[github/Chocobozzz/PeerTube.git] / support / doc / production.md

# Production guide

  * [Installation](#installation)
  * [Upgrade](#upgrade) 

## Installation

**Please don't install PeerTube for production on a small device behind a low bandwidth connection because it could slow down the fediverse.**

### Dependencies

Follow the steps of the [dependencies guide](dependencies.md).

### PeerTube user

Create a `peertube` user with `/var/www/peertube` home:

```
$ sudo useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube
```

Set its password:
```
$ sudo passwd peertube
```

### Database

Create the production database and a peertube user inside PostgreSQL:

```
$ sudo -u postgres createuser -P peertube
$ sudo -u postgres createdb -O peertube peertube_prod
```

### Prepare PeerTube directory

Fetch the latest tagged version of Peertube
```
$ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
```

Open the peertube directory, create a few required directories
```
$ cd /var/www/peertube && sudo -u peertube mkdir config storage versions && cd versions
```

Download the latest version of the Peertube client, unzip it and remove the zip
```
$ sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip"
$ sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip
```

Install Peertube
```
$ cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
$ cd ./peertube-latest && sudo -H -u peertube yarn install --production --pure-lockfile
```

### PeerTube configuration

Copy example configuration:

```
$ cd /var/www/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
```

Then edit the `config/production.yaml` file according to your webserver
configuration.

### Webserver

We only provide official configuration files for Nginx.

Copy the nginx configuration template:

```
$ sudo cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
```

Then modify the webserver configuration file. Please pay attention to the `alias` keys of the static locations.
It should correspond to the paths of your storage directories (set in the configuration file inside the `storage` key).

```
$ sudo vim /etc/nginx/sites-available/peertube
```

Your Mileage May Vary, but what follows is an example of configuration for nginx with a certificate made via `certbot` ([other utilities exist](https://letsencrypt.org/docs/client-options/)):

```
server {
  listen 80;
  listen [::]:80;
  server_name peertube.example.com;

  access_log /var/log/nginx/peertube.example.com.access.log;
  error_log /var/log/nginx/peertube.example.com.error.log;

  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name peertube.example.com;

  # For example with Let's Encrypt (you need a certificate to run https)
  ssl_certificate      /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/peertube.example.com/privkey.pem;
  
  # Security hardening (as of 11/02/2018)
  ssl_protocols TLSv1.3, TLSv1.2;# TLSv1.3 requires nginx >= 1.13.0 else use only TLSv1.2
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  ssl_session_timeout  10m;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off; # Requires nginx >= 1.5.9
  ssl_stapling on; # Requires nginx >= 1.3.7
  ssl_stapling_verify on; # Requires nginx => 1.3.7
  resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  
  access_log /var/log/nginx/peertube.example.com.access.log;
  error_log /var/log/nginx/peertube.example.com.error.log;

  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }

  location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
    add_header Cache-Control "public, max-age=31536000, immutable";

    alias /var/www/peertube/peertube-latest/client/dist/$1;
  }

  location ~ ^/static/(thumbnails|avatars)/(.*)$ {
    add_header Cache-Control "public, max-age=31536000, immutable";

    alias /var/www/peertube/storage/$1/$2;
  }

  location / {
    proxy_pass http://localhost:9000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # For the video upload
    client_max_body_size 2G;
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
    send_timeout                600;
  }

  # Bypass PeerTube webseed route for better performances
  location /static/webseed {
    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
    limit_rate 800k;
    
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }

    if ($request_method = 'GET') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

      # Don't spam access log file with byte range requests
      access_log off;
    }

    alias /var/www/peertube/storage/videos;
  }

  # Websocket tracker
  location /tracker/socket {
    # Peers send a message to the tracker every 15 minutes
    # Don't close the websocket before this time
    proxy_read_timeout 1200s;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://localhost:9000;
  }
}
```

To generate the certificate for your domain as required to make https work, you have two alternatives (note that the second command modifies itself the Nginx configuration to point the concerned server blocks to its certificate):

```
$ sudo certbot --authenticator standalone certonly -d peertube.example.com && nginx -t && systemctl reload nginx
```

```
$ sudo certbot --authenticator standalone --installer nginx --post-hook "nginx -t && systemctl reload nginx"
```

Remember your certificate will expire in 90 days, and thus needs renewal.

Activate the configuration file:

```
$ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
$ sudo systemctl reload nginx
```

### Systemd

Copy the SystemD configuration template:

```
$ sudo cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/
```

Update the service file:

```
$ sudo vim /etc/systemd/system/peertube.service
```

It should look like this:

```
[Unit]
Description=PeerTube daemon
After=network.target

[Service]
Type=simple
Environment=NODE_ENV=production
Environment=NODE_CONFIG_DIR=/var/www/peertube/config
User=peertube
Group=peertube
ExecStart=/usr/bin/npm start
WorkingDirectory=/var/www/peertube/peertube-latest
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=peertube
Restart=always

[Install]
WantedBy=multi-user.target
```


Tell systemd to reload its config:

```
$ sudo systemctl daemon-reload
```

If you want to start PeerTube on boot:

```
$ sudo systemctl enable peertube
```

### Run

```
$ sudo systemctl start peertube
$ sudo journalctl -feu peertube
```

### Administrator

The administrator password is automatically generated and can be found in the
logs. You can set another password with:

```
$ cd /var/www/peertube/peertube-latest && NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run reset-password -- -u root
```

## Upgrade

#### Auto (minor versions only)

```
$ cd /var/www/peertube/peertube-latest/scripts && sudo -u peertube ./upgrade.sh
$ diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml
$ sudo systemctl restart peertube && sudo journalctl -fu peertube
```

#### Manually

Make a SQL backup

```
$ SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" && \
    cd /var/www/peertube && sudo -u peertube mkdir -p backup && \
    sudo pg_dump -U peertube -W -h localhost -F c peertube_prod -f "$SQL_BACKUP_PATH"
```

Fetch the latest tagged version of Peertube:

```
$ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
```

Download the new version and unzip it:

```
$ cd /var/www/peertube/versions && \
    sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \
    sudo -u peertube unzip -o peertube-${VERSION}.zip && \
    sudo -u peertube rm peertube-${VERSION}.zip
```

Install node dependencies:

```
$ cd /var/www/peertube/versions/peertube-${VERSION} && \
    sudo -u peertube yarn install --production --pure-lockfile
```

Copy new configuration defaults values and update your configuration file:

```
$ sudo -u peertube cp /var/www/peertube/versions/peertube-${VERSION}/config/default.yaml /var/www/peertube/config/default.yaml
$ diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml
```

Change the link to point to the latest version:

```
$ cd /var/www/peertube && \
    sudo rm ./peertube-latest && \
    sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
```


