]>
Commit | Line | Data |
---|---|---|
63bfad7e C |
1 | # Production guide |
2 | ||
3 | ## Installation | |
4 | ||
5 | ### Dependencies | |
6 | ||
7 | Follow the steps of the [dependencies guide](dependencies.md). | |
8 | ||
9 | ### PeerTube user | |
10 | ||
11 | Create a `peertube` user with `/home/peertube` home: | |
12 | ||
afe81767 | 13 | ``` |
d2000ca6 C |
14 | $ sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube |
15 | $ sudo passwd peertube | |
63bfad7e C |
16 | ``` |
17 | ||
18 | ### Database | |
19 | ||
20 | Create production database and peertube user: | |
21 | ||
afe81767 | 22 | ``` |
d2000ca6 C |
23 | $ sudo -u postgres createuser -P peertube |
24 | $ sudo -u postgres createdb -O peertube peertube_prod | |
63bfad7e C |
25 | ``` |
26 | ||
d2000ca6 | 27 | ### Prepare PeerTube directory |
63bfad7e | 28 | |
afe81767 | 29 | ``` |
2d13b299 | 30 | $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && \ |
d2000ca6 C |
31 | cd /home/peertube && \ |
32 | sudo -u peertube mkdir config storage versions && \ | |
33 | cd versions && \ | |
fd206f0b | 34 | sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \ |
2d13b299 C |
35 | sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip && \ |
36 | cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest && \ | |
d2000ca6 | 37 | cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile |
63bfad7e C |
38 | ``` |
39 | ||
40 | ### PeerTube configuration | |
41 | ||
42 | Copy example configuration: | |
43 | ||
afe81767 | 44 | ``` |
d2000ca6 | 45 | $ cd /home/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml |
63bfad7e C |
46 | ``` |
47 | ||
48 | Then edit the `config/production.yaml` file according to your webserver | |
d2000ca6 | 49 | configuration. |
63bfad7e C |
50 | |
51 | ### Webserver | |
52 | ||
53 | Copy the nginx configuration template: | |
54 | ||
afe81767 | 55 | ``` |
a5c57bf3 | 56 | $ sudo cp /home/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube |
63bfad7e C |
57 | ``` |
58 | ||
5668bf2e C |
59 | Then modify the webserver configuration file. Please pay attention to the `alias` keys of the static locations. |
60 | It should correspond to the paths of your storage directories (set in the configuration file inside the `storage` key). | |
63bfad7e | 61 | |
afe81767 | 62 | ``` |
63bfad7e C |
63 | $ sudo vim /etc/nginx/sites-available/peertube |
64 | ``` | |
65 | ||
66 | If you want to set https with Let's Encrypt please follow the steps of [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04). | |
67 | ||
68 | An example of the nginx configuration could be: | |
69 | ||
70 | ``` | |
71 | server { | |
72 | listen 80; | |
73 | listen [::]:80; | |
74 | server_name peertube.example.com; | |
75 | ||
76 | access_log /var/log/nginx/peertube.example.com.access.log; | |
77 | error_log /var/log/nginx/peertube.example.com.error.log; | |
78 | ||
79 | rewrite ^ https://$server_name$request_uri? permanent; | |
80 | } | |
81 | ||
82 | server { | |
83 | listen 443 ssl http2; | |
84 | listen [::]:443 ssl http2; | |
85 | server_name peertube.example.com; | |
86 | ||
87 | # For example with Let's Encrypt | |
88 | ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem; | |
89 | ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem; | |
90 | ssl_trusted_certificate /etc/letsencrypt/live/peertube.example.com/chain.pem; | |
91 | ||
92 | access_log /var/log/nginx/peertube.example.com.access.log; | |
93 | error_log /var/log/nginx/peertube.example.com.error.log; | |
94 | ||
95 | location ^~ '/.well-known/acme-challenge' { | |
96 | default_type "text/plain"; | |
97 | root /var/www/certbot; | |
98 | } | |
99 | ||
5668bf2e C |
100 | location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ { |
101 | add_header Cache-Control "public, max-age=31536000, immutable"; | |
102 | ||
103 | alias /home/peertube/peertube-latest/client/dist/$1; | |
104 | } | |
105 | ||
2e866cc7 | 106 | location ~ ^/static/(thumbnails|avatars)/(.*)$ { |
5668bf2e C |
107 | add_header Cache-Control "public, max-age=31536000, immutable"; |
108 | ||
109 | alias /home/peertube/storage/$1/$2; | |
110 | } | |
111 | ||
63bfad7e C |
112 | location / { |
113 | proxy_pass http://localhost:9000; | |
114 | proxy_set_header X-Real-IP $remote_addr; | |
115 | proxy_set_header Host $host; | |
116 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
117 | ||
118 | # For the video upload | |
119 | client_max_body_size 8G; | |
120 | proxy_connect_timeout 600; | |
121 | proxy_send_timeout 600; | |
122 | proxy_read_timeout 600; | |
123 | send_timeout 600; | |
124 | } | |
125 | ||
126 | # Bypass PeerTube webseed route for better performances | |
127 | location /static/webseed { | |
128 | if ($request_method = 'OPTIONS') { | |
129 | add_header 'Access-Control-Allow-Origin' '*'; | |
130 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
131 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
132 | add_header 'Access-Control-Max-Age' 1728000; | |
133 | add_header 'Content-Type' 'text/plain charset=UTF-8'; | |
134 | add_header 'Content-Length' 0; | |
135 | return 204; | |
136 | } | |
