New role to install + upgrade PeerTube
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
d35f2bcae7
commit
0535c40455
49
webapps/peertube/LISEZMOI.md
Normal file
49
webapps/peertube/LISEZMOI.md
Normal file
|
@ -0,0 +1,49 @@
|
|||
peertube
|
||||
=====
|
||||
|
||||
Ce rôle installe un serveur peertube.
|
||||
|
||||
Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle peertube sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
|
||||
|
||||
Requis
|
||||
------
|
||||
|
||||
...
|
||||
|
||||
Variables du rôle
|
||||
-----------------
|
||||
|
||||
Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
|
||||
|
||||
Dépendances
|
||||
------------
|
||||
|
||||
Ce rôle Ansible dépend des rôles suivants :
|
||||
|
||||
- nodejs
|
||||
|
||||
Exemple de playbook
|
||||
-------------------
|
||||
|
||||
```
|
||||
- name: "Déployer un serveur peertube"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Supplanter ici les variables du rôle
|
||||
domains: ['votre-vrai-domaine.org']
|
||||
service: 'mon-peertube'
|
||||
|
||||
roles:
|
||||
- { role: webapps/peertube , tags: "peertube" }
|
||||
```
|
||||
|
||||
Licence
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Infos sur l'auteur
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.
|
|
@ -1,10 +1,49 @@
|
|||
# Peertube
|
||||
peertube
|
||||
=====
|
||||
|
||||
This depends on the following roles
|
||||
This role installs or upgrades the server for peertube.
|
||||
|
||||
FRENCH: Voir le fichier LISEZMOI.md pour le français.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
...
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
This Ansible role depends on the following other roles:
|
||||
|
||||
- certbot
|
||||
- evolinux-base
|
||||
- nginx
|
||||
- nodejs
|
||||
- postgresql
|
||||
- redis
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
```
|
||||
- name: "Deploy a peertube server"
|
||||
hosts:
|
||||
- all
|
||||
vars:
|
||||
# Overwrite the role variables here
|
||||
domains: ['your-real-domain.org']
|
||||
service: 'my-peertube'
|
||||
|
||||
roles:
|
||||
- { role: webapps/peertube , tags: "peertube" }
|
||||
```
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
GPLv3
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Mathieu Gauthier-Pilote, sys. admin. at Evolix.
|
||||
|
|
|
@ -1,18 +1,14 @@
|
|||
---
|
||||
peertube_version: "latest-24"
|
||||
peertube_archive_name: "{{ peertube_version }}.tar.bz2"
|
||||
peertube_releases_baseurl: ""
|
||||
|
||||
peertube_instance_name: "peertube"
|
||||
peertube_user: "{{ peertube_instance_name }}"
|
||||
peertube_domains: []
|
||||
|
||||
peertube_home: "/home/{{ peertube_user }}"
|
||||
peertube_webroot: "{{ peertube_home }}/peertube"
|
||||
peertube_data: "{{ peertube_webroot }}/data"
|
||||
|
||||
peertube_db_user: "{{ peertube_user }}"
|
||||
peertube_db_name: "{{ peertube_instance_name }}"
|
||||
|
||||
peertube_admin_login: "admin"
|
||||
peertube_admin_password: ""
|
||||
# defaults file for vars
|
||||
system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
|
||||
version: 'v5.1.0'
|
||||
download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip"
|
||||
domains: ['example.domain.org']
|
||||
service_home: '/var/www/peertube'
|
||||
db_host: 'localhost'
|
||||
db_port: '5432'
|
||||
db_name: "{{ service }}"
|
||||
db_user: "{{ service }}"
|
||||
db_password: 'UQ6_CHANGE_ME_Gzb'
|
||||
pt_secret: 'd98a73_CHANGE_ME_c00c7c'
|
||||
pt_host: '127.0.0.1:9000'
|
||||
|
|
|
@ -1,15 +1,2 @@
|
|||
---
|
||||
- name: reload php-fpm
|
||||
service:
|
||||
name: php7.3-fpm
|
||||
state: reloaded
|
||||
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: reload apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
# handlers file
|
||||
|
|
|
@ -1 +1,52 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Mathieu Gauthier-Pilote
|
||||
description: sys. admin.