Restart PeerTube:
```
$ sudo systemctl restart peertube
```

### Things went wrong? 

Change `peertube-latest` destination to the previous version and restore your SQL backup:

```
$ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19T10:18+01:00.bak" && \
    cd /var/www/peertube && rm ./peertube-latest && \
    sudo -u peertube ln -s "versions/peertube-$OLD_VERSION" peertube-latest && \
    pg_restore -U peertube -W -h localhost -c -d peertube_prod "$SQL_BACKUP_PATH"
    sudo systemctl restart peertube
```
Commit	Line	Data
63bfad7e C	1	# Production guide
63bfad7e C	2
4df6a1b8 C	3	* [Installation](#installation)
	4	* [Upgrade](#upgrade)
	5
63bfad7e C	6	## Installation
63bfad7e C	7
1185c246 C	8	Please don't install PeerTube for production on a small device behind a low bandwidth connection because it could slow down the fediverse.
1185c246 C	9
63bfad7e C	10	### Dependencies
	11
	12	Follow the steps of the [dependencies guide](dependencies.md).
	13
	14	### PeerTube user
	15
59c48d49	16	Create a `peertube` user with `/var/www/peertube` home:
63bfad7e	17
afe81767	18	```
59c48d49	19	$ sudo useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube
e5203ffa TC	20	```
	21
	22	Set its password:
	23	```
d2000ca6	24	$ sudo passwd peertube
63bfad7e C	25	```
	26
	27	### Database
	28
e5203ffa	29	Create the production database and a peertube user inside PostgreSQL:
63bfad7e	30
afe81767	31	```
d2000ca6 C	32	$ sudo -u postgres createuser -P peertube
d2000ca6 C	33	$ sudo -u postgres createdb -O peertube peertube_prod
63bfad7e C	34	```
63bfad7e C	35
d2000ca6	36	### Prepare PeerTube directory
63bfad7e	37
e5203ffa TC	38	Fetch the latest tagged version of Peertube
	39	```
	40	$ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest \| grep tag_name \| cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
	41	```
59c48d49	42
e5203ffa TC	43	Open the peertube directory, create a few required directories
e5203ffa TC	44	```
15dbc134	45	$ cd /var/www/peertube && sudo -u peertube mkdir config storage versions && cd versions
e5203ffa	46	```
59c48d49	47
e5203ffa	48	Download the latest version of the Peertube client, unzip it and remove the zip
afe81767	49	```
15dbc134 TC	50	$ sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip"
15dbc134 TC	51	$ sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip
e5203ffa	52	```
59c48d49	53
e5203ffa TC	54	Install Peertube
e5203ffa TC	55	```
15dbc134	56	$ cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
09c93c20	57	$ cd ./peertube-latest && sudo -H -u peertube yarn install --production --pure-lockfile
63bfad7e C	58	```
	59
	60	### PeerTube configuration
	61
	62	Copy example configuration:
	63
afe81767	64	```
59c48d49	65	$ cd /var/www/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
63bfad7e C	66	```
	67
	68	Then edit the `config/production.yaml` file according to your webserver
d2000ca6	69	configuration.
63bfad7e C	70
	71	### Webserver
	72
e883399f RK	73	We only provide official configuration files for Nginx.
e883399f RK	74
63bfad7e C	75	Copy the nginx configuration template:
63bfad7e C	76
afe81767	77	```
59c48d49	78	$ sudo cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
63bfad7e C	79	```
63bfad7e C	80
5668bf2e C	81	Then modify the webserver configuration file. Please pay attention to the `alias` keys of the static locations.
5668bf2e C	82	It should correspond to the paths of your storage directories (set in the configuration file inside the `storage` key).
63bfad7e	83
afe81767	84	```
63bfad7e C	85	$ sudo vim /etc/nginx/sites-available/peertube
	86	```
	87
e883399f	88	Your Mileage May Vary, but what follows is an example of configuration for nginx with a certificate made via `certbot` ([other utilities exist](https://letsencrypt.org/docs/client-options/)):
63bfad7e C	89
	90	```
	91	server {
	92	listen 80;
	93	listen [::]:80;
	94	server_name peertube.example.com;
	95
	96	access_log /var/log/nginx/peertube.example.com.access.log;
	97	error_log /var/log/nginx/peertube.example.com.error.log;
	98
	99	rewrite ^ https://$server_name$request_uri? permanent;
	100	}
	101
	102	server {
	103	listen 443 ssl http2;
	104	listen [::]:443 ssl http2;
	105	server_name peertube.example.com;
	106
e883399f	107	# For example with Let's Encrypt (you need a certificate to run https)
63bfad7e C	108	ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
63bfad7e C	109	ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem;
e883399f RK	110
