X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=config%2Fproduction.yaml.example;h=906fb7e1f1f10bf6aab5febb4b933cdcfe68b938;hb=e364e31e25bd1d4b8d801c845a96d6be708f0a18;hp=3e4035eaa95b20899ca4ae8f504b5d8aef7b0e94;hpb=f75692700e212f8d46afd9f41147f2baf0815fec;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/config/production.yaml.example b/config/production.yaml.example
index 3e4035eaa..906fb7e1f 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -8,6 +8,11 @@ webserver:
   hostname: 'example.com'
   port: 443
 
+# Secrets you need to generate the first time you run PeerTube
+secrets:
+  # Generate one using `openssl rand -hex 32`
+  peertube: ''
+
 rates_limit:
   api:
     # 50 attempts in 10 seconds
@@ -25,6 +30,15 @@ rates_limit:
     # 3 attempts in 5 min
     window: 5 minutes
     max: 3
+  receive_client_log:
+    # 10 attempts in 10 min
+    window: 10 minutes
+    max: 10
+
+oauth2:
+  token_lifetime:
+    access_token: '1 day'
+    refresh_token: '2 weeks'
 
 # Proxies to trust to get real client IP
 # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
@@ -116,6 +130,7 @@ storage:
   captions: '/var/www/peertube/storage/captions/'
   cache: '/var/www/peertube/storage/cache/'
   plugins: '/var/www/peertube/storage/plugins/'
+  well_known: '/var/www/peertube/storage/well-known/'
   # Overridable client files in client/dist/assets/images:
   # - logo.svg
   # - favicon.png
@@ -128,6 +143,10 @@ storage:
   # If not, peertube will fallback to the default file
   client_overrides: '/var/www/peertube/storage/client-overrides/'
 
+static_files:
+  # Require and check user authentication when accessing private files (internal/private video files)
+  private_files_require_auth: true
+
 object_storage:
   enabled: false
 
@@ -136,8 +155,21 @@ object_storage:
 
   region: 'us-east-1'
 
-  # Set this ACL on each uploaded object
-  upload_acl: 'public-read'
+  upload_acl:
+    # Set this ACL on each uploaded object of public/unlisted videos
+    # Use null if your S3 provider does not support object ACL
+    public: 'public-read'
+    # Set this ACL on each uploaded object of private/internal videos
+    # PeerTube can proxify requests to private objects so your users can access them
+    # Use null if your S3 provider does not support object ACL
+    private: 'private'
+
+  proxy:
+    # If private files (private/internal video files) have a private ACL, users can't access directly the ressource
+    # PeerTube can proxify requests between your object storage service and your users
+    # If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files
+    # Or you can also set a public ACL for private files in object storage if you don't want to use a proxy
+    proxify_private_files: true
 
   credentials:
     # You can also use AWS_ACCESS_KEY_ID env variable
@@ -146,7 +178,7 @@ object_storage:
     secret_access_key: ''
 
   # Maximum amount to upload in one request to object storage
-  max_upload_part: 2GB
+  max_upload_part: 100MB
 
   streaming_playlists:
     bucket_name: 'streaming-playlists'
@@ -166,22 +198,31 @@ object_storage:
 
 log:
   level: 'info' # 'debug' | 'info' | 'warn' | 'error'
+
   rotation:
     enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
     max_file_size: 12MB
     max_files: 20
+
   anonymize_ip: false
+
   log_ping_requests: true
   log_tracker_unknown_infohash: true
+
   prettify_sql: false
 
-# Highly experimental support of Open Telemetry
+  # Accept warn/error logs coming from the client
+  accept_client_log: true
+
+# Support of Open Telemetry metrics and tracing
+# For more information: https://docs.joinpeertube.org/maintain-observability
 open_telemetry:
   metrics:
     enabled: false
 
     # Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
     prometheus_exporter:
+      hostname: '127.0.0.1'
       port: 9091
 
   tracing:
@@ -351,9 +392,15 @@ contact_form:
 
 signup:
   enabled: false
+
   limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
+
   minimum_age: 16 # Used to configure the signup form
+
+  # Users fill a form to register so moderators can accept/reject the registration
+  requires_approval: true
   requires_email_verification: false
+
   filters:
     cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
       whitelist: []
@@ -402,6 +449,9 @@ transcoding:
     1440p: false
     2160p: false
 
+  # Transcode and keep original resolution, even if it's above your maximum enabled resolution
+  always_transcode_original_resolution: true
+
   # Generate videos in a WebTorrent format (what we do since the first PeerTube release)
   # If you also enabled the hls format, it will multiply videos storage by 2
   # If disabled, breaks federation with PeerTube instances < 2.1
@@ -495,6 +545,9 @@ live:
       1440p: false
       2160p: false
 
+    # Also transcode original resolution, even if it's above your maximum enabled resolution
+    always_transcode_original_resolution: true
+
 video_studio:
   # Enable video edition by users (cut, add intro/outro, add watermark etc)
   # If enabled, users can create transcoding tasks as they wish
@@ -539,6 +592,20 @@ import:
       # See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
       enabled: false
 
+  # Add ability for your users to synchronize their channels with external channels, playlists, etc.
+  video_channel_synchronization:
+    enabled: false
+
+    max_per_user: 10
+
+    check_interval: 1 hour
+
+    # Number of latest published videos to check and to potentially import when syncing a channel
+    videos_limit_per_synchronization: 10
+
+    # Max number of videos to import when the user asks for full sync
+    full_sync_videos_limit: 1000
+
 auto_blacklist:
   # New videos automatically blacklisted so moderators can review before publishing
   videos:
@@ -620,7 +687,8 @@ instance:
   robots: |
     User-agent: *
     Disallow:
-  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
+  # /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
+  # To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
   securitytxt:
     '# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'