support/doc/production.md

   1 # Production guide
   2
   3 ## Installation
   4
   5 ### Dependencies
   6
   7 Follow the steps of the [dependencies guide](dependencies.md).
   8
   9 ### PeerTube user
  10
  11 Create a `peertube` user with `/home/peertube` home:
  12
  13 ```
  14 $ sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube
  15 $ sudo passwd peertube
  16 ```
  17
  18 ### Database
  19
  20 Create production database and peertube user:
  21
  22 ```
  23 $ sudo -u postgres createuser -P peertube
  24 $ sudo -u postgres createdb -O peertube peertube_prod
  25 ```
  26
  27 ### Prepare PeerTube directory
  28
  29 ```
  30 $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && \
  31     cd /home/peertube && \
  32     sudo -u peertube mkdir config storage versions && \
  33     cd versions && \
  34     sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \
  35     sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip && \
  36     cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest && \
  37     cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile
  38 ```
  39
  40 ### PeerTube configuration
  41
  42 Copy example configuration:
  43
  44 ```
  45 $ cd /home/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
  46 ```
  47
  48 Then edit the `config/production.yaml` file according to your webserver
  49 configuration.
  50
  51 ### Webserver
  52
  53 Copy the nginx configuration template:
  54
  55 ```
  56 $ sudo cp /home/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
  57 ```
  58
  59 Then modify the webserver configuration file. Please pay attention to the `alias` key of `/static/webseed` location.
  60 It should correspond to the path of your videos directory (set in the configuration file as `storage->videos` key).
  61
  62 ```
  63 $ sudo vim /etc/nginx/sites-available/peertube
  64 ```
  65
  66 If you want to set https with Let's Encrypt please follow the steps of [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04).
  67
  68 An example of the nginx configuration could be:
  69
  70 ```
  71 server {
  72   listen 80;
  73   listen [::]:80;
  74   server_name peertube.example.com;
  75
  76   access_log /var/log/nginx/peertube.example.com.access.log;
  77   error_log /var/log/nginx/peertube.example.com.error.log;
  78
  79   rewrite ^ https://$server_name$request_uri? permanent;
  80 }
  81
  82 server {
  83   listen 443 ssl http2;
  84   listen [::]:443 ssl http2;
  85   server_name peertube.example.com;
  86
  87   # For example with Let's Encrypt
  88   ssl_certificate      /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
  89   ssl_certificate_key  /etc/letsencrypt/live/peertube.example.com/privkey.pem;
  90   ssl_trusted_certificate /etc/letsencrypt/live/peertube.example.com/chain.pem;
  91
  92   access_log /var/log/nginx/peertube.example.com.access.log;
  93   error_log /var/log/nginx/peertube.example.com.error.log;
  94
  95   location ^~ '/.well-known/acme-challenge' {
  96     default_type "text/plain";
  97     root /var/www/certbot;
  98   }
  99
 100   location / {
 101     proxy_pass http://localhost:9000;
 102     proxy_set_header X-Real-IP $remote_addr;
 103     proxy_set_header Host $host;
 104     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 105
 106     # For the video upload
 107     client_max_body_size 8G;
 108     proxy_connect_timeout       600;
 109     proxy_send_timeout          600;
 110     proxy_read_timeout          600;
 111     send_timeout                600;
 112   }
 113
 114   # Bypass PeerTube webseed route for better performances
 115   location /static/webseed {
 116     if ($request_method = 'OPTIONS') {
 117       add_header 'Access-Control-Allow-Origin' '*';
 118       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
 119       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
 120       add_header 'Access-Control-Max-Age' 1728000;
 121       add_header 'Content-Type' 'text/plain charset=UTF-8';
 122       add_header 'Content-Length' 0;
 123       return 204;
 124     }
 125
 126     if ($request_method = 'GET') {
 127       add_header 'Access-Control-Allow-Origin' '*';
 128       add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
 129       add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
 130     }
 131
 132     alias /home/peertube/storage/videos;
 133   }
 134
 135   # Websocket tracker
 136   location /tracker/socket {
 137     # Peers send a message to the tracker every 15 minutes
 138     # Don't close the websocket before this time
 139     proxy_read_timeout 1200s;
 140     proxy_set_header Upgrade $http_upgrade;
 141     proxy_set_header Connection "upgrade";
 142     proxy_http_version 1.1;
 143     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 144     proxy_set_header Host $host;
 145     proxy_pass http://localhost:9000;
 146   }
 147 }
 148 ```
 149
 150
 151 Activate the configuration file:
 152
 153 ```
 154 $ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
 155 $ sudo systemctl reload nginx
 156 ```
 157
 158 ### Systemd
 159
 160 Copy the nginx configuration template:
 161
 162 ```
 163 $ sudo cp /home/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/
 164 ```
 165
 166 Update the service file:
 167
 168 ```
 169 $ sudo vim /etc/systemd/system/peertube.service
 170 ```
 171
 172 It should look like this:
 173
 174 ```
 175 [Unit]
 176 Description=PeerTube daemon
 177 After=network.target
 178
 179 [Service]
 180 Type=simple
 181 Environment=NODE_ENV=production
 182 Environment=NODE_CONFIG_DIR=/home/peertube/config
 183 User=peertube
 184 Group=peertube
 185 ExecStart=/usr/bin/npm start
 186 WorkingDirectory=/home/peertube/peertube-latest
 187 StandardOutput=syslog
 188 StandardError=syslog
 189 SyslogIdentifier=peertube
 190 Restart=always
 191
 192 [Install]
 193 WantedBy=multi-user.target
 194 ```
 195
 196
 197 Tell systemd to reload its config:
 198
 199 ```
 200 $ sudo systemctl daemon-reload
 201 ```
 202
 203 If you want to start PeerTube on boot:
 204
 205 ```
 206 $ sudo systemctl enable peertube
 207 ```
 208
 209 ### Run
 210
 211 ```
 212 $ sudo systemctl start peertube
 213 $ sudo journalctl -feu peertube
 214 ```
 215
 216 ### Administrator
 217
 218 The administrator password is automatically generated and can be found in the
 219 logs. You can set another password with:
 220
 221 ```
 222 $ NODE_ENV=production npm run reset-password -- -u root
 223 ```
 224
 225 ## Upgrade
 226
 227 ```
 228 $ VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && \
 229     cd /home/peertube/versions && \
 230     sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip" && \
 231     sudo -u peertube unzip -o peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip && \
 232     cd ../ && sudo rm ./peertube-latest && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest && \
 233     cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile && \
 234     sudo systemctl restart peertube
 235 ```