aboutsummaryrefslogtreecommitdiffhomepage
path: root/support
diff options
context:
space:
mode:
Diffstat (limited to 'support')
-rw-r--r--support/doc/api/openapi.yaml139
-rw-r--r--support/doc/tools.md99
-rw-r--r--support/docker/production/.env1
-rw-r--r--support/docker/production/config/custom-environment-variables.yaml9
-rw-r--r--support/docker/production/config/production.yaml2
-rwxr-xr-xsupport/docker/production/docker-entrypoint.sh4
-rwxr-xr-xsupport/freebsd/peertube5
-rw-r--r--support/nginx/peertube33
-rw-r--r--support/systemd/peertube.service19
9 files changed, 242 insertions, 69 deletions
diff --git a/support/doc/api/openapi.yaml b/support/doc/api/openapi.yaml
index 9848c93ee..f2bb945f9 100644
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@@ -1,7 +1,7 @@
1openapi: 3.0.0 1openapi: 3.0.0
2info: 2info:
3 title: PeerTube 3 title: PeerTube
4 version: 1.1.0 4 version: 1.2.0
5 contact: 5 contact:
6 name: PeerTube Community 6 name: PeerTube Community
7 url: 'https://joinpeertube.org' 7 url: 'https://joinpeertube.org'
@@ -23,7 +23,7 @@ info:
23 23
24 # Authentication 24 # Authentication
25 When you sign up for an account, you are given the possibility to generate 25 When you sign up for an account, you are given the possibility to generate
26 sessions, and authenticate using this session token. One session token can 26 sessions, and authenticate using this session token. One session token can
27 currently be used at a time. 27 currently be used at a time.
28 28
29 # Errors 29 # Errors
@@ -61,7 +61,7 @@ tags:
61 description: > 61 description: >
62 Managing servers which the instance interacts with is crucial to the 62 Managing servers which the instance interacts with is crucial to the
63 concept of federation in PeerTube and external video indexation. The PeerTube 63 concept of federation in PeerTube and external video indexation. The PeerTube
64 server then deals with inter-server ActivityPub operations and propagates 64 server then deals with inter-server ActivityPub operations and propagates
65 information across its social graph by posting activities to actors' inbox 65 information across its social graph by posting activities to actors' inbox
66 endpoints. 66 endpoints.
67 - name: Video Abuse 67 - name: Video Abuse
@@ -492,7 +492,8 @@ paths:
492 get: 492 get:
493 summary: Get current user information 493 summary: Get current user information
494 security: 494 security:
495 - OAuth2: [] 495 - OAuth2:
496 - user
496 tags: 497 tags:
497 - User 498 - User
498 responses: 499 responses:
@@ -507,7 +508,8 @@ paths:
507 put: 508 put:
508 summary: Update current user information 509 summary: Update current user information
509 security: 510 security:
510 - OAuth2: [] 511 - OAuth2:
512 - user
511 tags: 513 tags:
512 - User 514 - User
513 responses: 515 responses:
@@ -523,7 +525,8 @@ paths:
523 get: 525 get:
524 summary: Get current user used quota 526 summary: Get current user used quota
525 security: 527 security:
526 - OAuth2: [] 528 - OAuth2:
529 - user
527 tags: 530 tags:
528 - User 531 - User
529 responses: 532 responses:
@@ -558,7 +561,71 @@ paths:
558 get: 561 get:
559 summary: Get videos of the current user 562 summary: Get videos of the current user
560 security: 563 security:
561 - OAuth2: [] 564 - OAuth2:
565 - user
566 tags:
567 - User
568 parameters:
569 - $ref: '#/components/parameters/start'
570 - $ref: '#/components/parameters/count'
571 - $ref: '#/components/parameters/sort'
572 responses:
573 '200':
574 description: successful operation
575 content:
576 application/json:
577 schema:
578 type: array
579 items:
580 $ref: '#/components/schemas/Video'
581 /users/me/subscriptions:
582 get:
583 summary: Get subscriptions of the current user
584 security:
585 - OAuth2:
586 - user
587 tags:
588 - User
589 parameters:
590 - $ref: '#/components/parameters/start'
591 - $ref: '#/components/parameters/count'
592 - $ref: '#/components/parameters/sort'
593 responses:
594 '200':
595 description: successful operation
596 post:
597 summary: Add subscription to the current user
598 security:
599 - OAuth2:
600 - user
601 tags:
602 - User
603 responses:
604 '200':
605 description: successful operation
606 /users/me/subscriptions/exist:
607 get:
608 summary: Get if subscriptions exist for the current user
609 security:
610 - OAuth2:
611 - user
612 tags:
613 - User
614 parameters:
615 - $ref: '#/components/parameters/subscriptionsUris'
616 responses:
617 '200':
618 description: successful operation
619 content:
620 application/json:
621 schema:
622 type: object
623 /users/me/subscriptions/videos:
624 get:
625 summary: Get videos of subscriptions of the current user
626 security:
627 - OAuth2:
628 - user
562 tags: 629 tags:
563 - User 630 - User
564 parameters: 631 parameters:
@@ -574,6 +641,31 @@ paths:
574 type: array 641 type: array
575 items: 642 items:
576 $ref: '#/components/schemas/Video' 643 $ref: '#/components/schemas/Video'
644 '/users/me/subscriptions/{uri}':
645 get:
646 summary: Get subscription of the current user for a given uri
647 security:
648 - OAuth2:
649 - user
650 tags:
651 - User
652 responses:
653 '200':
654 description: successful operation
655 content:
656 application/json:
657 schema:
658 $ref: '#/components/schemas/VideoChannel'
659 delete:
660 summary: Delete subscription of the current user for a given uri
661 security:
662 - OAuth2:
663 - user
664 tags:
665 - User
666 responses:
667 '200':
668 description: successful operation
577 /users/register: 669 /users/register:
578 post: 670 post:
579 summary: Register a user 671 summary: Register a user
@@ -751,7 +843,9 @@ paths:
751 type: string 843 type: string
752 tags: 844 tags:
753 description: Video tags 845 description: Video tags
754 type: string 846 type: array
847 items:
848 type: string
755 commentsEnabled: 849 commentsEnabled:
756 description: Enable or disable comments for this video 850 description: Enable or disable comments for this video
757 type: string 851 type: string
@@ -820,7 +914,7 @@ paths:
820 $ref: '#/paths/~1users~1me/put/responses/204' 914 $ref: '#/paths/~1users~1me/put/responses/204'
821 '/videos/{id}/watching': 915 '/videos/{id}/watching':
822 put: 916 put:
823 summary: Indicate progress of in watching the video by its id for a user 917 summary: Set watching progress of a video by its id for a user
824 tags: 918 tags:
825 - Video 919 - Video
826 security: 920 security:
@@ -958,7 +1052,9 @@ paths:
958 type: string 1052 type: string
959 tags: 1053 tags:
960 description: Video tags 1054 description: Video tags
961 type: string 1055 type: array
1056 items:
1057 type: string
962 commentsEnabled: 1058 commentsEnabled:
963 description: Enable or disable comments for this video 1059 description: Enable or disable comments for this video
964 type: string 1060 type: string
@@ -1434,6 +1530,8 @@ components:
1434 - type: array 1530 - type: array
1435 items: 1531 items:
1436 type: number 1532 type: number
1533 style: form
1534 explode: false
1437 tagsOneOf: 1535 tagsOneOf:
1438 name: tagsOneOf 1536 name: tagsOneOf
1439 in: query 1537 in: query
@@ -1445,6 +1543,8 @@ components:
1445 - type: array 1543 - type: array
1446 items: 1544 items:
1447 type: string 1545 type: string
1546 style: form
1547 explode: false
1448 tagsAllOf: 1548 tagsAllOf:
1449 name: tagsAllOf 1549 name: tagsAllOf
1450 in: query 1550 in: query
@@ -1456,6 +1556,8 @@ components:
1456 - type: array 1556 - type: array
1457 items: 1557 items:
1458 type: string 1558 type: string
1559 style: form
1560 explode: false
1459 languageOneOf: 1561 languageOneOf:
1460 name: languageOneOf 1562 name: languageOneOf
1461 in: query 1563 in: query
@@ -1463,10 +1565,12 @@ components:
1463 description: language id of the video 1565 description: language id of the video
1464 schema: 1566 schema:
1465 oneOf: 1567 oneOf:
1466 - type: number 1568 - type: string
1467 - type: array 1569 - type: array
1468 items: 1570 items:
1469 type: number 1571 type: string
1572 style: form
1573 explode: false
1470 licenceOneOf: 1574 licenceOneOf:
1471 name: licenceOneOf 1575 name: licenceOneOf
1472 in: query 1576 in: query
@@ -1478,6 +1582,8 @@ components:
1478 - type: array 1582 - type: array
1479 items: 1583 items:
1480 type: number 1584 type: number
1585 style: form
1586 explode: false
1481 nsfw: 1587 nsfw:
1482 name: nsfw 1588 name: nsfw
1483 in: query 1589 in: query
@@ -1501,6 +1607,15 @@ components:
1501 enum: 1607 enum:
1502 - local 1608 - local
1503 - all-local 1609 - all-local
1610 subscriptionsUris:
1611 name: uris
1612 in: query
1613 required: true
1614 description: list of uris to check if each is part of the user subscriptions
1615 schema:
1616 type: array
1617 items:
1618 type: string
1504 requestBodies: 1619 requestBodies:
1505 VideoChannelInput: 1620 VideoChannelInput:
1506 content: 1621 content:
diff --git a/support/doc/tools.md b/support/doc/tools.md
index 1c7739525..1a9ba7d2b 100644
--- a/support/doc/tools.md
+++ b/support/doc/tools.md
@@ -4,13 +4,13 @@
4<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> 4<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
5**Table of Contents** 5**Table of Contents**
6 6
7- [CLI wrapper](#cli-wrapper)
8- [Remote Tools](#remote-tools) 7- [Remote Tools](#remote-tools)
9 - [Dependencies](#dependencies) 8 - [Dependencies](#dependencies)
10 - [Installation](#installation) 9 - [Installation](#installation)
11 - [peertube-import-videos.js](#peertube-import-videosjs) 10 - [CLI wrapper](#cli-wrapper)
12 - [peertube-upload.js](#peertube-uploadjs) 11 - [peertube-import-videos.js](#peertube-import-videosjs)
13 - [peertube-watch.js](#peertube-watchjs) 12 - [peertube-upload.js](#peertube-uploadjs)
13 - [peertube-watch.js](#peertube-watchjs)
14- [Server tools](#server-tools) 14- [Server tools](#server-tools)
15 - [parse-log](#parse-log) 15 - [parse-log](#parse-log)
16 - [create-transcoding-job.js](#create-transcoding-jobjs) 16 - [create-transcoding-job.js](#create-transcoding-jobjs)
@@ -26,9 +26,41 @@
26 26
27<!-- END doctoc generated TOC please keep comment here to allow auto update --> 27<!-- END doctoc generated TOC please keep comment here to allow auto update -->
28 28
29## CLI wrapper 29## Remote Tools
30
31You need at least 512MB RAM to run the script.
32Scripts can be launched directly from a PeerTube server, or from a separate server, even a desktop PC.
33You need to follow all the following steps even if you are on a PeerTube server (including cloning the git repository in a different directory than your production installation because the scripts utilize non-production dependencies).
34
35### Dependencies
36
37Install the [PeerTube dependencies](dependencies.md).