	111	# Security hardening (as of 11/02/2018)
	112	ssl_protocols TLSv1.3, TLSv1.2;# TLSv1.3 requires nginx >= 1.13.0 else use only TLSv1.2
	113	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	114	ssl_prefer_server_ciphers on;
	115	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
	116	ssl_session_timeout 10m;
	117	ssl_session_cache shared:SSL:10m;
	118	ssl_session_tickets off; # Requires nginx >= 1.5.9
	119	ssl_stapling on; # Requires nginx >= 1.3.7
	120	ssl_stapling_verify on; # Requires nginx => 1.3.7
	121	resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
	122	resolver_timeout 5s;
	123	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	124	add_header X-Frame-Options DENY;
	125	add_header X-Content-Type-Options nosniff;
	126	add_header X-XSS-Protection "1; mode=block";
	127	add_header X-Robots-Tag none;
	128
63bfad7e C	129	access_log /var/log/nginx/peertube.example.com.access.log;
	130	error_log /var/log/nginx/peertube.example.com.error.log;
	131
	132	location ^~ '/.well-known/acme-challenge' {
	133	default_type "text/plain";
	134	root /var/www/certbot;
	135	}
	136
5668bf2e C	137	location ~ ^/client/(.*\.(js\|css\|woff2\|otf\|ttf\|woff\|eot))$ {
	138	add_header Cache-Control "public, max-age=31536000, immutable";
	139
59c48d49	140	alias /var/www/peertube/peertube-latest/client/dist/$1;
5668bf2e C	141	}
5668bf2e C	142
2e866cc7	143	location ~ ^/static/(thumbnails\|avatars)/(.*)$ {
5668bf2e C	144	add_header Cache-Control "public, max-age=31536000, immutable";
5668bf2e C	145
59c48d49	146	alias /var/www/peertube/storage/$1/$2;
5668bf2e C	147	}
5668bf2e C	148
63bfad7e C	149	location / {
	150	proxy_pass http://localhost:9000;
	151	proxy_set_header X-Real-IP $remote_addr;
	152	proxy_set_header Host $host;
	153	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	154
	155	# For the video upload
e883399f	156	client_max_body_size 2G;
63bfad7e C	157	proxy_connect_timeout 600;
	158	proxy_send_timeout 600;
	159	proxy_read_timeout 600;
	160	send_timeout 600;
	161	}
	162
	163	# Bypass PeerTube webseed route for better performances
	164	location /static/webseed {
e883399f RK	165	# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
	166	limit_rate 800k;
	167
63bfad7e C	168	if ($request_method = 'OPTIONS') {
	169	add_header 'Access-Control-Allow-Origin' '*';
	170	add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
	171	add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
	172	add_header 'Access-Control-Max-Age' 1728000;
	173	add_header 'Content-Type' 'text/plain charset=UTF-8';
	174	add_header 'Content-Length' 0;
	175	return 204;
	176	}
	177
	178	if ($request_method = 'GET') {
	179	add_header 'Access-Control-Allow-Origin' '*';
	180	add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
	181	add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
5668bf2e C	182
	183	# Don't spam access log file with byte range requests
	184	access_log off;
63bfad7e C	185	}
63bfad7e C	186
59c48d49	187	alias /var/www/peertube/storage/videos;
63bfad7e C	188	}
	189
	190	# Websocket tracker
	191	location /tracker/socket {
	192	# Peers send a message to the tracker every 15 minutes
	193	# Don't close the websocket before this time
	194	proxy_read_timeout 1200s;
	195	proxy_set_header Upgrade $http_upgrade;
	196	proxy_set_header Connection "upgrade";
	197	proxy_http_version 1.1;
	198	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	199	proxy_set_header Host $host;
	200	proxy_pass http://localhost:9000;
	201	}
	202	}
	203	```
	204
e883399f RK	205	To generate the certificate for your domain as required to make https work, you have two alternatives (note that the second command modifies itself the Nginx configuration to point the concerned server blocks to its certificate):
	206
	207	```
	208	$ sudo certbot --authenticator standalone certonly -d peertube.example.com && nginx -t && systemctl reload nginx
	209	```
	210
	211	```
	212	$ sudo certbot --authenticator standalone --installer nginx --post-hook "nginx -t && systemctl reload nginx"
	213	```
	214
	215	Remember your certificate will expire in 90 days, and thus needs renewal.
63bfad7e C	216
	217	Activate the configuration file:
	218
afe81767	219	```
63bfad7e C	220	$ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
	221	$ sudo systemctl reload nginx
	222	```
	223
	224	### Systemd
	225
e883399f	226	Copy the SystemD configuration template:
63bfad7e	227
afe81767	228	```
59c48d49	229	$ sudo cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/