|
||||
company: Evolix
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license GPL-3.0-only
|
||||
|
||||
min_ansible_version: 2.10
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
|
||||
- name: "Get PHP Version"
|
||||
shell: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"'
|
||||
register: shell_php
|
||||
check_mode: no
|
||||
|
||||
- name: "Set variables"
|
||||
set_fact:
|
||||
php_version: "{{ shell_php.stdout }}"
|
||||
|
||||
- name: Apply specific PHP settings (apache)
|
||||
ini_file:
|
||||
path: "/etc/php/{{ php_version }}/apache2/conf.d/zzz-evolinux-custom.ini"
|
||||
section: ''
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
notify: reload apache
|
||||
with_items:
|
||||
- {option: 'allow_url_fopen', value: 'On'}
|
||||
- {option: 'disable_functions', value: ''}
|
||||
- {option: 'max_execution_time', value: '300'}
|
||||
- {option: 'memory_limit', value: '512M'}
|
||||
|
||||
- name: Apply specific PHP settings (cli)
|
||||
ini_file:
|
||||
path: "/etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini"
|
||||
section: ''
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
with_items:
|
||||
- {option: 'allow_url_fopen', value: 'On'}
|
||||
- {option: 'apc.enable_cli', value: 'On'}
|
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
- name: Copy Apache vhost
|
||||
template:
|
||||
src: apache-vhost.conf.j2
|
||||
dest: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
|
||||
mode: "0640"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Enable Apache vhost
|
||||
file:
|
||||
src: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
|
||||
dest: "/etc/apache2/sites-enabled/{{ nextcloud_instance_name }}.conf"
|
||||
state: link
|
||||
notify: reload apache
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
# - name: Generate ssl config
|
||||
# shell:
|
||||
# cmd: "/usr/local/sbin/vhost-domains {{ nextcloud_instance_name }} | /usr/local/sbin/make-csr {{ nextcloud_instance_name }}"
|
||||
# creates: "/etc/nginx/ssl/{{ nextcloud_instance_name }}.conf"
|
|
@ -1,37 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Retrieve Nextcloud archive
|
||||
get_url:
|
||||
url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}"
|
||||
dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
|
||||
force: no
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Retrieve Nextcloud sha256 checksum
|
||||
get_url:
|
||||
url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}.sha256"
|
||||
dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}.sha256"
|
||||
force: no
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Verify Nextcloud sha256 checksum
|
||||
command: "sha256sum -c {{ nextcloud_archive_name }}.sha256"
|
||||
changed_when: "False"
|
||||
args:
|
||||
chdir: "{{ nextcloud_home }}"
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Extract Nextcloud archive
|
||||
unarchive:
|
||||
src: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
|
||||
dest: "{{ nextcloud_home }}"
|
||||
creates: "{{ nextcloud_home }}/nextcloud"
|
||||
remote_src: True
|
||||
mode: "0750"
|
||||
owner: "{{ nextcloud_user }}"
|
||||
group: "{{ nextcloud_user }}"
|
||||
tags:
|
||||
- nextcloud
|
|
@ -1,81 +0,0 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: Generate admin password
|
||||
command: 'apg -n 1 -m 16 -M lcN'
|
||||
register: nextcloud_admin_password_apg
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
|
||||
- debug:
|
||||
var: nextcloud_admin_password_apg
|
||||
|
||||
- set_fact:
|
||||
nextcloud_admin_password: "{{ nextcloud_admin_password_apg.stdout }}"
|
||||
|
||||
tags:
|
||||
- nextcloud
|
||||
when: nextcloud_admin_password | length == 0
|
||||
|
||||
- name: Get Nextcloud Status
|
||||
shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'"
|
||||
args:
|
||||
chdir: "{{ nextcloud_webroot }}"
|
||||
become_user: "{{ nextcloud_user }}"
|
||||
register: nc_status
|
||||
check_mode: no
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Install Nextcloud
|
||||
command: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}"
|
||||
args:
|
||||
chdir: "{{ nextcloud_webroot }}"
|
||||
creates: "{{ nextcloud_home }}/config/config.php"
|
||||
become_user: "{{ nextcloud_user }}"
|
||||
when: (nc_status.stdout | from_json).installed == false
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Configure Nextcloud Mysql password
|
||||
replace:
|
||||
dest: "{{ nextcloud_home }}/nextcloud/config/config.php"
|
||||
regexp: "'dbpassword' => '([^']*)',"
|
||||
replace: "'dbpassword' => '{{ nextcloud_db_pass }}',"
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Configure Nextcloud cron
|
||||
cron:
|
||||
name: 'Nextcloud'
|
||||
minute: "*/5"
|
||||
job: "php -f {{ nextcloud_webroot }}/cron.php"
|
||||
user: "{{ nextcloud_user }}"
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Erase previously trusted domains config
|
||||
command: "php ./occ config:system:set trusted_domains"
|
||||
args:
|
||||
chdir: "{{ nextcloud_webroot }}"
|
||||
become_user: "{{ nextcloud_user }}"
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
- name: Configure trusted domains
|
||||
command: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}"
|
||||
args:
|
||||
chdir: "{{ nextcloud_webroot }}"
|
||||
with_indexed_items:
|
||||
- "{{ nextcloud_domains }}"
|
||||
become_user: "{{ nextcloud_user }}"
|
||||
tags:
|
||||
- nextcloud
|
||||
|
||||
#- name: Configure memcache local to APCu
|
||||
# command: "php ./occ config:system:set memcache.local --value '\\OC\\Memcache\\APCu'"
|
||||
# args:
|
||||
# chdir: "{{ nextcloud_webroot }}"
|
||||
# become_user: "{{ nextcloud_user }}"
|