38
39### Installation
40
41Clone the PeerTube repo to get the latest version (even if you are on your PeerTube server):
42
43```
44$ git clone https://github.com/Chocobozzz/PeerTube.git
45$ CLONE="$(pwd)/PeerTube"
46```
47
48Run ``yarn install --pure-lockfile``
49```
50$ cd ${CLONE}
51$ yarn install --pure-lockfile
52```
53
54Build server tools:
55```
56$ cd ${CLONE}
57$ npm run build:server
58```
59
60### CLI wrapper
30 61
31The wrapper provides a convenient interface to most scripts, and requires the [same dependencies](#dependencies). You can access it as `peertube` via an alias in your `.bashrc` like `alias peertube="node ${PEERTUBE_PATH}/dist/server/tools/peertube.js"`: 62The wrapper provides a convenient interface to the following scripts.
63You can access it as `peertube` via an alias in your `.bashrc` like `alias peertube="cd /your/peertube/directory/ && node ./dist/server/tools/peertube.js"` (you have to keep the `cd` command):
32 64
33``` 65```
34 Usage: peertube [command] [options] 66 Usage: peertube [command] [options]
@@ -51,12 +83,12 @@ The wrapper provides a convenient interface to most scripts, and requires the [s
51The wrapper can keep track of instances you have an account on. We limit to one account per instance for now. 83The wrapper can keep track of instances you have an account on. We limit to one account per instance for now.
52 84
53```bash 85```bash
54$ peertube auth add -u "PEERTUBE_URL" -U "PEERTUBE_USER" --password "PEERTUBE_PASSWORD" 86$ peertube auth add -u 'PEERTUBE_URL' -U 'PEERTUBE_USER' --password 'PEERTUBE_PASSWORD'
55$ peertube auth list 87$ peertube auth list
56┌──────────────────────────────┬──────────────────────────────┐ 88┌──────────────────────────────┬──────────────────────────────┐
57│ instance │ login │ 89│ instance │ login │
58├──────────────────────────────┼──────────────────────────────┤ 90├──────────────────────────────┼──────────────────────────────┤
59"PEERTUBE_URL""PEERTUBE_USER" 91'PEERTUBE_URL''PEERTUBE_USER'
60└──────────────────────────────┴──────────────────────────────┘ 92└──────────────────────────────┴──────────────────────────────┘
61``` 93```
62 94
@@ -72,53 +104,22 @@ And now that your video is online, you can watch it from the confort of your ter
72$ peertube watch https://peertube.cpy.re/videos/watch/e8a1af4e-414a-4d58-bfe6-2146eed06d10 104$ peertube watch https://peertube.cpy.re/videos/watch/e8a1af4e-414a-4d58-bfe6-2146eed06d10
73``` 105```
74 106
75## Remote Tools 107#### peertube-import-videos.js
76
77You need at least 512MB RAM to run the script.
78Scripts can be launched directly from a PeerTube server, or from a separate server, even a desktop PC.
79You need to follow all the following steps even if you are on a PeerTube server (including cloning the git repository in a different directory than your production installation because the scripts utilize non-production dependencies).
80
81### Dependencies
82
83Install the [PeerTube dependencies](dependencies.md).
84
85### Installation
86
87Clone the PeerTube repo to get the latest version (even if you are on your PeerTube server):
88
89```
90$ git clone https://github.com/Chocobozzz/PeerTube.git
91$ CLONE="$(pwd)/PeerTube"
92```
93
94Run ``yarn install``
95```
96$ cd ${CLONE}
97$ yarn install
98```
99
100Build server tools:
101```
102$ cd ${CLONE}
103$ npm run build:server
104```
105
106### peertube-import-videos.js
107 108
108You can use this script to import videos from all [supported sites of youtube-dl](https://rg3.github.io/youtube-dl/supportedsites.html) into PeerTube. 109You can use this script to import videos from all [supported sites of youtube-dl](https://rg3.github.io/youtube-dl/supportedsites.html) into PeerTube.
109Be sure you own the videos or have the author's authorization to do so. 110Be sure you own the videos or have the author's authorization to do so.
