support/doc/production.md

   1 # Production guide
   2
   3 ## Installation
   4
   5 ### Dependencies
   6
   7 Follow the steps of the [dependencies guide](dependencies.md).
   8
   9 ### PeerTube user
  10
  11 Create a `peertube` user with `/home/peertube` home:
  12
  13 ```
  14 $ sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube
  15 $ sudo passwd peertube
  16 ```
  17
  18 ### Database
  19
  20 Create production database and peertube user:
  21
  22 ```
  23 $ sudo -u postgres createuser -P peertube
  24 $ sudo -u postgres createdb -O peertube peertube_prod
  25 ```
  26
  27 ### Prepare PeerTube directory
  28
  29 Check the latest release: https://github.com/Chocobozzz/PeerTube/releases or the release version you want.
  30 We assume in the following commands the version is 0.42.42:
  31
  32 ```
  33 $ VERSION="0.42.42" && \
  34     cd /home/peertube && \
  35     sudo -u peertube mkdir config storage versions && \
  36     cd versions && \
  37     sudo -u peertube wget "https://github.com/Chocobozzz/PeerTube/releases/download/v${VERSION}/peertube-v${VERSION}.zip" && \
  38     sudo -u peertube unzip peertube-v${VERSION}.zip && sudo -u peertube rm peertube-v${VERSION}.zip && \
  39     cd ../ && sudo -u peertube ln -s versions/peertube-v${VERSION} ./peertube-latest && \
  40     cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile
  41 ```
  42
  43 ### PeerTube configuration
  44
  45 Copy example configuration:
  46
  47 ```
  48 $ cd /home/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
  49 ```
  50
  51 Then edit the `config/production.yaml` file according to your webserver
  52 configuration.
  53
  54 ### Webserver
  55
  56 Copy the nginx configuration template:
  57
  58 ```
  59 $ sudo cp /home/peertube/PeerTube/support/nginx/peertube /etc/nginx/sites-available/peertube
  60 ```
  61
  62 Then modify the webserver configuration file. Please pay attention to the `alias` key of `/static/webseed` location.
  63 It should correspond to the path of your videos directory (set in the configuration file as `storage->videos` key).
  64
  65 ```
  66 $ sudo vim /etc/nginx/sites-available/peertube
  67 ```
  68
  69 If you want to set https with Let's Encrypt please follow the steps of [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04).
  70
  71 An example of the nginx configuration could be:
  72
  73 ```
  74 server {
  75   listen 80;
  76   listen [::]:80;
  77   server_name peertube.example.com;
  78
  79   access_log /var/log/nginx/peertube.example.com.access.log;
  80   error_log /var/log/nginx/peertube.example.com.error.log;
  81
  82   rewrite ^ https://$server_name$request_uri? permanent;
  83 }
  84
  85 server {
  86   listen 443 ssl http2;
  87   listen [::]:443 ssl http2;
  88   server_name peertube.example.com;
  89
  90   # For example with Let's Encrypt
  91   ssl_certificate      /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
  92   ssl_certificate_key  /etc/letsencrypt/live/peertube.example.com/privkey.pem;
  93   ssl_trusted_certificate /etc/letsencrypt/live/peertube.example.com/chain.pem;
  94
  95   access_log /var/log/nginx/peertube.example.com.access.log;
  96   error_log /var/log/nginx/peertube.example.com.error.log;
  97
  98   location ^~ '/.well-known/acme-challenge' {
  99     default_type "text/plain";
 100     root /var/www/certbot;
 101   }
 102
 103   location / {
 104     proxy_pass http://localhost:9000;
 105     proxy_set_header X-Real-IP $remote_addr;
 106     proxy_set_header Host $host;
 107     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 108
 109     # For the video upload
 110     client_max_body_size 8G;
 111     proxy_connect_timeout       600;
 112     proxy_send_timeout          600;
 113     proxy_read_timeout          600;
 114     send_timeout                600;
 115   }
 116
 117   # Bypass PeerTube webseed route for better performances
 118   location /static/webseed {
 119     if ($request_method = 'OPTIONS') {
 120       add_header 'Access-Control-Allow-Origin' '*';
 121       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
 122       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
 123       add_header 'Access-Control-Max-Age' 1728000;
 124       add_header 'Content-Type' 'text/plain charset=UTF-8';
 125       add_header 'Content-Length' 0;
 126       return 204;
 127     }
 128
 129     if ($request_method = 'GET') {
 130       add_header 'Access-Control-Allow-Origin' '*';
 131       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
 132       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
 133     }
 134
 135     alias /home/peertube/storage/videos;
 136   }
 137
 138   # Websocket tracker
 139   location /tracker/socket {
 140     # Peers send a message to the tracker every 15 minutes
 141     # Don't close the websocket before this time
 142     proxy_read_timeout 1200s;
 143     proxy_set_header Upgrade $http_upgrade;
 144     proxy_set_header Connection "upgrade";
 145     proxy_http_version 1.1;
 146     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 147     proxy_set_header Host $host;
 148     proxy_pass http://localhost:9000;
 149   }
 150 }
 151 ```
 152
 153
 154 Activate the configuration file:
 155
 156 ```
 157 $ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
 158 $ sudo systemctl reload nginx
 159 ```
 160
 161 ### Systemd
 162
 163 Copy the nginx configuration template:
 164
 165 ```
 166 $ sudo cp /home/peertube/PeerTube/support/systemd/peertube.service /etc/systemd/system/
 167 ```
 168
 169 Update the service file:
 170
 171 ```
 172 $ sudo vim /etc/systemd/system/peertube.service
 173 ```
 174
 175 It should look like this:
 176
 177 ```
 178 [Unit]
 179 Description=PeerTube daemon
 180 After=network.target
 181
 182 [Service]
 183 Type=simple
 184 Environment=NODE_ENV=production
 185 Environment=NODE_CONFIG_DIR=/home/peertube/config
 186 User=peertube
 187 Group=peertube
 188 ExecStart=/usr/bin/npm start
 189 WorkingDirectory=/home/peertube/peertube-latest
 190 StandardOutput=syslog
 191 StandardError=syslog
 192 SyslogIdentifier=peertube
 193 Restart=always
 194
 195 [Install]
 196 WantedBy=multi-user.target
 197 ```
 198
 199
 200 Tell systemd to reload its config:
 201
 202 ```
 203 $ sudo systemctl daemon-reload
 204 ```
 205
 206 If you want to start PeerTube on boot:
 207
 208 ```
 209 $ sudo systemctl enabled peertube
 210 ```
 211
 212 ### Run
 213
 214 ```
 215 $ sudo systemctl start peertube
 216 $ sudo journalctl -feu peertube
 217 ```
 218
 219 ### Administrator
 220
 221 The administrator password is automatically generated and can be found in the
 222 logs. You can set another password with:
 223
 224 ```
 225 $ NODE_ENV=production npm run reset-password -- -u root
 226 ```
 227
 228 ## Upgrade
 229
 230 The following commands will upgrade the source (according to your current
 231 branch), upgrade node modules and rebuild client application:
 232
 233 ```
 234 # systemctl stop peertube
 235 $ npm run upgrade-peertube
 236 # systemctl start peertube
 237 ```