X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=config%2Fproduction.yaml.example;h=744a14e91b93dede5292577bd02138f741afc1ea;hb=aa85f27b22a4e26befb21fa93ef1598a61d46e32;hp=4dc5c281def176b07517542957be9673d8c3fa70;hpb=5037e0e474044d7fc04092158784395a001e5c25;p=github%2FChocobozzz%2FPeerTube.git diff --git a/config/production.yaml.example b/config/production.yaml.example index 4dc5c281d..744a14e91 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example @@ -1,5 +1,5 @@ listen: - hostname: 'localhost' + hostname: '127.0.0.1' port: 9000 # Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL) @@ -8,6 +8,11 @@ webserver: hostname: 'example.com' port: 443 +# Secrets you need to generate the first time you run PeerTube +secrets: + # Generate one using `openssl rand -hex 32` + peertube: '' + rates_limit: api: # 50 attempts in 10 seconds @@ -25,6 +30,15 @@ rates_limit: # 3 attempts in 5 min window: 5 minutes max: 3 + receive_client_log: + # 10 attempts in 10 min + window: 10 minutes + max: 10 + +oauth2: + token_lifetime: + access_token: '1 day' + refresh_token: '2 weeks' # Proxies to trust to get real client IP # If you run PeerTube just behind a local proxy (nginx), keep 'loopback' @@ -45,7 +59,7 @@ database: # Redis server for short time storage # You can also specify a 'socket' path to a unix socket but first need to -# comment out hostname and port +# set 'hostname' and 'port' to null redis: hostname: 'localhost' port: 6379 @@ -73,12 +87,33 @@ email: subject: prefix: '[PeerTube]' -# PeerTube client/interface configuration -client: - videos: - miniature: - # By default PeerTube client displays author username - prefer_author_display_name: false +# Update default PeerTube values +# Set by API when the field is not provided and put as default value in client +defaults: + # Change default values when publishing a video (upload/import/go Live) + publish: + download_enabled: true + + comments_enabled: true + + # public = 1, unlisted = 2, private = 3, internal = 4 + privacy: 1 + + # CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7 + # You can also choose a custom licence value added by a plugin + # No licence by default + licence: null + + p2p: + # Enable P2P by default in PeerTube client + # Can be enabled/disabled by anonymous users and logged in users + webapp: + enabled: true + + # Enable P2P by default in PeerTube embed + # Can be enabled/disabled by URL option + embed: + enabled: true # From the project root directory storage: @@ -95,6 +130,7 @@ storage: captions: '/var/www/peertube/storage/captions/' cache: '/var/www/peertube/storage/cache/' plugins: '/var/www/peertube/storage/plugins/' + well_known: '/var/www/peertube/storage/well-known/' # Overridable client files in client/dist/assets/images: # - logo.svg # - favicon.png @@ -107,6 +143,10 @@ storage: # If not, peertube will fallback to the default file client_overrides: '/var/www/peertube/storage/client-overrides/' +static_files: + # Require and check user authentication when accessing private files (internal/private video files) + private_files_require_auth: true + object_storage: enabled: false @@ -115,6 +155,22 @@ object_storage: region: 'us-east-1' + upload_acl: + # Set this ACL on each uploaded object of public/unlisted videos + # Use null if your S3 provider does not support object ACL + public: 'public-read' + # Set this ACL on each uploaded object of private/internal videos + # PeerTube can proxify requests to private objects so your users can access them + # Use null if your S3 provider does not support object ACL + private: 'private' + + proxy: + # If private files (private/internal video files) have a private ACL, users can't access directly the ressource + # PeerTube can proxify requests between your object storage service and your users + # If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files + # Or you can also set a public ACL for private files in object storage if you don't want to use a proxy + proxify_private_files: true + credentials: # You can also use AWS_ACCESS_KEY_ID env variable access_key_id: '' @@ -122,7 +178,7 @@ object_storage: secret_access_key: '' # Maximum amount to upload in one request to object storage - max_upload_part: 2GB + max_upload_part: 100MB streaming_playlists: bucket_name: 'streaming-playlists' @@ -142,23 +198,54 @@ object_storage: log: level: 'info' # 'debug' | 'info' | 'warn' | 'error' + rotation: enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate max_file_size: 12MB max_files: 20 + anonymize_ip: false + log_ping_requests: true + log_tracker_unknown_infohash: true + prettify_sql: false + # Accept warn/error logs coming from the client + accept_client_log: true + +# Support of Open Telemetry metrics and tracing +# For more information: https://docs.joinpeertube.org/maintain/observability +open_telemetry: + metrics: + enabled: false + + http_request_duration: + # You can disable HTTP request duration metric that can have a high tag cardinality + enabled: true + + # Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics + prometheus_exporter: + hostname: '127.0.0.1' + port: 9091 + + tracing: + enabled: false + + # Send traces to a Jaeger compatible endpoint + jaeger_exporter: + endpoint: '' + trending: videos: - interval_days: 7 # Compute trending videos for the last x days + interval_days: 7 # Compute trending videos for the last x days for 'most-viewed' algorithm + algorithms: enabled: - - 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History) - - 'hot' # adaptation of Reddit's 'Hot' algorithm - - 'most-viewed' # default, used initially by PeerTube as the trending page - - 'most-liked' + - 'hot' # Adaptation of Reddit's 'Hot' algorithm + - 'most-viewed' # Number of views in the last x days + - 'most-liked' # Global views since the upload of the video + default: 'most-viewed' # Cache remote videos on your server, to help other instances to broadcast the video @@ -203,8 +290,13 @@ security: frameguard: enabled: true + # Set x-powered-by HTTP header to "PeerTube" + # Can help remote software to know this is a PeerTube instance + powered_by_header: + enabled: true + tracker: - # If you disable the tracker, you disable the P2P aspect of PeerTube + # If you disable the tracker, you disable the P2P on your PeerTube instance enabled: true # Only handle requests on your videos # If you set this to false it means you have a public tracker @@ -230,6 +322,18 @@ views: remote: max_age: '30 days' + # PeerTube buffers local video views before updating and federating the video + local_buffer_update_interval: '30 minutes' + + ip_view_expiration: '1 hour' + +# Used to get country location of views of local videos +geo_ip: + enabled: true + + country: + database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb' + plugins: # The website PeerTube will ask for available PeerTube plugins and themes # This is an unmoderated plugin index, so only install plugins/themes you trust @@ -244,9 +348,7 @@ federation: # Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments) # It removes objects that do not exist anymore, and potentially fix their URLs - # This setting is opt-in because due to an old bug in PeerTube, remote rates sent by instance before PeerTube 3.0 will be deleted - # We still suggest you to enable this setting even if your users will loose most of their video's likes/dislikes - cleanup_remote_interactions: false + cleanup_remote_interactions: true peertube: check_latest_version: @@ -261,15 +363,25 @@ webadmin: # Set this to false if you don't want to allow config edition in the web interface by instance admins allowed: true +# XML, Atom or JSON feeds +feeds: + videos: + # Default number of videos displayed in feeds + count: 20 + + comments: + # Default number of comments displayed in feeds + count: 20 + ############################################################################### # -# From this point, all the following keys can be overridden by the web interface +# From this point, almost all following keys can be overridden by the web interface # (local-production.json file). If you need to change some values, prefer to # use the web interface because the configuration will be automatically # reloaded without any need to restart PeerTube # -# /!\ If you already have a local-production.json file, the modification of the -# following keys will have no effect /!\ +# /!\ If you already have a local-production.json file, modification of some of +# the following keys will have no effect /!\ # ############################################################################### @@ -291,15 +403,25 @@ contact_form: signup: enabled: false + limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited + minimum_age: 16 # Used to configure the signup form + + # Users fill a form to register so moderators can accept/reject the registration + requires_approval: true requires_email_verification: false + filters: cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist whitelist: [] blacklist: [] -user: +user: + history: + videos: + # Enable or disable video history by default for new users. + enabled: true # Default value of maximum video bytes the user can upload (does not take into account transcoded files) # Byte format is supported ("1GB" etc) # -1 == unlimited @@ -342,6 +464,9 @@ transcoding: 1440p: false 2160p: false + # Transcode and keep original resolution, even if it's above your maximum enabled resolution + always_transcode_original_resolution: true + # Generate videos in a WebTorrent format (what we do since the first PeerTube release) # If you also enabled the hls format, it will multiply videos