110 111
111```sh 112```sh
112$ node dist/server/tools/peertube-import-videos.js \ 113$ node dist/server/tools/peertube-import-videos.js \
113 -u "PEERTUBE_URL" \ 114 -u 'PEERTUBE_URL' \
114 -U "PEERTUBE_USER" \ 115 -U 'PEERTUBE_USER' \
115 --password "PEERTUBE_PASSWORD" \ 116 --password 'PEERTUBE_PASSWORD' \
116 -t "TARGET_URL" 117 -t 'TARGET_URL'
117``` 118```
118 119
119* `PEERTUBE_URL` : the full URL of your PeerTube server where you want to import, eg: https://peertube.cpy.re 120* `PEERTUBE_URL` : the full URL of your PeerTube server where you want to import, eg: https://peertube.cpy.re
120* `PEERTUBE_USER` : your PeerTube account where videos will be uploaded 121* `PEERTUBE_USER` : your PeerTube account where videos will be uploaded
121* `PEERTUBE_PASSWORD` : password of your PeerTube account (if omitted, you will be prompted for it) 122* `PEERTUBE_PASSWORD` : password of your PeerTube account (if `PEERTUBE_PASSWORD` is omitted, you will be prompted for it)
122* `TARGET_URL` : the target url you want to import. Examples: 123* `TARGET_URL` : the target url you want to import. Examples:
123 * YouTube: 124 * YouTube:
124 * Channel: https://www.youtube.com/channel/ChannelId 125 * Channel: https://www.youtube.com/channel/ChannelId
@@ -133,7 +134,7 @@ Already downloaded videos will not be uploaded twice, so you can run and re-run
133Videos will be publicly available after transcoding (you can see them before that in your account on the web interface). 134Videos will be publicly available after transcoding (you can see them before that in your account on the web interface).
134 135
135 136
136### peertube-upload.js 137#### peertube-upload.js
137 138
138You can use this script to import videos directly from the CLI. 139You can use this script to import videos directly from the CLI.
139 140
@@ -144,7 +145,7 @@ $ cd ${CLONE}
144$ node dist/server/tools/peertube-upload.js --help 145$ node dist/server/tools/peertube-upload.js --help
145``` 146```
146 147
147### peertube-watch.js 148#### peertube-watch.js
148 149
149You can use this script to play videos directly from the CLI. 150You can use this script to play videos directly from the CLI.
150 151
@@ -198,10 +199,10 @@ $ sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production
198### prune-storage.js 199### prune-storage.js
199 200
200Some transcoded videos or shutdown at a bad time can leave some unused files on your storage. 201Some transcoded videos or shutdown at a bad time can leave some unused files on your storage.
201To delete them (a confirmation will be demanded first): 202Stop PeerTube and delete these files (a confirmation will be demanded first):
202 203
203``` 204```
204$ sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run prune-storage 205$ sudo systemctl stop peertube && sudo -u peertube NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run prune-storage
205``` 206```
206 207
207### optimize-old-videos.js 208### optimize-old-videos.js
diff --git a/support/docker/production/.env b/support/docker/production/.env
index f27def3b4..802d6b2ca 100644
--- a/support/docker/production/.env
+++ b/support/docker/production/.env
@@ -18,3 +18,4 @@ PEERTUBE_ADMIN_EMAIL=admin@domain.tld
18# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ 18# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
19#PEERTUBE_SIGNUP_ENABLED=true 19#PEERTUBE_SIGNUP_ENABLED=true
20#PEERTUBE_TRANSCODING_ENABLED=true 20#PEERTUBE_TRANSCODING_ENABLED=true
21#PEERTUBE_CONTACT_FORM_ENABLED=true
diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml
index cfc30632c..8604939aa 100644
--- a/support/docker/production/config/custom-environment-variables.yaml
+++ b/support/docker/production/config/custom-environment-variables.yaml
@@ -50,6 +50,11 @@ user:
50admin: 50admin:
51 email: "PEERTUBE_ADMIN_EMAIL" 51 email: "PEERTUBE_ADMIN_EMAIL"
52 52
53contact_form:
54 enabled:
55 __name: "PEERTUBE_CONTACT_FORM_ENABLED"
56 __format: "json"
57
53signup: 58signup:
54 enabled: 59 enabled:
55 __name: "PEERTUBE_SIGNUP_ENABLED" 60 __name: "PEERTUBE_SIGNUP_ENABLED"
@@ -101,9 +106,11 @@ transcoding:
101 1080: 106 1080:
102 __name: "PEERTUBE_TRANSCODING_1080P" 107 __name: "PEERTUBE_TRANSCODING_1080P"
