From d2000ca6e7fa77758d4f811e4a8af11108d2655d Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 15 Jan 2018 17:56:58 +0100 Subject: Update production guide Use release that already contains build files. It requires a specific directories tree but I think it would be fine. --- support/doc/production.md | 50 +++++++++++++++-------------- support/nginx/peertube | 69 ++++++++++++++++++++++++++++++++++++++++ support/nginx/peertube-https | 67 -------------------------------------- support/systemd/peertube.service | 7 ++-- 4 files changed, 100 insertions(+), 93 deletions(-) create mode 100644 support/nginx/peertube delete mode 100644 support/nginx/peertube-https diff --git a/support/doc/production.md b/support/doc/production.md index a8ed2af88..77c9a086d 100644 --- a/support/doc/production.md +++ b/support/doc/production.md @@ -11,8 +11,8 @@ Follow the steps of the [dependencies guide](dependencies.md). Create a `peertube` user with `/home/peertube` home: ``` -sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube -sudo passwd peertube +$ sudo useradd -m -d /home/peertube -s /bin/bash -p peertube peertube +$ sudo passwd peertube ``` ### Database @@ -20,20 +20,24 @@ sudo passwd peertube Create production database and peertube user: ``` -sudo -u postgres createuser -P peertube -sudo -u postgres createdb -O peertube peertube_prod +$ sudo -u postgres createuser -P peertube +$ sudo -u postgres createdb -O peertube peertube_prod ``` -### Sources +### Prepare PeerTube directory -Clone, install node dependencies and build application: +Check the latest release: https://github.com/Chocobozzz/PeerTube/releases or the release version you want. +We assume in the following commands the version is 0.42.42: ``` -$ cd /home/peertube -$ sudo -u peertube git clone -b master https://github.com/Chocobozzz/PeerTube -$ cd PeerTube -$ sudo -u peertube yarn install --pure-lockfile -$ sudo -u peertube npm run build +$ VERSION="0.42.42" && \ + cd /home/peertube && \ + sudo -u peertube mkdir config storage versions && \ + cd versions && \ + sudo -u peertube wget "https://github.com/Chocobozzz/PeerTube/releases/download/v${VERSION}/peertube-v${VERSION}.zip" && \ + sudo -u peertube unzip peertube-v${VERSION}.zip && sudo -u peertube rm peertube-v${VERSION}.zip && \ + cd ../ && sudo -u peertube ln -s versions/peertube-v${VERSION} ./peertube-latest && \ + cd ./peertube-latest && sudo -u peertube yarn install --production --pure-lockfile ``` ### PeerTube configuration @@ -41,19 +45,18 @@ $ sudo -u peertube npm run build Copy example configuration: ``` -$ sudo -u peertube cp config/production.yaml.example config/production.yaml +$ cd /home/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml ``` Then edit the `config/production.yaml` file according to your webserver -configuration. Keys set in this file will override those of -`config/default.yml`. +configuration. ### Webserver Copy the nginx configuration template: ``` -$ sudo cp /home/peertube/PeerTube/support/nginx/peertube-https /etc/nginx/sites-available/peertube +$ sudo cp /home/peertube/PeerTube/support/nginx/peertube /etc/nginx/sites-available/peertube ``` Then modify the webserver configuration file. Please pay attention to the `alias` key of `/static/webseed` location. @@ -129,7 +132,7 @@ server { add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } - alias /var/www/PeerTube/videos; + alias /home/peertube/storage/videos; } # Websocket tracker @@ -160,13 +163,13 @@ $ sudo systemctl reload nginx Copy the nginx configuration template: ``` -sudo cp /home/peertube/PeerTube/support/systemd/peertube.service /etc/systemd/system/ +$ sudo cp /home/peertube/PeerTube/support/systemd/peertube.service /etc/systemd/system/ ``` Update the service file: ``` -sudo vim /etc/systemd/system/peertube.service +$ sudo vim /etc/systemd/system/peertube.service ``` It should look like this: @@ -179,10 +182,11 @@ After=network.target [Service] Type=simple Environment=NODE_ENV=production +Environment=NODE_CONFIG_DIR=/home/peertube/config User=peertube Group=peertube ExecStart=/usr/bin/npm start -WorkingDirectory=/home/peertube/PeerTube +WorkingDirectory=/home/peertube/peertube-latest StandardOutput=syslog StandardError=syslog SyslogIdentifier=peertube @@ -196,20 +200,20 @@ WantedBy=multi-user.target Tell systemd to reload its config: ``` -sudo systemctl daemon-reload +$ sudo systemctl daemon-reload ``` If you want to start PeerTube on boot: ``` -sudo systemctl enabled peertube +$ sudo systemctl enabled peertube ``` ### Run ``` -sudo systemctl start peertube -sudo journalctl -feu peertube +$ sudo systemctl start peertube +$ sudo journalctl -feu peertube ``` ### Administrator diff --git a/support/nginx/peertube b/support/nginx/peertube new file mode 100644 index 000000000..f7be64424 --- /dev/null +++ b/support/nginx/peertube @@ -0,0 +1,69 @@ +server { + listen 80; + # listen [::]:80; + server_name domain.tld; + + location /.well-known/acme-challenge/ { allow all; } + location / { return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + # listen [::]:443 ssl http2; + server_name domain.tld; + + # For example with Let's Encrypt + ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem; + + location / { + proxy_pass http://localhost:9000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # For the video upload + client_max_body_size 2G; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + } + + # Bypass PeerTube webseed route for better performances + location /static/webseed { + # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client + limit_rate 800k; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + } + + alias /home/peertube/storage/videos; + } + + # Websocket tracker + location /tracker/socket { + # Peers send a message to the tracker every 15 minutes + # Don't close the websocket before this time + proxy_read_timeout 1200s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://localhost:9000; + } +} diff --git a/support/nginx/peertube-https b/support/nginx/peertube-https deleted file mode 100644 index c3465f74b..000000000 --- a/support/nginx/peertube-https +++ /dev/null @@ -1,67 +0,0 @@ -server { - listen 80; - # listen [::]:80; - server_name domain.tld; - rewrite ^ https://$server_name$request_uri? permanent; -} - -server { - listen 443 ssl http2; - # listen [::]:443 ssl http2; - server_name domain.tld; - - # For example with Let's Encrypt - ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem; - - location / { - proxy_pass http://localhost:9000; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # For the video upload - client_max_body_size 2G; - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - } - - # Bypass PeerTube webseed route for better performances - location /static/webseed { - # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client - limit_rate 800k; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } - - alias /your/installation/PeerTube/videos; - } - - # Websocket tracker - location /tracker/socket { - # Peers send a message to the tracker every 15 minutes - # Don't close the websocket before this time - proxy_read_timeout 1200s; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://localhost:9000; - } -} diff --git a/support/systemd/peertube.service b/support/systemd/peertube.service index b9d01f235..03ead9fbd 100644 --- a/support/systemd/peertube.service +++ b/support/systemd/peertube.service @@ -5,10 +5,11 @@ After=network.target [Service] Type=simple Environment=NODE_ENV=production -User=myuser -Group=myuser +Environment=NODE_CONFIG_DIR=/home/peertube/config +User=peertube +Group=peertube ExecStart=/usr/bin/npm start -WorkingDirectory=/path/to/peertube +WorkingDirectory=/home/peertube/peertube-latest StandardOutput=syslog StandardError=syslog SyslogIdentifier=peertube -- cgit v1.2.3