  
--- a/examples/docker-compose.with-minio.yaml
+++ b/examples/docker-compose.with-minio.yaml
@ -0,0 +1,80 @@
				@@ -0,0 +1,80 @@
+version: '3.1'
+
+services:
+  owncast:
+    image: gabekangas/owncast:latest
+    restart: unless-stopped
+    volumes:
+      - ${PWD}/config-example.yaml:/app/config.yaml # Adjust once you create your own config.yaml
+      - owncast_db:/db # Remove if you don't want chat persistant
+    command: /app/owncast -configFile=config.yaml -database=/db/chat.db
+    ports:
+    - 8080:8080
+    labels:
+      - "traefik.enable=false"
+      - "traefik.http.routers.owncast.rule=Host(`live.your.org`)"
+      - "traefik.http.routers.owncast.entrypoints=web,websecure"
+      - "traefik.http.routers.owncast.tls.certresolver=mytlschallenge"
+      - "traefik.tcp.routers.rtmpcast.entrypoints=rtmp"
+      - "traefik.tcp.routers.rtmpcast.rule=HostSNI(`live.your.org`)"
+      - "traefik.tcp.routers.rtmpcast.service=rtmpcast"
+      - "traefik.tcp.routers.rtmpcast.tls=true"
+      - "traefik.tcp.routers.rtmpcast.tls.certresolver=mytlschallenge"
+      - "traefik.tcp.services.rtmpcast.loadbalancer.server.port=1935"
+  traefik:
+    image: traefik:latest
+    restart: unless-stopped
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.rtmp.address=:1935
+      - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true
+      # CHANGE THE ADDRESS BELOW TO YOUR ADDRESS
+      - --certificatesresolvers.mytlschallenge.acme.email=postmaster@mydomain.com
+      # COMMENT OUT THE LINE BELOW TO GET LIVE CERT
+      - --certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json
+    volumes:
+      - traefik_certs:/letsencrypt/
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+    - 80:80
+    - 443:443
+    - 1935:1935
+   
+  # optionally serving your chunks yourself.
+  minio:
+    image: minio/minio
+    volumes:
+      - minio_data:/data
+    secrets:
+      - access_key
+      - secret_key
+    environment:
+      - MINIO_ACCESS_KEY_FILE=access_key
+      - MINIO_SECRET_KEY_FILE=secret_key
+    command: server /data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.minio.rule=Host(`s3-storage.your.org`)"
+      - "traefik.http.routers.minio.service=minio"
+      - "traefik.http.services.minio.loadbalancer.server.port=9000"
+      - "traefik.http.routers.minio.entryPoints=websecure"
+      - "traefik.http.routers.minio.tls=true"
+      - "traefik.http.routers.minio.middlewares=livecors"
+      - "traefik.http.routers.minio.tls.certresolver=mytlschallenge"
+      - "traefik.http.middlewares.livecors.headers.accesscontrolallowmethods=GET,OPTIONS"
+      - "traefik.http.middlewares.livecors.headers.allowedhosts=https://s3-storage.your.org"
+
+volumes:
+  owncast_db:
+  traefik_certs:
+  minio_data:
+
+secrets:
+  secret_key:
+    file: minio_secret.key
+  access_key:
+    file: minio_access.key