103 __format: "json" 108 __format: "json"
104
105 109
106instance: 110instance:
107 name: "PEERTUBE_INSTANCE_NAME" 111 name: "PEERTUBE_INSTANCE_NAME"
108 description: "PEERTUBE_INSTANCE_DESCRIPTION" 112 description: "PEERTUBE_INSTANCE_DESCRIPTION"
109 terms: "PEERTUBE_INSTANCE_TERMS" 113 terms: "PEERTUBE_INSTANCE_TERMS"
114
115services:
116 csp-logger: "PEERTUBE_SERVICES_CSPLOGGER"
diff --git a/support/docker/production/config/production.yaml b/support/docker/production/config/production.yaml
index 4970bbcca..846c838e8 100644
--- a/support/docker/production/config/production.yaml
+++ b/support/docker/production/config/production.yaml
@@ -32,8 +32,10 @@ redis:
32 32
33# From the project root directory 33# From the project root directory
34storage: 34storage:
35 tmp: '../data/tmp/'
35 avatars: '../data/avatars/' 36 avatars: '../data/avatars/'
36 videos: '../data/videos/' 37 videos: '../data/videos/'
38 redundancy: '../data/redundancy/'
37 logs: '../data/logs/' 39 logs: '../data/logs/'
38 previews: '../data/previews/' 40 previews: '../data/previews/'
39 thumbnails: '../data/thumbnails/' 41 thumbnails: '../data/thumbnails/'
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh
index 6dbbfddf6..7dd626b9f 100755
--- a/support/docker/production/docker-entrypoint.sh
+++ b/support/docker/production/docker-entrypoint.sh
@@ -9,7 +9,7 @@ fi
9# Always copy default and custom env configuration file, in cases where new keys were added 9# Always copy default and custom env configuration file, in cases where new keys were added
10cp /app/config/default.yaml /config 10cp /app/config/default.yaml /config
11cp /app/support/docker/production/config/custom-environment-variables.yaml /config 11cp /app/support/docker/production/config/custom-environment-variables.yaml /config
12chown -R peertube:peertube /config 12find /config ! -user peertube -exec chown peertube:peertube {} \;
13 13
14# first arg is `-f` or `--some-option` 14# first arg is `-f` or `--some-option`
15# or first arg is `something.conf` 15# or first arg is `something.conf`
@@ -19,7 +19,7 @@ fi
19 19
20# allow the container to be started with `--user` 20# allow the container to be started with `--user`
21if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then 21if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then
22 chown -R peertube:peertube /data 22 find /data ! -user peertube -exec chown peertube:peertube {} \;
23 exec gosu peertube "$0" "$@" 23 exec gosu peertube "$0" "$@"
24fi 24fi
25 25
diff --git a/support/freebsd/peertube b/support/freebsd/peertube
index 78fdf5848..5d14c58ae 100755
--- a/support/freebsd/peertube
+++ b/support/freebsd/peertube
@@ -16,6 +16,7 @@ load_rc_config $name
16 16
17: ${peertube_enable:=NO} 17: ${peertube_enable:=NO}
18 18
19sig_stop=-KILL
19peertube_chdir="/var/www/peertube/peertube-latest" 20peertube_chdir="/var/www/peertube/peertube-latest"
20peertube_env="HOME=/var/www/peertube \ 21peertube_env="HOME=/var/www/peertube \
21NODE_ENV=production \ 22NODE_ENV=production \
@@ -23,7 +24,7 @@ NODE_CONFIG_DIR=/var/www/peertube/config \
23USER=peertube" 24USER=peertube"
24peertube_user=peertube 25peertube_user=peertube
25 26
26command="/usr/local/bin/npm" 27command="/usr/local/bin/node"
27command_args="start >> /var/log/peertube/${name}.log 2>&1 &" 28command_args="dist/server >> /var/log/peertube/${name}.log 2>&1 &"
28 29
29run_rc_command "$1" 30run_rc_command "$1"
diff --git a/support/nginx/peertube b/support/nginx/peertube
index b00031133..54ffdcc32 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -96,8 +96,18 @@ server {
96 proxy_set_header Host $host; 96 proxy_set_header Host $host;
97 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 97 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
98 98
99 # Hard limit, PeerTube does not support videos > 8GB 99 # This is the maximum upload size, which roughly matches the maximum size of a video file
100 # you can send via the API or the web interface. By default this is 8GB, but administrators
101 # can increase or decrease the limit. Currently there's no way to communicate this limit
102 # to users automatically, so you may want to leave a note in your instance 'about' page if
103 # you change this.
