Chocobozzz
commented
4 years ago I don't remember who wrote this documentation. But if it does not work, I'll remove it.
Closed fluxie38 closed 4 years ago
Chocobozzz
commented
4 years ago I don't remember who wrote this documentation. But if it does not work, I'll remove it.
Chocobozzz
commented
4 years ago
What happened? I tried to sandbox ffmpeg with firejail as described in https://docs.joinpeertube.org/#/maintain-configuration, security Result when connecting to my server : 502 Bad Gateway
Any help will be much appreciated.
What do you expect to happen instead? No change. I should see my Peertube instance home page.
Steps to reproduce: I followed the Peertube documentation referred to above. Here are the results/commands : 1) Create local files & chmod +x : :::::::::::::: /usr/local/bin/jail_ffmpeg ::::::::::::::
!/bin/bash
/usr/bin/firejail --writable-var /usr/bin/ffmpeg "$@" :::::::::::::: /usr/local/bin/jail_ffprobe ::::::::::::::
!/bin/bash
/usr/bin/firejail --writable-var /usr/bin/ffprobe "$@" :::::::::::::: $ ll /usr/local/bin/ total 8 -rwxr-xr-x 1 root root 66 Apr 16 16:26 jail_ffmpeg -rwxr-xr-x 1 root root 67 Apr 16 16:28 jail_ffprobe
2) Add to environment path : $ sudo vim /etc/systemd/system/peertube.service Added the following two lines : Environment=FFMPEG_PATH=/usr/local/bin/jail_ffmpeg Environment=FFPROBE_PATH=/usr/local/bin/jail_ffprobe
3) Reload/restart daemon/peertube $ systemctl daemon-reload $ sudo systemctl restart peertube
4) Note that I did not implement the ln -s to /home/ since I understood from https://github.com/netblue30/firejail/issues/2259#issuecomment-438355805 that it was no longer necessary. In any case when I did I ran into another problem (npm access rights of the _log directory which I couldn't solve even with npm suggested fix - chown ...)
Additional information
PeerTube version : v2.1.1
Browser name/version: Firefox Quantum 61.0.1 32 bit
NodeJS version: v10.20.0
Link to server log if useful (journalctl or /var/www/peertube/storage/logs/): $ sudo journalctl -feu peertube
Apr 17 15:39:12 pud systemd[1]: peertube.service: Service RestartSec=100ms expired, scheduling restart. Apr 17 15:39:12 pud systemd[1]: peertube.service: Scheduled restart job, restart counter is at 3. Apr 17 15:39:12 pud systemd[1]: Stopped PeerTube daemon. Apr 17 15:39:12 pud systemd[1]: Started PeerTube daemon. Apr 17 15:39:12 pud peertube[18782]: > peertube@2.1.1 start /var/www/peertube/versions/peertube-v2.1.1 Apr 17 15:39:12 pud peertube[18782]: > node dist/server Apr 17 15:39:18 pud peertube[18782]: [swigif.biz.st:443] 2020-04-17 15:39:18.703 error: Error in ffmpeg check. { Apr 17 15:39:18 pud peertube[18782]: "err": { Apr 17 15:39:18 pud peertube[18782]: "stack": "Error: ffmpeg exited with code 1\n at ChildProcess. (/var/www/peertube/versions/peertube-v2.1.1/node_modules/fluent-ffmpeg/lib/processor.js:182:22)\n at ChildProcess.emit (events.js:198:13)\n at Process.ChildProcess._handle.onexit (internal/child_process.js:248:12)",
Apr 17 15:39:18 pud peertube[18782]: "message": "ffmpeg exited with code 1"
Apr 17 15:39:18 pud peertube[18782]: }
Apr 17 15:39:18 pud peertube[18782]: }
Apr 17 15:39:18 pud peertube[18782]: npm ERR! code ELIFECYCLE
Apr 17 15:39:18 pud peertube[18782]: npm ERR! errno 255
Apr 17 15:39:18 pud peertube[18782]: npm ERR! peertube@2.1.1 start:
node dist/serverApr 17 15:39:18 pud peertube[18782]: npm ERR! Exit status 255 Apr 17 15:39:18 pud peertube[18782]: npm ERR! Apr 17 15:39:18 pud peertube[18782]: npm ERR! Failed at the peertube@2.1.1 start script. Apr 17 15:39:18 pud peertube[18782]: npm ERR! This is probably not a problem with npm. There is likely additional logging output above. Apr 17 15:39:18 pud peertube[18782]: npm ERR! A complete log of this run can be found in: Apr 17 15:39:18 pud peertube[18782]: npm ERR! /var/www/peertube/.npm/_logs/2020-04-17T13_39_18_735Z-debug.log