]>
Commit | Line | Data |
---|---|---|
1 | # Production guide | |
2 | ||
3 | ## Installation | |
4 | ||
5 | ### Dependencies | |
6 | ||
7 | Follow the steps of the [dependencies guide](dependencies.md). | |
8 | ||
9 | ### PeerTube user | |
10 | ||
11 | Create a `peertube` user with `/var/www/peertube` home: | |
12 | ||
13 | ``` | |
14 | $ sudo useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube | |
15 | ``` | |
16 | ||
17 | Set its password: | |
18 | ``` | |
19 | $ sudo passwd peertube | |
20 | ``` | |
21 | ||
22 | ### Database | |
23 | ||
24 | Create the production database and a peertube user inside PostgreSQL: | |
25 | ||
26 | ``` | |
27 | $ sudo -u postgres createuser -P peertube | |
28 | $ sudo -u postgres createdb -O peertube peertube_prod | |
29 | ``` | |
30 | ||
31 | ### Prepare PeerTube directory | |
32 | ||
33 | Fetch the latest tagged version of Peertube | |
34 | ``` | |
35 | $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION" | |
36 | ``` | |
37 | ||
38 | Open the peertube directory, create a few required directories | |
39 | ``` | |
40 | $ cd /var/www/peertube && sudo -u peertube mkdir config storage versions && cd versions | |
41 | ``` | |
42 | ||
43 | Download the latest version of the Peertube client, unzip it and remove the zip | |
44 | ``` | |
45 | $ sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" | |
46 | $ sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip | |
47 | ``` | |
48 | ||
49 | Install Peertube | |
50 | ``` | |
51 | $ cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest | |
52 | $ cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile | |
53 | ``` | |
54 | ||
55 | ### PeerTube configuration | |
56 | ||
57 | Copy example configuration: | |
58 | ||
59 | ``` | |
60 | $ cd /var/www/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml | |
61 | ``` | |
62 | ||
63 | Then edit the `config/production.yaml` file according to your webserver | |
64 | configuration. | |
65 | ||
66 | ### Webserver | |
67 | ||
68 | Copy the nginx configuration template: | |
69 | ||
70 | ``` | |
71 | $ sudo cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube | |
72 | ``` | |
73 | ||
74 | Then modify the webserver configuration file. Please pay attention to the `alias` keys of the static locations. | |
75 | It should correspond to the paths of your storage directories (set in the configuration file inside the `storage` key). | |
76 | ||
77 | ``` | |
78 | $ sudo vim /etc/nginx/sites-available/peertube | |
79 | ``` | |
80 | ||
81 | If you want to set https with Let's Encrypt please follow the steps of [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04). | |
82 | ||
83 | An example of the nginx configuration could be: | |
84 | ||
85 | ``` | |
86 | server { | |
87 | listen 80; | |
88 | listen [::]:80; | |
89 | server_name peertube.example.com; | |
90 | ||
91 | access_log /var/log/nginx/peertube.example.com.access.log; | |
92 | error_log /var/log/nginx/peertube.example.com.error.log; | |
93 | ||
94 | rewrite ^ https://$server_name$request_uri? permanent; | |
95 | } | |
96 | ||
97 | server { | |
98 | listen 443 ssl http2; | |
99 | listen [::]:443 ssl http2; | |
100 | server_name peertube.example.com; | |
101 | ||
102 | # For example with Let's Encrypt | |
103 | ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem; | |
104 | ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem; | |
105 | ssl_trusted_certificate /etc/letsencrypt/live/peertube.example.com/chain.pem; | |
106 | ||
107 | access_log /var/log/nginx/peertube.example.com.access.log; | |
108 | error_log /var/log/nginx/peertube.example.com.error.log; | |
109 | ||
110 | location ^~ '/.well-known/acme-challenge' { | |
111 | default_type "text/plain"; | |
112 | root /var/www/certbot; | |
113 | } | |
114 | ||
115 | location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ { | |
116 | add_header Cache-Control "public, max-age=31536000, immutable"; | |
117 | ||
118 | alias /var/www/peertube/peertube-latest/client/dist/$1; | |
119 | } | |
120 | ||
121 | location ~ ^/static/(thumbnails|avatars)/(.*)$ { | |
122 | add_header Cache-Control "public, max-age=31536000, immutable"; | |
123 | ||
124 | alias /var/www/peertube/storage/$1/$2; | |
125 | } | |
126 | ||
127 | location / { | |
128 | proxy_pass http://localhost:9000; | |
129 | proxy_set_header X-Real-IP $remote_addr; | |
130 | proxy_set_header Host $host; | |
131 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
132 | ||
133 | # For the video upload | |
134 | client_max_body_size 8G; | |
135 | proxy_connect_timeout 600; | |
136 | proxy_send_timeout 600; | |
137 | proxy_read_timeout 600; | |
138 | send_timeout 600; | |
139 | } | |
140 | ||
141 | # Bypass PeerTube webseed route for better performances | |
142 | location /static/webseed { | |
143 | if ($request_method = 'OPTIONS') { | |
144 | add_header 'Access-Control-Allow-Origin' '*'; | |
145 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
