|
|
# Production guide
## Installation
### Dependencies
Follow the steps of the [dependencies guide](dependencies.md).
### PeerTube user
Create a `peertube` user with `/home/peertube` home:
```
$ sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube
$ sudo passwd peertube
```
### Database
Create production database and peertube user:
```
$ sudo -u postgres createuser -P peertube
$ sudo -u postgres createdb -O peertube peertube_prod
```
### Prepare PeerTube directory
Check the latest release: https://github.com/Chocobozzz/PeerTube/releases or the release version you want.
We assume in the following commands the version is 0.42.42:
```
$ VERSION="0.42.42" && \
cd /home/peertube && \
sudo -u peertube mkdir config storage versions && \
cd versions && \
sudo -u peertube wget "https://github.com/Chocobozzz/PeerTube/releases/download/v${VERSION}/peertube-v${VERSION}.zip" && \
sudo -u peertube unzip peertube-v${VERSION}.zip && sudo -u peertube rm peertube-v${VERSION}.zip && \
cd ../ && sudo -u peertube ln -s versions/peertube-v${VERSION} ./peertube-latest && \
cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile
```
### PeerTube configuration
Copy example configuration:
```
$ cd /home/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
```
Then edit the `config/production.yaml` file according to your webserver
configuration.
### Webserver
Copy the nginx configuration template:
```
$ sudo cp /home/peertube/PeerTube/support/nginx/peertube /etc/nginx/sites-available/peertube
```
Then modify the webserver configuration file. Please pay attention to the `alias` key of `/static/webseed` location.
It should correspond to the path of your videos directory (set in the configuration file as `storage->videos` key).
```
$ sudo vim /etc/nginx/sites-available/peertube
```
If you want to set https with Let's Encrypt please follow the steps of [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04).
An example of the nginx configuration could be:
```
server {
listen 80;
listen [::]:80;
server_name peertube.example.com;
access_log /var/log/nginx/peertube.example.com.access.log;
error_log /var/log/nginx/peertube.example.com.error.log;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name peertube.example.com;
# For example with Let's Encrypt
ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/peertube.example.com/chain.pem;
access_log /var/log/nginx/peertube.example.com.access.log;
error_log /var/log/nginx/peertube.example.com.error.log;
location ^~ '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/certbot;
}
location / {
proxy_pass http://localhost:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# For the video upload
client_max_body_size 8G;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
# Bypass PeerTube webseed route for better performances
location /static/webseed {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
alias /home/peertube/storage/videos;
}
# Websocket tracker
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before this time
proxy_read_timeout 1200s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:9000;
}
}
```
Activate the configuration file:
```
$ sudo ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
$ sudo systemctl reload nginx
```
### Systemd
Copy the nginx configuration template:
```
$ sudo cp /home/peertube/PeerTube/support/systemd/peertube.service /etc/systemd/system/
```
Update the service file:
```
$ sudo vim /etc/systemd/system/peertube.service
```
It should look like this:
```
[Unit]
Description=PeerTube daemon
After=network.target
[Service]
Type=simple
Environment=NODE_ENV=production
Environment=NODE_CONFIG_DIR=/home/peertube/config
User=peertube
Group=peertube
ExecStart=/usr/bin/npm start
WorkingDirectory=/home/peertube/peertube-latest
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=peertube
Restart=always
[Install]
WantedBy=multi-user.target
```
Tell systemd to reload its config:
```
$ sudo systemctl daemon-reload
```
If you want to start PeerTube on boot:
```
$ sudo systemctl enabled peertube
```
### Run
```
$ sudo systemctl start peertube
$ sudo journalctl -feu peertube
```
### Administrator
The administrator password is automatically generated and can be found in the
logs. You can set another password with:
```
$ NODE_ENV=production npm run reset-password -- -u root
```
## Upgrade
The following commands will upgrade the source (according to your current
branch), upgrade node modules and rebuild client application:
```
# systemctl stop peertube
$ npm run upgrade-peertube
# systemctl start peertube
```
|