gitea/ansible-roles/pipeline/head This commit looks good

Ce rôle installe un serveur peertube.
Notez qu'hormis le présent fichier, tous les fichiers du rôle peertube sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
Variables du rôle
Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
Ce rôle Ansible dépend des rôles suivants :
- nodejs
Exemple de playbook
- name: "Déployer un serveur peertube"
- all
# Supplanter ici les variables du rôle
domains: ['']
service: 'mon-peertube'
- { role: webapps/peertube , tags: "peertube" }
Infos sur l'auteur
Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.

View file

@ -1,10 +1,49 @@
# Peertube peertube
This depends on the following roles This role installs or upgrades the server for peertube.
- certbot FRENCH: Voir le fichier pour le français.
- evolinux-base
- nginx Requirements
- nodejs ------------
- postgresql
- redis ...
Role Variables
Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
This Ansible role depends on the following other roles:
- nodejs
Example Playbook
- name: "Deploy a peertube server"
- all
# Overwrite the role variables here
domains: ['']
service: 'my-peertube'
- { role: webapps/peertube , tags: "peertube" }
Author Information
Mathieu Gauthier-Pilote, sys. admin. at Evolix.

View file

@ -1,18 +1,14 @@
--- ---
peertube_version: "latest-24" # defaults file for vars
peertube_archive_name: "{{ peertube_version }}.tar.bz2" system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
peertube_releases_baseurl: "" version: 'v5.1.0'
download_url: "{{ version }}/peertube-{{ version }}.zip"
peertube_instance_name: "peertube" domains: ['']
peertube_user: "{{ peertube_instance_name }}" service_home: '/var/www/peertube'
peertube_domains: [] db_host: 'localhost'
db_port: '5432'
peertube_home: "/home/{{ peertube_user }}" db_name: "{{ service }}"
peertube_webroot: "{{ peertube_home }}/peertube" db_user: "{{ service }}"
peertube_data: "{{ peertube_webroot }}/data" db_password: 'UQ6_CHANGE_ME_Gzb'
pt_secret: 'd98a73_CHANGE_ME_c00c7c'
peertube_db_user: "{{ peertube_user }}" pt_host: ''
peertube_db_name: "{{ peertube_instance_name }}"
peertube_admin_login: "admin"
peertube_admin_password: ""

View file

@ -1,15 +1,2 @@
--- ---
- name: reload php-fpm # handlers file
name: php7.3-fpm
state: reloaded
- name: reload nginx
name: nginx
state: reloaded
- name: reload apache
name: apache2
state: reloaded

View file

@ -1 +1,52 @@
--- galaxy_info:
author: Mathieu Gauthier-Pilote
description: sys. admin.
company: Evolix
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url:
# Choose a valid license ID from - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license GPL-3.0-only
min_ansible_version: 2.10
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View file

View file

View file

View file

View file

View file

@ -0,0 +1,8 @@
# In a video server, we are often sending files to a client
# which can't accept it as fast as our local network connection
# could produce packets. To prevent packet loss and buffer bloat,
# it's especially important to use a modern CoDel scheduler which
# knows how to delay outgoing packets to match slower client links.
net.core.default_qdisc = fq_codel
net.ipv4.tcp_congestion_control = bbr

View file

@ -0,0 +1,35 @@
Description=PeerTube daemon postgresql.service redis-server.service
Environment=NODE_CONFIG_DIR={{ service_home }}/config
User={{ service }}
Group={{ service }}
ExecStart=/usr/bin/node dist/server
WorkingDirectory={{ service_home }}/peertube-latest
; Some security directives.
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
; Sets up a new /dev mount for the process and only adds API pseudo devices
; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
; by default because it may not work on devices like the Raspberry Pi.
; Ensures that the service process and all its children can never gain new
; privileges through execve().
; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
; by this unit. Make sure that you do not depend on data inside these folders.
; Drops the sys admin capability from the daemon.

View file

@ -0,0 +1,790 @@
hostname: ''
port: 9000
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
https: false
hostname: '{{ domains| first }}'
port: 80
# Secrets you need to generate the first time you run PeerTube
# Generate one using `openssl rand -hex 32`
peertube: '{{ pt_secret }}'
# 50 attempts in 10 seconds
window: 10 seconds
max: 50
# 15 attempts in 5 min
window: 5 minutes
max: 15
# 2 attempts in 5 min (only succeeded attempts are taken into account)
window: 5 minutes
max: 2
# 3 attempts in 5 min
window: 5 minutes
max: 3
# 10 attempts in 10 min
window: 10 minutes
max: 10
access_token: '1 day'
refresh_token: '2 weeks'
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
- 'loopback'
# Your database name will be OR 'peertube'+database.suffix
hostname: '{{ db_host }}'
port: {{ db_port }}
ssl: false
suffix: ''
name: '{{ db_name }}'
username: '{{ db_user }}'
password: '{{ db_password }}'
max: 5
# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# set 'hostname' and 'port' to null
hostname: 'localhost'
port: 6379
auth: null
db: 0
# SMTP server to send emails
# smtp or sendmail
transport: smtp
# Path to sendmail command. Required if you use sendmail transport
sendmail: null
hostname: null
port: 465 # If you use StartTLS: 587
username: null
password: null
tls: true # If you use StartTLS: false
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: ''
signature: 'PeerTube'
prefix: '[PeerTube]'
# Update default PeerTube values
# Set by API when the field is not provided and put as default value in client
# Change default values when publishing a video (upload/import/go Live)
download_enabled: true
comments_enabled: true
# public = 1, unlisted = 2, private = 3, internal = 4
privacy: 1
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
# You can also choose a custom licence value added by a plugin
# No licence by default
licence: null
# Enable P2P by default in PeerTube client
# Can be enabled/disabled by anonymous users and logged in users
enabled: true
# Enable P2P by default in PeerTube embed
# Can be enabled/disabled by URL option
enabled: true
# From the project root directory
tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
bin: '/var/www/peertube/storage/bin/'
avatars: '/var/www/peertube/storage/avatars/'
videos: '/var/www/peertube/storage/videos/'
streaming_playlists: '/var/www/peertube/storage/streaming-playlists/'
redundancy: '/var/www/peertube/storage/redundancy/'
logs: '/var/www/peertube/storage/logs/'
previews: '/var/www/peertube/storage/previews/'
thumbnails: '/var/www/peertube/storage/thumbnails/'
torrents: '/var/www/peertube/storage/torrents/'
captions: '/var/www/peertube/storage/captions/'
cache: '/var/www/peertube/storage/cache/'
plugins: '/var/www/peertube/storage/plugins/'
well_known: '/var/www/peertube/storage/well-known/'
# Overridable client files in client/dist/assets/images:
# - logo.svg
# - favicon.png
# - default-playlist.jpg
# - default-avatar-account.png
# - default-avatar-video-channel.png
# - and icons/*.png (PWA)
# Could contain for example assets/images/favicon.png
# If the file exists, peertube will serve it
# If not, peertube will fallback to the default file
client_overrides: '/var/www/peertube/storage/client-overrides/'
# Require and check user authentication when accessing private files (internal/private video files)
private_files_require_auth: true
enabled: false
# Without protocol, will default to HTTPS
endpoint: '' # '' or '' for example
region: 'us-east-1'
# Set this ACL on each uploaded object of public/unlisted videos
# Use null if your S3 provider does not support object ACL
public: 'public-read'
# Set this ACL on each uploaded object of private/internal videos
# PeerTube can proxify requests to private objects so your users can access them
# Use null if your S3 provider does not support object ACL
private: 'private'
# If private files (private/internal video files) have a private ACL, users can't access directly the ressource
# PeerTube can proxify requests between your object storage service and your users
# If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files
# Or you can also set a public ACL for private files in object storage if you don't want to use a proxy
proxify_private_files: true
# You can also use AWS_ACCESS_KEY_ID env variable
access_key_id: ''
# You can also use AWS_SECRET_ACCESS_KEY env variable
secret_access_key: ''
# Maximum amount to upload in one request to object storage
max_upload_part: 100MB
bucket_name: 'streaming-playlists'
# Allows setting all buckets to the same value but with a different prefix
prefix: '' # Example: 'streaming-playlists:'
# Base url for object URL generation, scheme and host will be replaced by this URL
# Useful when you want to use a CDN/external proxy
base_url: '' # Example: ''
# Same settings but for webtorrent videos
bucket_name: 'videos'
prefix: ''
base_url: ''
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
max_file_size: 12MB
max_files: 20
anonymize_ip: false
log_ping_requests: true
log_tracker_unknown_infohash: true
prettify_sql: false
# Accept warn/error logs coming from the client
accept_client_log: true
# Support of Open Telemetry metrics and tracing
# For more information:
enabled: false
# You can disable HTTP request duration metric that can have a high tag cardinality
enabled: true
# Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
hostname: ''
port: 9091
enabled: false
# Send traces to a Jaeger compatible endpoint
endpoint: ''
interval_days: 7 # Compute trending videos for the last x days for 'most-viewed' algorithm
- 'hot' # Adaptation of Reddit's 'Hot' algorithm
- 'most-viewed' # Number of views in the last x days
- 'most-liked' # Global views since the upload of the video
default: 'most-viewed'
# Cache remote videos on your server, to help other instances to broadcast the video
# You can define multiple caches using different sizes/strategies
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'most-views' # Cache videos that have the most views
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'trending' # Cache trending videos
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'recently-added' # Cache recently added videos