146 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
147 | add_header 'Access-Control-Max-Age' 1728000; | |
148 | add_header 'Content-Type' 'text/plain charset=UTF-8'; | |
149 | add_header 'Content-Length' 0; | |
150 | return 204; | |
151 | } | |
152 | ||
153 | if ($request_method = 'GET') { | |
154 | add_header 'Access-Control-Allow-Origin' '*'; | |
155 | add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; | |
156 | add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
157 | ||
158 | # Don't spam access log file with byte range requests | |
159 | access_log off; | |
160 | } | |
161 | ||
162 | alias /var/www/peertube/storage/videos; | |
163 | } | |
164 | ||
165 | # Websocket tracker | |
166 | location /tracker/socket { | |
167 | # Peers send a message to the tracker every 15 minutes | |
168 | # Don't close the websocket before this time | |
169 | proxy_read_timeout 1200s; | |
170 | proxy_set_header Upgrade $http_upgrade; | |
171 | proxy_set_header Connection "upgrade"; | |
172 | proxy_http_version 1.1; | |
173 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
174 | proxy_set_header Host $host; | |
175 | proxy_pass http://localhost:9000; | |
176 | } | |
177 | } | |
178 | ``` | |
179 | ||
180 | ||
181 | Activate the configuration file: | |
182 | ||
183 | ``` | |
184 | $ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube | |
185 | $ sudo systemctl reload nginx | |
186 | ``` | |
187 | ||
188 | ### Systemd | |
189 | ||
190 | Copy the nginx configuration template: | |
191 | ||
192 | ``` | |
193 | $ sudo cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/ | |
194 | ``` | |
195 | ||
196 | Update the service file: | |
197 | ||
198 | ``` | |
199 | $ sudo vim /etc/systemd/system/peertube.service | |
200 | ``` | |
201 | ||
202 | It should look like this: | |
203 | ||
204 | ``` | |
205 | [Unit] | |
206 | Description=PeerTube daemon | |
207 | After=network.target | |
208 | ||
209 | [Service] | |
210 | Type=simple | |
211 | Environment=NODE_ENV=production | |
212 | Environment=NODE_CONFIG_DIR=/var/www/peertube/config | |
213 | User=peertube | |
214 | Group=peertube | |
215 | ExecStart=/usr/bin/npm start | |
216 | WorkingDirectory=/var/www/peertube/peertube-latest | |
217 | StandardOutput=syslog | |
218 | StandardError=syslog | |
219 | SyslogIdentifier=peertube | |
220 | Restart=always | |
221 | ||
222 | [Install] | |
223 | WantedBy=multi-user.target | |
224 | ``` | |
225 | ||
226 | ||
227 | Tell systemd to reload its config: | |
228 | ||
229 | ``` | |
230 | $ sudo systemctl daemon-reload | |
231 | ``` | |
232 | ||
233 | If you want to start PeerTube on boot: | |
234 | ||
235 | ``` | |
236 | $ sudo systemctl enable peertube | |
237 | ``` | |
238 | ||
239 | ### Run | |
240 | ||
241 | ``` | |
242 | $ sudo systemctl start peertube | |
243 | $ sudo journalctl -feu peertube | |
244 | ``` | |
245 | ||
246 | ### Administrator | |
247 | ||
248 | The administrator password is automatically generated and can be found in the | |
249 | logs. You can set another password with: | |
250 | ||
251 | ``` | |
252 | $ cd /var/www/peertube/peertube-latest && NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run reset-password -- -u root | |
253 | ``` | |
254 | ||
255 | ## Upgrade | |
256 | ||
257 | Make a SQL backup: | |
258 | ||
259 | ``` | |
260 | $ SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" && \ | |
261 | cd /var/www/peertube && sudo -u peertube mkdir -p backup && \ | |
262 | sudo pg_dump -U peertube -W -h localhost -F c peertube_prod -f "$SQL_BACKUP_PATH" | |
263 | ``` | |
264 | ||
265 | Update your configuration file. **If some keys are missing, your upgraded PeerTube won't start!** | |
266 | ||
267 | ``` | |
268 | $ diff <(curl -s https://raw.githubusercontent.com/Chocobozzz/PeerTube/develop/config/production.yaml.example) /var/www/peertube/config/production.yaml | |
269 | ``` | |
270 | ||
271 | Upgrade PeerTube: | |
272 | ||
273 | ``` | |
274 | $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && \ | |
275 | cd /var/www/peertube/versions && \ | |
276 | sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \ | |
277 | sudo -u peertube unzip -o peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip && \ | |
278 | cd ../ && sudo rm ./peertube-latest && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest && \ | |
279 | cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile && \ | |
280 | sudo systemctl restart peertube | |
281 | ``` | |
282 | ||
283 | Things went wrong? Change `peertube-latest` destination to the previous version and restore your SQL backup: | |
284 | ||
285 | ``` | |
286 | $ OLD_VERSION="v0.42.42" && SQL_BACKUP_PATH="backup/sql-peertube_prod-2018-01-19T10:18+01:00.bak" && \ | |
287 | cd /var/www/peertube && rm ./peertube-latest && \ | |
288 | sudo -u peertube ln -s "versions/peertube-$OLD_VERSION" peertube-latest && \ | |
289 | pg_restore -U peertube -c -d peertube_prod "$SQL_BACKUP_PATH" | |
290 | sudo systemctl restart peertube | |
291 | ``` |