63bfad7e C	230	```
	231
	232	Update the service file:
	233
afe81767	234	```
d2000ca6	235	$ sudo vim /etc/systemd/system/peertube.service
63bfad7e C	236	```
	237
	238	It should look like this:
	239
	240	```
	241	[Unit]
	242	Description=PeerTube daemon
	243	After=network.target
	244
	245	[Service]
	246	Type=simple
	247	Environment=NODE_ENV=production
59c48d49	248	Environment=NODE_CONFIG_DIR=/var/www/peertube/config
63bfad7e C	249	User=peertube
	250	Group=peertube
	251	ExecStart=/usr/bin/npm start
59c48d49	252	WorkingDirectory=/var/www/peertube/peertube-latest
63bfad7e C	253	StandardOutput=syslog
	254	StandardError=syslog
	255	SyslogIdentifier=peertube
	256	Restart=always
	257
	258	[Install]
	259	WantedBy=multi-user.target
	260	```
	261
	262
	263	Tell systemd to reload its config:
	264
afe81767	265	```
d2000ca6	266	$ sudo systemctl daemon-reload
63bfad7e C	267	```
63bfad7e C	268
6b2ef589 C	269	If you want to start PeerTube on boot:
	270
	271	```
9625507f	272	$ sudo systemctl enable peertube
6b2ef589 C	273	```
6b2ef589 C	274
63bfad7e C	275	### Run
63bfad7e C	276
afe81767	277	```
d2000ca6 C	278	$ sudo systemctl start peertube
d2000ca6 C	279	$ sudo journalctl -feu peertube
63bfad7e C	280	```
	281
	282	### Administrator
	283
	284	The administrator password is automatically generated and can be found in the
	285	logs. You can set another password with:
	286
afe81767	287	```
59c48d49	288	$ cd /var/www/peertube/peertube-latest && NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run reset-password -- -u root
63bfad7e C	289	```
	290
	291	## Upgrade
	292
a8b5ce95	293	#### Auto (minor versions only)
1007a018 SL	294
1007a018 SL	295	```
a8b5ce95 C	296	$ cd /var/www/peertube/peertube-latest/scripts && sudo -u peertube ./upgrade.sh
	297	$ diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml
	298	$ sudo systemctl restart peertube && sudo journalctl -fu peertube
1007a018 SL	299	```
1007a018 SL	300
a8b5ce95 C	301	#### Manually
a8b5ce95 C	302
ce487e1e	303	Make a SQL backup
c7a9f34f C	304
	305	```
	306	$ SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" && \
59c48d49	307	cd /var/www/peertube && sudo -u peertube mkdir -p backup && \
c7a9f34f C	308	sudo pg_dump -U peertube -W -h localhost -F c peertube_prod -f "$SQL_BACKUP_PATH"
	309	```
	310
ce487e1e	311	Fetch the latest tagged version of Peertube:
23e27dd5 C	312
23e27dd5 C	313	```
ce487e1e	314	$ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest \| grep tag_name \| cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
23e27dd5 C	315	```
23e27dd5 C	316
ce487e1e	317	Download the new version and unzip it:
c7a9f34f	318
afe81767	319	```
ce487e1e	320	$ cd /var/www/peertube/versions && \
fd206f0b	321	sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \
ce487e1e C	322	sudo -u peertube unzip -o peertube-${VERSION}.zip && \
	323	sudo -u peertube rm peertube-${VERSION}.zip
	324	```
	325
4805cff1	326	Install node dependencies:
ce487e1e C	327
ce487e1e C	328	```
4805cff1 C	329	$ cd /var/www/peertube/versions/peertube-${VERSION} && \
4805cff1 C	330	sudo -u peertube yarn install --production --pure-lockfile
ce487e1e C	331	```
ce487e1e C	332
4805cff1	333	Copy new configuration defaults values and update your configuration file:
ce487e1e	334
63bfad7e	335	```
4805cff1	336	$ sudo -u peertube cp /var/www/peertube/versions/peertube-${VERSION}/config/default.yaml /var/www/peertube/config/default.yaml
a8b5ce95	337	$ diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml
ce487e1e C	338	```
ce487e1e C	339
4805cff1	340	Change the link to point to the latest version:
ce487e1e C	341
ce487e1e C	342	```
4805cff1 C	343	$ cd /var/www/peertube && \
	344	sudo rm ./peertube-latest && \
	345	sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
ce487e1e C	346	```
ce487e1e C	347
4805cff1	348
ce487e1e C	349	Restart PeerTube:
	350	```
	351	$ sudo systemctl restart peertube
	352	```
	353
	354	### Things went wrong?
c7a9f34f	355
ce487e1e	356	Change `peertube-latest` destination to the previous version and restore your SQL backup:
c7a9f34f C	357
	358	```
	359	$ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19T10:18+01:00.bak" && \
59c48d49	360	cd /var/www/peertube && rm ./peertube-latest && \
c7a9f34f	361	sudo -u peertube ln -s "versions/peertube-$OLD_VERSION" peertube-latest && \
f529f983	362	pg_restore -U peertube -W -h localhost -c -d peertube_prod "$SQL_BACKUP_PATH"
c7a9f34f C	363	sudo systemctl restart peertube
c7a9f34f C	364	```