104 #
105 # Note that temporary space is needed equal to the total size of all concurrent uploads.
106 # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
107 # on a dedicated filesystem.
108 #
100 client_max_body_size 8G; 109 client_max_body_size 8G;
110
101 proxy_connect_timeout 600; 111 proxy_connect_timeout 600;
102 proxy_send_timeout 600; 112 proxy_send_timeout 600;
103 proxy_read_timeout 600; 113 proxy_read_timeout 600;
@@ -105,7 +115,7 @@ server {
105 } 115 }
106 116
107 # Bypass PeerTube for performance reasons. Could be removed 117 # Bypass PeerTube for performance reasons. Could be removed
108 location /static/webseed { 118 location ~ ^/static/(webseed|redundancy)/ {
109 # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client 119 # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
110 limit_rate 800k; 120 limit_rate 800k;
111 121
@@ -128,7 +138,12 @@ server {
128 access_log off; 138 access_log off;
129 } 139 }
130 140
131 alias /var/www/peertube/storage/videos; 141 root /var/www/peertube/storage;
142
143 rewrite ^/static/webseed/(.*)$ /videos/$1 break;
144 rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
145
146 try_files $uri /;
132 } 147 }
133 148
134 # Websocket tracker 149 # Websocket tracker
@@ -143,4 +158,16 @@ server {
143 proxy_set_header Host $host; 158 proxy_set_header Host $host;
144 proxy_pass http://localhost:9000; 159 proxy_pass http://localhost:9000;
145 } 160 }
161
162 location /socket.io {
163 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
164 proxy_set_header Host $host;
165
166 proxy_pass http://localhost:9000;
167
168 # enable WebSockets
169 proxy_http_version 1.1;
170 proxy_set_header Upgrade $http_upgrade;
171 proxy_set_header Connection "upgrade";
172 }
146} 173}
diff --git a/support/systemd/peertube.service b/support/systemd/peertube.service
index 88856385c..fba644788 100644
--- a/support/systemd/peertube.service
+++ b/support/systemd/peertube.service
@@ -15,5 +15,24 @@ StandardError=syslog
15SyslogIdentifier=peertube 15SyslogIdentifier=peertube
16Restart=always 16Restart=always
17 17
18; Some security directives.
19; Use private /tmp and /var/tmp folders inside a new file system namespace,
20; which are discarded after the process stops.
21PrivateTmp=true
22; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
23ProtectSystem=full
24; Sets up a new /dev mount for the process and only adds API pseudo devices
25; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
26; by default because it may not work on devices like the Raspberry Pi.
27PrivateDevices=false
28; Ensures that the service process and all its children can never gain new
29; privileges through execve().
30NoNewPrivileges=true
31; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
32; by this unit. Make sure that you do not depend on data inside these folders.
33ProtectHome=true
34; Drops the sys admin capability from the daemon.
35CapabilityBoundingSet=~CAP_SYS_ADMIN
36
18[Install] 37[Install]
19WantedBy=multi-user.target 38WantedBy=multi-user.target