Hard time trying to Setup Peertube with Docker
I have a debian 12 server with other services running:
Nginx, teamspeak server and samba.
Im trying to run docker peertube. But everytime I run docker compose up every other connection gets terminated. I cant even access SSH anymore, forcing me to set up a monitor and a keyboard to kill docker processes so everything is back online again.
Before I try to install everything once more, can anyone point me what I may be doing wrong? Im following the tutorial at: https://docs.joinpeertube.org/install/docker
Hi, did you modify docker-compose.yml file?
By default it starts nginx (and peertube, redis, database…) and use port 80 and 443.
Your machine is already having nginx running with the same ports, I guess, so there is a conflict. Docker-compose shouldn’t start in that case, not sure why it freeze your network.
Have you tried stopping your Nginx on your server then start docker compose
OR commenting out the entire webserver and certbot part in docker-compose.yml?
To check if this is the origin of the issue.
Thanks for the reply. Yes I did try commenting the nginx and certbot. Same issue.
The only time the issue didnt happen, was when I changed the network IP.
But when I did that, peertube complained it couldnt connect to the database.
Maybe a conflict between the private IP in your Peertube docker-compose file and your others docker containers?
Make sure that the subnets in your Peertube docker-compose file are different from the subnets of your other services.
(and that you are not using your public IPs!!!)
Hmm I dont have any other docker services running.
Im not sure what to do.
Ok, i misunderstood your first post, and thought your other services were also running on docker.
If you already have a running nginx, then it will probably be easier for you to do a standard Peertube installation, and not a docker one.
Was there a reason for doing so?
Yes, Im trying to install via docker so its more portable. Also, with standard installation I found it to be hard to customize the correct folder to store the data (videos etc).
If you have already a nginx running, you won’t be able to start another nginx in docker, as the 80 and 443 ports are already in use. Unless you have multiple public IPs, or unless you do some reverse-proxy tweaking (but this requires some exprerience, and is not easy to do).
Customizing the folders is not more difficult in a standard installation than in a docker one. I recommend you to try.
Im going to uninstall nginx and try again. I prefer the docker installation.
I will let you guys know how it works out.
OK. I have no nginx installed.
Removed and purged it.
Followed the tutorial at : Docker guide | PeerTube documentation
Now all connection is gone again. It worked for a few seconds and then puff, gone.
Huh. Im not sure whats happening. Want me to post my .env or docker-compose ?
I just followed the tutorial.
Is there any error log in your system journal? (in /var/log/syslog for example).
When you run docker compose up (without the -d), is there any error?
yes
.env file:
# Database / Postgres service configuration
POSTGRES_USER=REDACTED
POSTGRES_PASSWORD=REDACTED
# Postgres database name "peertube"
POSTGRES_DB=peertube
# The database name used by PeerTube will be PEERTUBE_DB_NAME (only if set) *OR* 'peertube'+PEERTUBE_DB_SUFFIX
#PEERTUBE_DB_NAME=<MY POSTGRES DB NAME>
#PEERTUBE_DB_SUFFIX=_prod
# Database username and password used by PeerTube must match Postgres', so they are copied:
PEERTUBE_DB_USERNAME=$POSTGRES_USER
PEERTUBE_DB_PASSWORD=$POSTGRES_PASSWORD
PEERTUBE_DB_SSL=false
# Default to Postgres service name "postgres" in docker-compose.yml
PEERTUBE_DB_HOSTNAME=postgres
# PeerTube server configuration
# If you test PeerTube in local: use "peertube.localhost" and add this domain to your host file resolving on 127.0.0.1
PEERTUBE_WEBSERVER_HOSTNAME=REDACTED
# If you just want to test PeerTube on local
#PEERTUBE_WEBSERVER_PORT=9000
#PEERTUBE_WEBSERVER_HTTPS=false
# If you need more than one IP as trust_proxy
# pass them as a comma separated array:
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
# Generate one using `openssl rand -hex 32`
PEERTUBE_SECRET=REDACTED
# E-mail configuration
# If you use a Custom SMTP server
PEERTUBE_SMTP_USERNAME=REDACTED AWS
PEERTUBE_SMTP_PASSWORD=REDACTED AWS
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
PEERTUBE_SMTP_HOSTNAME=email-smtp.us-east-1.amazonaws.com
PEERTUBE_SMTP_PORT=587
PEERTUBE_SMTP_FROM=REDACTED AWS
PEERTUBE_SMTP_TLS=true
PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=REDACTED AWS
# Postfix service configuration
POSTFIX_myhostname=REDACTED
# If you need to generate a list of sub/DOMAIN keys
# pass them as a whitespace separated string <DOMAIN>=<selector>
OPENDKIM_DOMAINS=REDACTED=default._domainkey
# see https://github.com/wader/postfix-relay/pull/18
OPENDKIM_RequireSafeKeys=no
# If you want to enable object storage for PeerTube, set the following variables.
#PEERTUBE_OBJECT_STORAGE_ENABLED=
#PEERTUBE_OBJECT_STORAGE_ENDPOINT=
#PEERTUBE_OBJECT_STORAGE_REGION=
#PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID=
#PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY=
#PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME=
#PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX=
#PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BASE_URL=
#PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_BUCKET_NAME=
#PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_PREFIX=
#PEERTUBE_OBJECT_STORAGE_WEB_VIDEOS_BASE_URL=
#PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_BUCKET_NAME=
#PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_PREFIX=
#PEERTUBE_OBJECT_STORAGE_USER_EXPORTS_BASE_URL=
#PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_BUCKET_NAME=
#PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_PREFIX=
#PEERTUBE_OBJECT_STORAGE_ORIGINAL_VIDEO_FILES_BASE_URL=
#PEERTUBE_OBJECT_STORAGE_CAPTIONS_BUCKET_NAME=
#PEERTUBE_OBJECT_STORAGE_CAPTIONS_PREFIX=
#PEERTUBE_OBJECT_STORAGE_CAPTIONS_BASE_URL=
# Comment these variables if your S3 provider does not support object ACL
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PUBLIC="public-read"
PEERTUBE_OBJECT_STORAGE_UPLOAD_ACL_PRIVATE="private"
#PEERTUBE_LOG_LEVEL=info
# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
#PEERTUBE_SIGNUP_ENABLED=true
#PEERTUBE_TRANSCODING_ENABLED=true
#PEERTUBE_CONTACT_FORM_ENABLED=true
Docker Compose file:
services:
# You can comment this webserver section if you want to use another webserver/proxy or test PeerTube in local
webserver:
image: chocobozzz/peertube-webserver:latest
# If you don't want to use the official image and build one from sources:
# build:
# context: .
# dockerfile: ./support/docker/production/Dockerfile.nginx
env_file:
- .env
ports:
- "80:80"
- "443:443"
volumes:
- type: bind
# Switch sources if you downloaded the whole repository
#source: ../../nginx/peertube
source: ./docker-volume/nginx/peertube
target: /etc/nginx/conf.d/peertube.template
- assets:/var/www/peertube/peertube-latest/client/dist:ro
- ./docker-volume/data:/var/www/peertube/storage
- certbot-www:/var/www/certbot
- ./docker-volume/certbot/conf:/etc/letsencrypt
- ./docker-volume/nginx-logs:/var/log/nginx
depends_on:
- peertube
restart: "always"
# You can comment this certbot section if you want to use another webserver/proxy or test PeerTube in local
certbot:
container_name: certbot
image: certbot/certbot
volumes:
- ./docker-volume/certbot/conf:/etc/letsencrypt
- certbot-www:/var/www/certbot
restart: unless-stopped
entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
depends_on:
- webserver
peertube:
# If you don't want to use the official image and build one from sources:
# build:
# context: .
# dockerfile: ./support/docker/production/Dockerfile.bookworm
image: chocobozzz/peertube:production-bookworm
# Use a static IP for this container because nginx does not handle proxy host change without reload
# This container could be restarted on crash or until the postgresql database is ready for connection
networks:
default:
ipv4_address: 172.18.0.42
ipv6_address: fdab:e4b3:21a2:ef1b::42
env_file:
- .env
ports:
- "1935:1935" # Comment if you don't want to use the live feature
# - "9000:9000" # Uncomment if you use another webserver/proxy or test PeerTube in local, otherwise not suitable for production
volumes:
# Remove the following line if you want to use another webserver/proxy or test PeerTube in local
- assets:/app/client/dist
- ./docker-volume/data:/data
- ./docker-volume/config:/config
depends_on:
- postgres
- redis
- postfix
restart: "always"
postgres:
image: postgres:13-alpine
env_file:
- .env
volumes:
- ./docker-volume/db:/var/lib/postgresql/data
restart: "always"
redis:
image: redis:6-alpine
volumes:
- ./docker-volume/redis:/data
restart: "always"
postfix:
image: mwader/postfix-relay
env_file:
- .env
volumes:
- ./docker-volume/opendkim/keys:/etc/opendkim/keys
restart: "always"
networks:
default:
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.18.0.0/16
- subnet: fdab:e4b3:21a2:ef1b::/64
volumes:
assets:
certbot-www:
I have redacted sensitive information.
