X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=support%2Fdoc%2Fproduction.md;h=cd05962d68266f953800c4799f0642df40375025;hb=1ab94472d59f3c278c16c3b8b8f5be78ee98aa68;hp=ea0a983951f8f8afa9c24a111667128b44d18073;hpb=6c1da7937cedbc1d4013cff0686d785247229c52;p=github%2FChocobozzz%2FPeerTube.git
diff --git a/support/doc/production.md b/support/doc/production.md
index ea0a98395..cd05962d6 100644
--- a/support/doc/production.md
+++ b/support/doc/production.md
@@ -10,7 +10,7 @@ If you want information about the appropriate hardware to run PeerTube, please s
### :hammer: Dependencies
-Follow the steps of the [dependencies guide](dependencies.md).
+Follow the steps of the [dependencies guide](/support//doc/dependencies.md).
### :construction_worker: PeerTube user
@@ -25,6 +25,12 @@ Set its password:
$ sudo passwd peertube
```
+Ensure the peertube root directory is traversable by nginx:
+
+```bash
+$ ls -ld /var/www/peertube # Should be drwxr-xr-x
+```
+
**On FreeBSD**
```bash
@@ -109,8 +115,14 @@ $ cd /var/www/peertube
$ sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
```
-Then edit the `config/production.yaml` file according to your webserver
-and database configuration (`webserver`, `database`, `redis`, `smtp` and `admin.email` sections in particular).
+Then edit the `config/production.yaml` file according to your webserver and database configuration. In particular:
+ * `webserver`: Reverse proxy public information
+ * `secrets`: Secret strings you must generate manually (PeerTube version >= 5.0)
+ * `database`: PostgreSQL settings
+ * `redis`: Redis settings
+ * `smtp`: If you want to use emails
+ * `admin.email`: To correctly fill `root` user email
+
Keys defined in `config/production.yaml` will override keys defined in `config/default.yaml`.
**PeerTube does not support webserver host change**. Even though [PeerTube CLI can help you to switch hostname](https://docs.joinpeertube.org/maintain-tools?id=update-hostjs) there's no official support for that since it is a risky operation that might result in unforeseen errors.
@@ -154,12 +166,6 @@ $ sudo certbot certonly --standalone --post-hook "systemctl restart nginx"
$ sudo systemctl reload nginx
```
-Now you have the certificates you can reload nginx:
-
-```bash
-$ sudo systemctl reload nginx
-```
-
Certbot should have installed a cron to automatically renew your certificate.
Since our nginx template supports webroot renewal, we suggest you to update the renewal config file to use the `webroot` authenticator:
@@ -169,16 +175,19 @@ $ # Add webroot_path = /var/www/certbot
$ sudo vim /etc/letsencrypt/renewal/your-domain.com.conf
```
-**FreeBSD**
+If you plan to have many concurrent viewers on your PeerTube instance, consider increasing `worker_connections` value: https://nginx.org/en/docs/ngx_core_module.html#worker_connections.
+
+
+If using FreeBSD
+
On FreeBSD you can use [Dehydrated](https://dehydrated.io/) `security/dehydrated` for [Let's Encrypt](https://letsencrypt.org/)
```bash
$ sudo pkg install dehydrated
```
+
-### :alembic: TCP/IP Tuning
-
-**On Linux**
+### :alembic: Linux TCP/IP Tuning
```bash
$ sudo cp /var/www/peertube/peertube-latest/support/sysctl.d/30-peertube-tcp.conf /etc/sysctl.d/
@@ -223,7 +232,9 @@ $ sudo systemctl start peertube
$ sudo journalctl -feu peertube
```
-**FreeBSD**
+
+If using FreeBSD
+
On FreeBSD, copy the startup script and update rc.conf:
```bash
@@ -236,8 +247,10 @@ Run:
```bash
$ sudo service peertube start
```
+
-### :bricks: OpenRC
+
+If using OpenRC
If your OS uses OpenRC, copy the service script:
@@ -257,6 +270,7 @@ Run and print last logs:
$ sudo /etc/init.d/peertube start
$ tail -f /var/log/peertube/peertube.log
```
+
### :technologist: Administrator
@@ -281,18 +295,17 @@ Now your instance is up you can:
### PeerTube instance
-**Check the changelog (in particular BREAKING CHANGES!):** https://github.com/Chocobozzz/PeerTube/blob/develop/CHANGELOG.md
-
-#### Auto
+**Check the changelog (in particular the *IMPORTANT NOTES* section):** https://github.com/Chocobozzz/PeerTube/blob/develop/CHANGELOG.md
-The password it asks is PeerTube's database user password.
+Run the upgrade script (the password it asks is PeerTube's database user password):
```bash
$ cd /var/www/peertube/peertube-latest/scripts && sudo -H -u peertube ./upgrade.sh
$ sudo systemctl restart peertube # Or use your OS command to restart PeerTube if you don't use systemd
```
-#### Manually
+
+Prefer manual upgrade?
Make a SQL backup
@@ -338,17 +351,18 @@ $ cd /var/www/peertube && \
sudo unlink ./peertube-latest && \
sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
```
+
-### Configuration
+### Update PeerTube configuration
-You can check for configuration changes, and report them in your `config/production.yaml` file:
+Check for configuration changes, and report them in your `config/production.yaml` file:
```bash
$ cd /var/www/peertube/versions
$ diff -u "$(ls --sort=t | head -2 | tail -1)/config/production.yaml.example" "$(ls --sort=t | head -1)/config/production.yaml.example"
```
-### nginx
+### Update nginx configuration
Check changes in nginx configuration:
@@ -357,7 +371,7 @@ $ cd /var/www/peertube/versions
$ diff -u "$(ls --sort=t | head -2 | tail -1)/support/nginx/peertube" "$(ls --sort=t | head -1)/support/nginx/peertube"
```
-### systemd
+### Update systemd service
Check changes in systemd configuration: