Closed lowgos closed 5 years ago
listen:
hostname: 'localhost'
port: 9000
# Correspond to your reverse proxy server_name/listen configuration
webserver:
https: true
hostname: peertube.XX.fr
port: 443
rates_limit:
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
- 'loopback'
# Your database name will be "peertube"+database.suffix
database:
hostname: '/var/run/postgresql'
port: 5432
suffix: '_prod'
username: 'peertube'
password: 'peertube'
pool:
max: 5
# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# comment out hostname and port
redis:
hostname: 'localhost'
port: 6379
auth: null
db: 0
# SMTP server to send emails
smtp:
hostname: null
port: 465 # If you use StartTLS: 587
username: null
password: null
tls: true # If you use StartTLS: false
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: 'admin@example.com'
# From the project root directory
storage:
tmp: '/var/www/peertube/storage/tmp/' # Used to download data (imports etc), store uploaded files before processing...
avatars: '/var/www/peertube/storage/avatars/'
videos: '/var/www/peertube/storage/videos/'
streaming_playlists: '/var/www/peertube/storage/streaming-playlists/'
redundancy: '/var/www/peertube/storage/videos/'
logs: '/var/www/peertube/storage/logs/'
previews: '/var/www/peertube/storage/previews/'
thumbnails: '/var/www/peertube/storage/thumbnails/'
torrents: '/var/www/peertube/storage/torrents/'
captions: '/var/www/peertube/storage/captions/'
cache: '/var/www/peertube/storage/cache/'
log:
level: 'info' # debug/info/warning/error
search:
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
# If enabled, the associated group will be able to "escape" from the instance follows
# That means they will be able to follow channels, watch videos, list videos of non followed instances
remote_uri:
users: true
anonymous: false
trending:
videos:
interval_days: 7 # Compute trending videos for the last x days
# Cache remote videos on your server, to help other instances to broadcast the video
# You can define multiple caches using different sizes/strategies
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
redundancy:
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'most-views' # Cache videos that have the most views
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'trending' # Cache trending videos
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'recently-added' # Cache recently added videos
# min_views: 10 # Having at least x views
csp:
enabled: false
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
report_uri:
tracker:
# If you disable the tracker, you disable the P2P aspect of PeerTube
enabled: false
# Only handle requests on your videos.
# If you set this to false it means you have a public tracker.
# Then, it is possible that clients overload your instance with external torrents
private: true
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
reject_too_many_announces: false
history:
videos:
# If you want to limit users videos history
# -1 means there is no limitations
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
max_age: -1
views:
videos:
# PeerTube creates a database entry every hour for each video to track views over a period of time
# This is used in particular by the Trending page
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
# -1 means no cleanup
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
remote:
max_age: -1
###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube.
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\.
#
###############################################################################
cache:
previews:
size: 500 # Max number of previews you want to cache
captions:
size: 500 # Max number of video captions/subtitles you want to cache
admin:
# Used to generate the root user at first startup
# And to receive emails from the contact form
email: 'admin@example.com'
contact_form:
enabled: false
signup:
enabled: true
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
requires_email_verification: false
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
blacklist: []
user:
# Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
enabled: true
# Allow your users to upload .mkv, .mov, .avi, .flv videos
allow_additional_extensions: true
threads: 1
resolutions: # Only created if the original video has a higher resolution, uses more storage!
240p: true
360p: true
480p: true
720p: true
1080p: true
# /!\ EXPERIMENTAL /!\
# /!\ Requires ffmpeg >= 4
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
# * Resolution change is smoother
# * Faster playback in particular with long videos
# * More stable playback (less bugs/infinite loading)
# /!\ Multiplies videos storage by 2 /!\
hls:
enabled: false
import:
# Add ability for your users to import remote videos (from YouTube, torrent...)
videos:
http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
enabled: true
torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
enabled: false
auto_blacklist:
# New videos automatically blacklisted so moderators can review before publishing
videos:
of_users:
enabled: false
# Instance settings
instance:
name: 'peertube.XX.fr'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: '' # Support markdown
terms: '' # Support markdown
default_client_route: '/videos/trending'
# Whether or not the instance is dedicated to NSFW content
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
is_nsfw: false
# By default, "do_not_list" or "blur" or "display" NSFW videos
# Could be overridden per user with a setting
default_nsfw_policy: 'do_not_list'
customizations:
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
robots: |
User-agent: *
Disallow:
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
services:
# You can provide a reporting endpoint for Content Security Policy violations
csp-logger:
# Cards configuration to format video in Twitter
twitter:
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Test on https://cards-dev.twitter.com/validator to see if you are whitelisted
whitelisted: false
followers:
instance:
# Allow or not other instances to follow yours
enabled: false
# Whether or not an administrator must manually validate a new follower
manual_approval: true
Slightly tweaked from the Production Guide because we've got load balancers before virtual machines handling the SSL Certificates etc
server { listen 80; listen [::]:80; server_name peertube.XX.fr;
access_log /var/log/nginx/peertube.example.com.access.log; error_log /var/log/nginx/peertube.example.com.error.log;
gzip on; gzip_types text/css application/javascript; gzip_vary on;
location ~ ^/client/(.*.(js|css|woff2|otf|ttf|woff|eot))$ { add_header Cache-Control "public, max-age=31536000, immutable";
alias /var/www/peertube/peertube-latest/client/dist/$1;
}
location ~ ^/static/(thumbnails|avatars)/ { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; }
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Cache 2 hours
add_header Cache-Control "public, max-age=7200";
root /var/www/peertube/storage;
rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break;
try_files $uri /;
}
location / { proxy_pass http://localhost:9000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is the maximum upload size, which roughly matches the maximum size of a video file