# min_views: 10 # Having at least x views
# Other instances that duplicate your content
# 'nobody': Do not accept remote redundancies
# 'anybody': Accept remote redundancies from anybody
# 'followings': Accept redundancies from instance followings
accept_from: 'anybody'
enabled: false
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
enabled: true
# Set x-powered-by HTTP header to "PeerTube"
# Can help remote software to know this is a PeerTube instance
enabled: true
# If you disable the tracker, you disable the P2P on your PeerTube instance
enabled: true
# Only handle requests on your videos
# If you set this to false it means you have a public tracker
# Then, it is possible that clients overload your instance with external torrents
private: true
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
reject_too_many_announces: false
# If you want to limit users videos history
# -1 means there is no limitations
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
max_age: -1
# PeerTube creates a database entry every hour for each video to track views over a period of time
# This is used in particular by the Trending page
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
# -1 means no cleanup
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
max_age: '30 days'
# PeerTube buffers local video views before updating and federating the video
local_buffer_update_interval: '30 minutes'
ip_view_expiration: '1 hour'
# Used to get country location of views of local videos
enabled: true
database_url: ''
# The website PeerTube will ask for available PeerTube plugins and themes
# This is an unmoderated plugin index, so only install plugins/themes you trust
enabled: true
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
url: ''
federate_unlisted: false
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
# It removes objects that do not exist anymore, and potentially fix their URLs
cleanup_remote_interactions: true
# Check and notify admins of new PeerTube versions
enabled: true
# You can use a custom URL if your want, that respect the format behind
url: ''
# Set this to false if you don't want to allow config edition in the web interface by instance admins
allowed: true
# XML, Atom or JSON feeds
# Default number of videos displayed in feeds
count: 20
# Default number of comments displayed in feeds
count: 20
# From this point, almost all following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube
# /!\ If you already have a local-production.json file, modification of some of
# the following keys will have no effect /!\
size: 500 # Max number of previews you want to cache
size: 500 # Max number of video captions/subtitles you want to cache
size: 500 # Max number of video torrents you want to cache
# Used to generate the root user at first startup
# And to receive emails from the contact form
email: ''
enabled: true
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
minimum_age: 16 # Used to configure the signup form
# Users fill a form to register so moderators can accept/reject the registration
requires_approval: true
requires_email_verification: false
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
blacklist: []
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
# Byte format is supported ("1GB" etc)
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
max_per_user: 20 # Allows each user to create up to 20 video channels.
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
# Please, do not disable transcoding since many uploaded videos will not work
enabled: true
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
allow_additional_extensions: true
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
allow_audio_files: true
# Amount of threads used by ffmpeg for 1 transcoding job
threads: 1
# Amount of transcoding jobs to execute in parallel
concurrency: 1
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
resolutions: # Only created if the original video has a higher resolution, uses more storage!
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
# Transcode and keep original resolution, even if it's above your maximum enabled resolution
always_transcode_original_resolution: true
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
# If you also enabled the hls format, it will multiply videos storage by 2
# If disabled, breaks federation with PeerTube instances < 2.1
enabled: false
# /!\ Requires ffmpeg >= 4.1
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
# * Resolution change is smoother
# * Faster playback in particular with long videos
# * More stable playback (less bugs/infinite loading)
# If you also enabled the webtorrent format, it will multiply videos storage by 2
enabled: true
enabled: false
# Limit lives duration
# -1 == unlimited
max_duration: -1 # For example: '5 hours'
# Limit max number of live videos created on your instance
# -1 == unlimited
max_instance_lives: 20
# Limit max number of live videos created by a user on your instance
# -1 == unlimited
max_user_lives: 3
# Allow your users to save a replay of their live
# PeerTube will transcode segments in a video file
# If the user daily/total quota is reached, PeerTube will stop the live
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
allow_replay: true
# Allow your users to change latency settings (small latency/default/high latency)
# Small latency live streams cannot use P2P
# High latency live streams can increase P2P ratio
enabled: true
# Your firewall should accept traffic from this port in TCP if you enable live
enabled: true
# Listening hostname/port for RTMP server
# '::' to listen on IPv6 and IPv4, '' to listen on IPv4
# Use null to automatically listen on '::' if IPv6 is available, or '' otherwise
hostname: null
port: 1935
# Public hostname of your RTMP server
# Use null to use the same value than `webserver.hostname`
public_hostname: null
enabled: false
# Listening hostname/port for RTMPS server
# '::' to listen on IPv6 and IPv4, '' to listen on IPv4
# Use null to automatically listen on '::' if IPv6 is available, or '' otherwise
hostname: null
port: 1936
# Absolute paths
key_file: ''
cert_file: ''
# Public hostname of your RTMPS server
# Use null to use the same value than `webserver.hostname`
public_hostname: null