137 | ||
138 | if ($request_method = 'GET') { | |
139 | add_header 'Access-Control-Allow-Origin' '*'; | |
140 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
141 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
5668bf2e C |
142 | |
143 | # Don't spam access log file with byte range requests | |
144 | access_log off; | |
63bfad7e C |
145 | } |
146 | ||
d2000ca6 | 147 | alias /home/peertube/storage/videos; |
63bfad7e C |
148 | } |
149 | ||
150 | # Websocket tracker | |
151 | location /tracker/socket { | |
152 | # Peers send a message to the tracker every 15 minutes | |
153 | # Don't close the websocket before this time | |
154 | proxy_read_timeout 1200s; | |
155 | proxy_set_header Upgrade $http_upgrade; | |
156 | proxy_set_header Connection "upgrade"; | |
157 | proxy_http_version 1.1; | |
158 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
159 | proxy_set_header Host $host; | |
160 | proxy_pass http://localhost:9000; | |
161 | } | |
162 | } | |
163 | ``` | |
164 | ||
165 | ||
166 | Activate the configuration file: | |
167 | ||
afe81767 | 168 | ``` |
63bfad7e C |
169 | $ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube |
170 | $ sudo systemctl reload nginx | |
171 | ``` | |
172 | ||
173 | ### Systemd | |
174 | ||
175 | Copy the nginx configuration template: | |
176 | ||
afe81767 | 177 | ``` |
9625507f | 178 | $ sudo cp /home/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/ |
63bfad7e C |
179 | ``` |
180 | ||
181 | Update the service file: | |
182 | ||
afe81767 | 183 | ``` |
d2000ca6 | 184 | $ sudo vim /etc/systemd/system/peertube.service |
63bfad7e C |
185 | ``` |
186 | ||
187 | It should look like this: | |
188 | ||
189 | ``` | |
190 | [Unit] | |
191 | Description=PeerTube daemon | |
192 | After=network.target | |
193 | ||
194 | [Service] | |
195 | Type=simple | |
196 | Environment=NODE_ENV=production | |
d2000ca6 | 197 | Environment=NODE_CONFIG_DIR=/home/peertube/config |
63bfad7e C |
198 | User=peertube |
199 | Group=peertube | |
200 | ExecStart=/usr/bin/npm start | |
d2000ca6 | 201 | WorkingDirectory=/home/peertube/peertube-latest |
63bfad7e C |
202 | StandardOutput=syslog |
203 | StandardError=syslog | |
204 | SyslogIdentifier=peertube | |
205 | Restart=always | |
206 | ||
207 | [Install] | |
208 | WantedBy=multi-user.target | |
209 | ``` | |
210 | ||
211 | ||
212 | Tell systemd to reload its config: | |
213 | ||
afe81767 | 214 | ``` |
d2000ca6 | 215 | $ sudo systemctl daemon-reload |
63bfad7e C |
216 | ``` |
217 | ||
6b2ef589 C |
218 | If you want to start PeerTube on boot: |
219 | ||
220 | ``` | |
9625507f | 221 | $ sudo systemctl enable peertube |
6b2ef589 C |
222 | ``` |
223 | ||
63bfad7e C |
224 | ### Run |
225 | ||
afe81767 | 226 | ``` |
d2000ca6 C |
227 | $ sudo systemctl start peertube |
228 | $ sudo journalctl -feu peertube | |
63bfad7e C |
229 | ``` |
230 | ||
231 | ### Administrator | |
232 | ||
233 | The administrator password is automatically generated and can be found in the | |
234 | logs. You can set another password with: | |
235 | ||
afe81767 | 236 | ``` |
451ce964 | 237 | $ cd /home/peertube/peertube-latest && NODE_CONFIG_DIR=/home/peertube/config NODE_ENV=production npm run reset-password -- -u root |
63bfad7e C |
238 | ``` |
239 | ||
240 | ## Upgrade | |
241 | ||
c7a9f34f C |
242 | Make a SQL backup: |
243 | ||
244 | ``` | |
245 | $ SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" && \ | |
246 | cd /home/peertube && sudo -u peertube mkdir -p backup && \ | |
247 | sudo pg_dump -U peertube -W -h localhost -F c peertube_prod -f "$SQL_BACKUP_PATH" | |
248 | ``` | |
249 | ||
23e27dd5 C |
250 | Update your configuration file. **If some keys are missing, your upgraded PeerTube won't start!** |
251 | ||
252 | ``` | |
253 | $ diff <(curl -s https://raw.githubusercontent.com/Chocobozzz/PeerTube/develop/config/production.yaml.example) /home/peertube/config/production.yaml | |
254 | ``` | |
255 | ||
c7a9f34f C |
256 | Upgrade PeerTube: |
257 | ||
afe81767 | 258 | ``` |
2d13b299 C |
259 | $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && \ |
260 | cd /home/peertube/versions && \ | |
fd206f0b | 261 | sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \ |
e28d531f | 262 | sudo -u peertube unzip -o peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip && \ |
48cf691d | 263 | cd ../ && sudo rm ./peertube-latest && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest && \ |
2d13b299 C |
264 | cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile && \ |
265 | sudo systemctl restart peertube | |
63bfad7e | 266 | ``` |
c7a9f34f C |
267 | |
268 | Things went wrong? Change `peertube-latest` destination to the previous version and restore your SQL backup: | |
269 | ||
270 | ``` | |
271 | $ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19T10:18+01:00.bak" && \ | |
272 | cd /home/peertube && rm ./peertube-latest && \ | |
273 | sudo -u peertube ln -s "versions/peertube-$OLD_VERSION" peertube-latest && \ | |
274 | pg_restore -U peertube -c -d peertube_prod "$SQL_BACKUP_PATH" | |
275 | sudo systemctl restart peertube | |
276 | ``` |