storage by 2 # If disabled, breaks federation with PeerTube instances < 2.1 @@ -378,19 +503,43 @@ live: # /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay allow_replay: true + # Allow your users to change latency settings (small latency/default/high latency) + # Small latency live streams cannot use P2P + # High latency live streams can increase P2P ratio + latency_setting: + enabled: true + # Your firewall should accept traffic from this port in TCP if you enable live rtmp: enabled: true + + # Listening hostname/port for RTMP server + # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4 + # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise + hostname: null port: 1935 + # Public hostname of your RTMP server + # Use null to use the same value than `webserver.hostname` + public_hostname: null + rtmps: enabled: false + + # Listening hostname/port for RTMPS server + # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4 + # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise + hostname: null port: 1936 - # Absolute path + + # Absolute paths key_file: '' - # Absolute path cert_file: '' + # Public hostname of your RTMPS server + # Use null to use the same value than `webserver.hostname` + public_hostname: null + # Allow to transcode the live streaming in multiple live resolutions transcoding: enabled: true @@ -411,13 +560,27 @@ live: 1440p: false 2160p: false + # Also transcode original resolution, even if it's above your maximum enabled resolution + always_transcode_original_resolution: true + +video_studio: + # Enable video edition by users (cut, add intro/outro, add watermark etc) + # If enabled, users can create transcoding tasks as they wish + enabled: false + import: # Add ability for your users to import remote videos (from YouTube, torrent...) videos: # Amount of import jobs to execute in parallel concurrency: 1 - http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + # Set a custom video import timeout to not block import queue + timeout: '2 hours' + + # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + http: + # We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server + # See https://docs.joinpeertube.org/maintain/configuration#security for more information enabled: false youtube_dl_release: @@ -426,18 +589,38 @@ import: # Examples: # * https://api.github.com/repos/ytdl-org/youtube-dl/releases # * https://api.github.com/repos/yt-dlp/yt-dlp/releases - url: 'https://yt-dl.org/downloads/latest/youtube-dl' + # * https://yt-dl.org/downloads/latest/youtube-dl + url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases' - # youtube-dl binary name - # yt-dlp is also supported - name: 'youtube-dl' + # Release binary name: 'yt-dlp' or 'youtube-dl' + name: 'yt-dlp' + + # Path to the python binary to execute for youtube-dl or yt-dlp + python_path: '/usr/bin/python3' # IPv6 is very strongly rate-limited on most sites supported by youtube-dl force_ipv4: false - torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + torrent: + # We recommend to only enable magnet URI/torrent import if you trust your users + # See https://docs.joinpeertube.org/maintain/configuration#security for more information enabled: false + # Add ability for your users to synchronize their channels with external channels, playlists, etc. + video_channel_synchronization: + enabled: false + + max_per_user: 10 + + check_interval: 1 hour + + # Number of latest published videos to check and to potentially import when syncing a channel + videos_limit_per_synchronization: 10 + + # Max number of videos to import when the user asks for full sync + full_sync_videos_limit: 1000 + auto_blacklist: # New videos automatically blacklisted so moderators can review before publishing videos: @@ -519,7 +702,8 @@ instance: robots: | User-agent: * Disallow: - # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string + # /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes + # To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string securitytxt: '# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:' @@ -588,3 +772,21 @@ search: disable_local_search: false # If you did not disable local search, you can decide to use the search index by default is_default_search: false + +# PeerTube client/interface configuration +client: + videos: + miniature: + # By default PeerTube client displays author username + prefer_author_display_name: false + display_author_avatar: false + resumable_upload: + # Max size of upload chunks, e.g. '90MB' + # If null, it will be calculated based on network speed + max_chunk_size: null + + menu: + login: + # If you enable only one external auth plugin + # You can automatically redirect your users on this external platform when they click on the login button + redirect_on_single_external_auth: false