# Allow to transcode the live streaming in multiple live resolutions
enabled: true
threads: 2
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
# Also transcode original resolution, even if it's above your maximum enabled resolution
always_transcode_original_resolution: true
# Enable video edition by users (cut, add intro/outro, add watermark etc)
# If enabled, users can create transcoding tasks as they wish
enabled: false
# Add ability for your users to import remote videos (from YouTube, torrent...)
# Amount of import jobs to execute in parallel
concurrency: 1
# Set a custom video import timeout to not block import queue
timeout: '2 hours'
# Classic HTTP or all sites supported by youtube-dl
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
# See for more information
enabled: false
# Direct download URL to youtube-dl binary
# Github releases API is also supported
# Examples:
# *
# *
# *
url: ''
# Release binary name: 'yt-dlp' or 'youtube-dl'
name: 'yt-dlp'
# Path to the python binary to execute for youtube-dl or yt-dlp
python_path: '/usr/bin/python3'
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
force_ipv4: false
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
# We recommend to only enable magnet URI/torrent import if you trust your users
# See for more information
enabled: false
# Add ability for your users to synchronize their channels with external channels, playlists, etc.
enabled: false
max_per_user: 10
check_interval: 1 hour
# Number of latest published videos to check and to potentially import when syncing a channel
videos_limit_per_synchronization: 10
# Max number of videos to import when the user asks for full sync
full_sync_videos_limit: 1000
# New videos automatically blacklisted so moderators can review before publishing
enabled: false
# Instance settings
name: 'PeerTube'
short_description: 'PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.'
description: 'Welcome to this PeerTube instance!' # Support markdown
terms: 'No terms for now.' # Support markdown
code_of_conduct: '' # Supports markdown
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
moderation_information: '' # Supports markdown
# Why did you create this instance?
creation_reason: '' # Supports Markdown
# Who is behind the instance? A single person? A non profit?
administrator: '' # Supports Markdown
# How long do you plan to maintain this instance?
maintenance_lifetime: '' # Supports Markdown
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
business_model: '' # Supports Markdown
# If you want to explain on what type of hardware your PeerTube instance runs
# Example: '2 vCore, 2GB RAM...'
hardware_information: '' # Supports Markdown
# What are the main languages of your instance? To interact with your users for example
# Uncomment or add the languages you want
# List of supported languages:
# - en
# - es
# - fr
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
# Uncomment or add the category ids you want
# List of supported categories:
# - 1 # Music
# - 2 # Films
# - 3 # Vehicles
# - 4 # Art
# - 5 # Sports
# - 6 # Travels
# - 7 # Gaming
# - 8 # People
# - 9 # Comedy
# - 10 # Entertainment
# - 11 # News & Politics
# - 12 # How To
# - 13 # Education
# - 14 # Activism
# - 15 # Science & Technology
# - 16 # Animals
# - 17 # Kids
# - 18 # Food
default_client_route: '/videos/trending'
# Whether or not the instance is dedicated to NSFW content
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
is_nsfw: false
# By default, `do_not_list` or `blur` or `display` NSFW videos
# Could be overridden per user with a setting
default_nsfw_policy: 'do_not_list'
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
robots: |
User-agent: *
# /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
# To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
'# If you would like to report a security issue\n# you may report it to:\nContact:\nContact: mailto:'
# Cards configuration to format video in Twitter
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Change it to `true`, and then test on to see if you are whitelisted
whitelisted: false
# Allow or not other instances to follow yours
enabled: true
# Whether or not an administrator must manually validate a new follower
manual_approval: false
# If you want to automatically follow back new instance followers
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
enabled: false
# If you want to automatically follow instances of the public index
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
enabled: false
# Host your own using
index_url: ''
default: 'default'
enabled: false
message: '' # Support markdown
level: 'info' # 'info' | 'warning' | 'error'
dismissable: false
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
# If enabled, the associated group will be able to "escape" from the instance follows
# That means they will be able to follow channels, watch videos, list videos of non followed instances
users: true
anonymous: false
# Use a third party index instead of your local index, only for search results
# Useful to discover content outside of your instance
# If you enable search_index, you must enable remote_uri search for users
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
# instead of loading the video locally
enabled: false
# URL of the search index, that should use the same search API and routes
# than PeerTube:
# You should deploy your own with,
# and can use for tests, but keep in mind the latter is an unmoderated search index
url: ''
# You can disable local search, so users only use the search index
disable_local_search: false
# If you did not disable local search, you can decide to use the search index by default
is_default_search: false
# PeerTube client/interface configuration
# By default PeerTube client displays author username
prefer_author_display_name: false
display_author_avatar: false
# Max size of upload chunks, e.g. '90MB'
# If null, it will be calculated based on network speed
max_chunk_size: null
# If you enable only one external auth plugin
# You can automatically redirect your users on this external platform when they click on the login button
redirect_on_single_external_auth: false

View file

@ -0,0 +1,278 @@
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
# Please check your Nginx installation features the following modules via 'nginx -V':
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
#server {
# listen 80;
# listen [::]:80;
# server_name {{ domains | first }};
# location /.well-known/acme-challenge/ {
# default_type "text/plain";
# root /var/www/certbot;
# }
# location / { return 301 https://$host$request_uri; }
upstream backend {
server {{ pt_host }};
server {
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
listen 80;
listen [::]:80;
server_name {{ domains | first }};
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
error_log /var/log/nginx/{{ service }}.error.log;
# Certificates
# you need a certificate to run in production. see
#ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
location ^~ '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/certbot;
# Security hardening (as of Nov 15, 2020)
# based on Mozilla Guideline v5.6
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_prefer_server_ciphers on;
#ssl_session_timeout 1d; # defaults to 5m
#ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
#ssl_session_tickets off;
#ssl_stapling on;
#ssl_stapling_verify on;
# HSTS (, requires to be copied in 'location' sections that have add_header directives
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
# Application
location @api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://backend;
location / {
try_files /dev/null @api;
location = /api/v1/videos/upload-resumable {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
limit_except POST HEAD { deny all; }
# This is the maximum upload size, which roughly matches the maximum size of a video file.
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
# Websocket
location @api_websocket {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://backend;
location / {
try_files /dev/null @api_websocket;
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before then
proxy_read_timeout 15m; # default is 60s
try_files /dev/null @api_websocket;
# Plugin websocket routes
location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
try_files /dev/null @api_websocket;
# Performance optimizations
# For extra performance please refer to
root {{ service_home }}/storage;
# Enable compression for JS/CSS/HTML, for improved client load times.
# It might be nice to compress JSON/XML as returned by the API, but
# leaving that out to protect against potential BREACH attack.
gzip on;
gzip_vary on;
gzip_types # text/html is always compressed by HttpGzipModule
gzip_min_length 1000; # default is 20 bytes
gzip_buffers 16 8k;
gzip_comp_level 2; # default is 1
client_body_timeout 30s; # default is 60
client_header_timeout 10s; # default is 60
send_timeout 10s; # default is 60
keepalive_timeout 10s; # default is 75
resolver_timeout 10s; # default is 30
reset_timedout_connection on;
proxy_ignore_client_abort on;
tcp_nopush on; # send headers in one piece
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
# See
#client_body_temp_path /var/www/peertube/storage/nginx/;
# Bypass PeerTube for performance reasons. Optional.
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
root {{ service_home }};
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
alias {{ service_home }}/peertube-latest/client/dist/$1;
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(thumbnails|avatars)/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
# We can't rate limit a try_files directive, so we need to duplicate @api
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_limit_rate 5M;
proxy_pass http://backend;
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
limit_rate_after 5M;
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
set $peertube_limit_rate 800k;
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
if ($request_uri ~ -fragmented.mp4$) {
set $peertube_limit_rate 5M;
# Use this line with nginx >= 1.17.0
limit_rate $peertube_limit_rate;
# Or this line with nginx < 1.17.0
# set $limit_rate $peertube_limit_rate;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
if ($request_method = 'GET') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Don't spam access log file with byte range requests
access_log off;
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
# and enables direct copying data from one file descriptor to another.
sendfile on;
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
aio threads;
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;

View file

View file

- hosts: localhost
remote_user: root
- peertube

@ -0,0 +1,2 @@
# vars file