From 1ebe2c2b9fba58c87d18c07921ea7c425e7e3cfd Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 28 Oct 2022 09:59:39 +0200
Subject: Update production.yaml

---
 config/production.yaml.example                             | 14 +++++++++++++-
 .../tests/api/object-storage/video-static-file-privacy.ts  |  2 +-
 server/tests/api/users/users.ts                            |  2 +-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/config/production.yaml.example b/config/production.yaml.example
index 167d23af8..c136a73ad 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -138,6 +138,10 @@ storage:
   # If not, peertube will fallback to the default file
   client_overrides: '/var/www/peertube/storage/client-overrides/'
 
+static_files:
+  # Require and check user authentication when accessing private files (internal/private video files)
+  private_files_require_auth: true
+
 object_storage:
   enabled: false
 
@@ -149,9 +153,17 @@ object_storage:
   upload_acl:
     # Set this ACL on each uploaded object of public/unlisted videos
     public: 'public-read'
-      # Set this ACL on each uploaded object of private/internal videos
+    # Set this ACL on each uploaded object of private/internal videos
+    # PeerTube can proxify requests to private objects so your users can access them
     private: 'private'
 
+  proxy:
+    # If private files (private/internal video files) have a private ACL, users can't access directly the ressource
+    # PeerTube can proxify requests between your object storage service and your users
+    # If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files
+    # Or you can also set a public ACL for private files in object storage if you don't want to use a proxy
+    proxify_private_files: true
+
   credentials:
     # You can also use AWS_ACCESS_KEY_ID env variable
     access_key_id: ''
diff --git a/server/tests/api/object-storage/video-static-file-privacy.ts b/server/tests/api/object-storage/video-static-file-privacy.ts
index ed8855b3b..ea5bdd0a8 100644
--- a/server/tests/api/object-storage/video-static-file-privacy.ts
+++ b/server/tests/api/object-storage/video-static-file-privacy.ts
@@ -385,7 +385,7 @@ describe('Object storage for video static file privacy', function () {
   })
 
   after(async function () {
-    this.timeout(60000)
+    this.timeout(240000)
 
     const { data } = await server.videos.listAllForAdmin()
 
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 9e657b387..3952a7aed 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -181,7 +181,7 @@ describe('Test users', function () {
     })
 
     it('Should refresh the token', async function () {
-      this.timeout(15000)
+      this.timeout(50000)
 
       const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
       await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
-- 
cgit v1.2.3