When I run docker compose up, well, Im gonna have to hold on that. I can run it later and give you guys the whole log.
Ok, here is the log that you requested.
I ran several times and every time the SSH disconnects.
Note that the SSH default port was changed.
docker compose up
[+] Running 61/61
✔ postgres Pulled 81.6s
✔ postfix Pulled 17.9s
✔ certbot Pulled 10.1s
✔ webserver Pulled 22.5s
✔ peertube Pulled 120.2s
✔ redis Pulled 11.0s
[+] Running 7/7
✔ Network peertube_default Created 0.1s
✔ Container peertube-postfix-1 Created 3.6s
✔ Container peertube-redis-1 Created 3.6s
✔ Container peertube-postgres-1 Created 3.6s
✔ Container peertube-peertube-1 Created 0.0s
✔ Container peertube-webserver-1 Created 0.0s
✔ Container certbot Created 0.0s
Attaching to certbot, peertube-1, postfix-1, postgres-1, redis-1, webserver-1
redis-1 | 1:C 25 Jun 2025 15:23:40.829 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis-1 | 1:C 25 Jun 2025 15:23:40.829 # Redis version=6.2.18, bits=64, commit=00000000, modified=0, pid=1, just started
redis-1 | 1:C 25 Jun 2025 15:23:40.829 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis-1 | 1:M 25 Jun 2025 15:23:40.829 * monotonic clock: POSIX clock_gettime
redis-1 | 1:M 25 Jun 2025 15:23:40.830 * Running mode=standalone, port=6379.
redis-1 | 1:M 25 Jun 2025 15:23:40.830 # Server initialized
redis-1 | 1:M 25 Jun 2025 15:23:40.830 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
postfix-1 | DNS records:
postgres-1 |
postgres-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
postgres-1 |
redis-1 | 1:M 25 Jun 2025 15:23:41.186 * Loading RDB produced by version 6.2.18
redis-1 | 1:M 25 Jun 2025 15:23:41.186 * RDB age 166938 seconds
redis-1 | 1:M 25 Jun 2025 15:23:41.186 * RDB memory usage when created 3.16 Mb
redis-1 | 1:M 25 Jun 2025 15:23:41.186 # Done loading RDB, keys loaded: 42, keys expired: 27.
redis-1 | 1:M 25 Jun 2025 15:23:41.186 * DB loaded from disk: 0.356 seconds
redis-1 | 1:M 25 Jun 2025 15:23:41.186 * Ready to accept connections
postfix-1 | default._domainkey._domainkey.REDACTED.com.br. IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
postfix-1 | "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+eReyZbIKyOehN1aEX/RRRf765AICpny20kgrvUXaj3H20atRjQI/rbt8tFKnVzn0fOcQ1DWxduc9M4+P9UT9xXRjNZEAg4zsYvXbJ3ai5gQfoZIjU+MGt6XTFFUYCoihehSWp0HIhfLvtsFZvPcI65EDcR+JGaXbjziYvrcOWYZ1+jOJLEUTD6U6iahcotIVdXvcuW1++tbP"
postfix-1 | "g8y7KA7hqT56y+FCCQIHxMRThLgOMYpBt35cOPtrjtL/RwbRfjtTNff7qcYCdYa2xpcXVUZcKTFFO/vkFzzWUOtmFTVM2d8iaw+p7YMMNhZvZlFIDk79QBpq2pjp7dehRAfL0XiwIDAQAB" ) ; ----- DKIM key default._domainkey for REDACTED.com.br
postfix-1 | Starting OpenDKIM: opendkim.