# you can send via the API or the web interface. By default this is 8GB, but administrators
# can increase or decrease the limit. Currently there's no way to communicate this limit
# to users automatically, so you may want to leave a note in your instance 'about' page if
# you change this.
#
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
#
client_max_body_size 8G;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
location ~ ^/static/(webseed|redundancy)/ {
limit_rate 800k;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Don't spam access log file with byte range requests
access_log off;
}
root /var/www/peertube/storage;
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
try_files $uri /;
}
location /tracker/socket {
# Don't close the websocket before this time
proxy_read_timeout 1200s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:9000;
}
location /socket.io { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_pass http://localhost:9000;
# enable WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
} }
# Load balancers nginx configuration
``` nginx
server {
listen 80;
ssl on;
server_name peertube.XX.fr;
rewrite ^ https://peertube.XX.fr$request_uri? permanent;
}
server {
listen 443 ssl;
ssl on;
server_name peertube.XX.fr;
client_max_body_size 0;
keepalive_timeout 70;
try_files $uri @app;
location / {
if ( $staff = 0 ) {
return 403;
}
add_header Access-Control-Allow-Origin "*";
proxy_set_header Upgrade websocket;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Read-IP $http_x_real_ip;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_redirect off;
proxy_pass http://<my-ip-address>;
}
}
Keep in mind that the SSL certificates instructions are above in the global nginx configuration because it's global to the company and not specific to my subdomain
Thanks in advance for your time 💌
Hi,
I think you have two different issues. Regarding the second one (HEAD https://<my-url>:80/static/webseed/<video-id>.mp4 net::ERR_SSL_PROTOCOL_ERROR
), it seems you imported the file when peertube was started with an invalid configuration port. Try to run update-host to regenerate the torrents with your current configuration (so the script will update the URLs and remove the :80
port).
For the first one, do you still have these errors if you bypass the load balancer?
Okay ! It indeed fixed the :80
issue. The dumbest thing is that I've played with update-host when I first installed Peertube to run some tests.
Thank you for this one !
Still having the socket.io errors though.
PS: sorry for the double issue 🤦♂
@lowgos And for For the first one, do you still have these errors if you bypass the load balancer?
?
If the answer is yes, please send me your instance URL by email (in my github profile)
Sorry for not seeing the last sentence of your answer. I was eager to test your solution and seeing it work sent me elsewhere.
I'm getting back on you as soon as possible via email because I need to get in touch with another team at my job to test your idea. I didn't test (exactly this) before because I needed https to use your production nginx configuration and bypassing the load balancer completely would mean having to setup another SSL Certificates etc etc
Thanks for the help. Talk to you in a few hours/tomorrow depending on the availability of the team.
Hey everyone !
Sorry about the wait. I'm a bit stuck about this. I still have 400 Bad Request on socket.io despite every configuration I tried.
I asked the server team if we could bypass the load balancers but I have a bad news. We paused our use of Peertube. I'm searching for a way to use it in our workflow here. I'm still stuck with Peertube not having OAuth and internal
mode for videos. Until we decide how to solve this problem with Peertube (maybe by contributing to the project, that's what I am aiming for) I cannot test things further.
Feel free to pause the issue/close it for some time. I'm getting back to you as soon as the decision has been settled.
Thanks for your great work. I'm loving everything I achieved using this project even though it's not in the perfect state for our use.
Closing, if you have news please ask for reopening :)
What happened? I'm testing Peertube at my job. Everything seems to work. I disabled the Tracker to limit traffic (and it seems to work too). Accounts work, videos too.
BUT I'm having lots and lots of errors in the JavaScript console :
AND I think the real problem lies in my nginx configuration because on video I uploaded using a file (importing a video from YouTube doesn't trigger the console error) I get this:
What do you expect to happen instead? I think the socket.io isn't working at all. I'm guessing it's used for some feature of Peertube I don't use/I haven't tested and I would like to clean this bug.
But about the
net::ERR_SSL_PROTOCOL_ERROR
, remove the:80
in the URL fixes the issue. It goes to the video ! It means that somewhere the :80 is added to some URLs and I don't know where/why.Steps to reproduce:
Install Peertube with Production Guide (slightly tweaked, cf. Additional information)
Connect your account, root or not (the bug doesn't appear for guests)
Check browser console,
400 Bad Request
everywhere and following the link displaysBad Request
tooAdditional information