webserver-1 | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:23
webserver-1 | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/default.conf:24
postgres-1 | 2025-06-25 15:23:41.650 UTC [1] LOG: starting PostgreSQL 13.21 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit
postgres-1 | 2025-06-25 15:23:41.651 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgres-1 | 2025-06-25 15:23:41.651 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgres-1 | 2025-06-25 15:23:41.735 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-1 | 2025-06-25 15:23:41.934 UTC [26] LOG: database system was interrupted; last known up at 2025-06-23 17:01:28 UTC
postgres-1 | 2025-06-25 15:23:42.156 UTC [26] LOG: database system was not properly shut down; automatic recovery in progress
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot |
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | Processing /etc/letsencrypt/renewal/REDACTED.ddns.net.conf
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
postgres-1 | 2025-06-25 15:23:42.268 UTC [26] LOG: redo starts at 0/1899938
postgres-1 | 2025-06-25 15:23:42.290 UTC [26] LOG: invalid record length at 0/18A3050: wanted 24, got 0
postgres-1 | 2025-06-25 15:23:42.290 UTC [26] LOG: redo done at 0/18A2FE8
postfix-1 | Starting Postfix Mail Transport Agent: postfix.
postfix-1 | 2025-06-25T15:23:42.695961+00:00 6c774cea6c08 rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="154" x-info="https://www.rsyslog.com"] start
postfix-1 | 2025-06-25T15:23:42.698530+00:00 6c774cea6c08 postfix/master[152]: daemon started -- version 3.4.23, configuration /etc/postfix
certbot | Certificate not yet due for renewal
certbot |
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | The following certificates are not due for renewal yet:
certbot | /etc/letsencrypt/live/REDACTED.ddns.net/fullchain.pem expires on 2025-09-21 (skipped)
certbot | No renewals were attempted.
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
postgres-1 | 2025-06-25 15:23:43.148 UTC [1] LOG: database system is ready to accept connections
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:43.848 info: Using following configuration file hierarchy: /app/config/default.yaml -> /app/support/docker/production/config/production.yaml -> /app/support/docker/production/config/custom-environment-variables.yaml.
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:45.312 info: Database peertube is ready.
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.148 info: Connecting to Redis in "standalone" mode...
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.149 info: Using standalone redis options {
peertube-1 | "db": 0,
peertube-1 | "host": "redis",
peertube-1 | "port": 6379,
peertube-1 | "path": null
peertube-1 | }
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.152 info: Using email-smtp.us-east-1.amazonaws.com:587 as SMTP server.
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.154 info: Testing SMTP server...
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.199 info: Connected to redis.
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.522 error: 801C71668E7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:
peertube-1 | {
peertube-1 | "component": "smtp-connection",
peertube-1 | "sid": "y7l8gRvvtGw"
peertube-1 | }
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.523 error: Failed to connect to SMTP email-smtp.us-east-1.amazonaws.com:587. {
peertube-1 | "err": {
peertube-1 | "stack": "Error: 801C71668E7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:\n",
peertube-1 | "message": "801C71668E7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:\n",
peertube-1 | "library": "SSL routines",
peertube-1 | "reason": "wrong version number",
peertube-1 | "code": "ESOCKET",
peertube-1 | "command": "CONN"
peertube-1 | }
peertube-1 | }
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.598 info: HTTP server listening on 0.0.0.0:9000
peertube-1 | [REDACTED.ddns.net:443] 2025-06-25 15:23:46.598 info: Web server: https://REDACTED.ddns.net
w Enable Watch
Hmm is there a solution or anything I could try to do to fix this?
Im stuck!
Sorry, i can’t see any obvious misconfiguration.
Does it work if you remove enable_ipv6: true and - subnet: fdab:e4b3:21a2:ef1b::/64?
Does it work if you change - subnet: 172.18.0.0/16 to - subnet: 172.19.0.0/16?
Thanks for the reply. I did both at the same time. And the same problem ocurred again. SSH disconnected after I was successfully able to access the webserver URL (the website appeared correctly), afterwards, SSH disconnected and wont reconnect back. At when SSH disconnects, the website wont load anymore as well.
The only solution to get SSH back is to restart and quickly docker compose down -v and remove all docker images and containers. Because after a few seconds, SSH disconnects and wont reconnect back.
Edit #1 : One interesting thing: The teamspeak server is working and im able to connect, disconnect and reconnect.
Anything else that I could try?