||||
# tags:
|
||||
# - nextcloud
|
|
@ -1,24 +1,143 @@
|
|||
---
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
# tasks file for peertube install
|
||||
|
||||
- name: Add bullseye-backports repo into sources list (for redis)
|
||||
apt_repository:
|
||||
repo: deb http://mirror.evolix.org/debian bullseye-backports main
|
||||
state: present
|
||||
name:
|
||||
- ffmpeg
|
||||
- python3-dev
|
||||
- python-is-python3
|
||||
- g++
|
||||
- make
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- include: apache-system.yml
|
||||
- name: Install main system dependencies
|
||||
apt:
|
||||
name: "{{ system_dep }}"
|
||||
|
||||
- include: user.yml
|
||||
- name: Upgrade redis-server to the latest version from bullseye-backports
|
||||
apt:
|
||||
name: redis-server
|
||||
state: latest
|
||||
default_release: bullseye-backports
|
||||
update_cache: yes
|
||||
|
||||
- include: archive.yml
|
||||
- name: Add UNIX account
|
||||
user:
|
||||
name: "{{ service }}"
|
||||
home: "{{ service_home }}"
|
||||
shell: /bin/bash
|
||||
|
||||
- include: apache-vhost.yml
|
||||
- name: Add PostgreSQL user
|
||||
postgresql_user:
|
||||
name: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
no_password_changes: true
|
||||
become_user: postgres
|
||||
|
||||
- include: mysql-user.yml
|
||||
- name: Add PostgreSQL database
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user }}"
|
||||
template: template0
|
||||
encoding: UTF-8
|
||||
become_user: postgres
|
||||
|
||||
- include: config.yml
|
||||
- name: Add dirs required by peertube
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "~/config"
|
||||
- "~/storage"
|
||||
- "~/versions"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Unarchive peertube archive
|
||||
unarchive:
|
||||
src: "{{ download_url }}"
|
||||
dest: ~/versions
|
||||
remote_src: yes
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Symbolic link to unarchived version
|
||||
file:
|
||||
src: "~/versions/peertube-{{ version }}"
|
||||
dest: "~/peertube-latest"
|
||||
state: link
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Install PeerTube nodejs deps (via yarn)
|
||||
shell: "yarn install --production --pure-lockfile"
|
||||
args:
|
||||
chdir: "~/peertube-latest"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Copy default.yaml to prod dir
|
||||
copy:
|
||||
src: "~/peertube-latest/config/default.yaml"
|
||||
dest: "~/config/default.yaml"
|
||||
remote_src: true
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Template peertube conf file
|
||||
template:
|
||||
src: "production.yaml.j2"
|
||||
dest: "~/config/production.yaml"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Template peertube systemd unit
|
||||
template:
|
||||
src: "peertube.service.j2"
|
||||
dest: "/etc/systemd/system/{{ service }}.service"
|
||||
|
||||
- name: Start peertube systemd unit
|
||||
service:
|
||||
name: "{{ service }}"
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
#~ - name: Check if SSL certificate is present and register result
|
||||
#~ stat:
|
||||
#~ path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
#~ register: ssl
|
||||
|
||||
#~ - name: Generate certificate only if required (first time)
|
||||
#~ block:
|
||||
#~ - name: Template vhost without SSL for successfull LE challengce
|
||||
#~ template:
|
||||
#~ src: "vhost.conf.j2"
|
||||
#~ dest: "/etc/nginx/sites-available/{{ service }}.conf"
|
||||
#~ - name: Enable temporary nginx vhost for peertube
|
||||
#~ file:
|
||||
#~ src: "/etc/nginx/sites-available/{{ service }}.conf"
|
||||
#~ dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
|
||||
#~ state: link
|
||||
#~ - name: Reload nginx conf
|
||||
#~ service:
|
||||
#~ name: nginx
|
||||
#~ state: reloaded
|
||||
#~ - name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
#~ file:
|
||||
#~ path: /var/lib/letsencrypt
|
||||
#~ state: directory
|
||||
#~ mode: '0755'
|
||||
#~ - name: Generate certificate with certbot
|
||||
#~ shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }}
|
||||
#~ when: ssl.stat.exists == true
|
||||
|
||||
#~ - name: (Re)check if SSL certificate is present and register result
|
||||
#~ stat:
|
||||
#~ path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
#~ register: ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
template:
|
||||
src: "vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ service }}.conf"
|
||||
|
||||
- name: Enable nginx vhost for peertube
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ service }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
|
||||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Create a new database
|
||||
community.postgresql.postgresql_db:
|
||||
name: "{{ peertube_db_name }}"
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- name: Generate Postgres password
|
||||
command: 'apg -n 1 -m 16 -M lcN'
|
||||
register: peertube_db_pass_apg
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- name: Connect to peertube database, create peertube user, and grant access to database
|
||||
community.postgresql.postgresql_user:
|
||||
db: "{{ peertube_db_name }}"
|
||||
name: "{{ peertube_db_user }}"
|
||||
password: "{{ peertube_db_pass_apg.stdout }}"
|
||||
priv: "ALL"
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- name: Store credentials in my.cnf
|
||||
ini_file:
|
||||
dest: "{{ nextcloud_home }}/.my.cnf"
|
||||
owner: "{{ nextcloud_user }}"
|
||||
group: "{{ nextcloud_user }}"
|
||||
mode: "0600"
|
||||
section: client
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
loop:
|
||||
- { option: "user", value: "{{ nextcloud_db_user }}" }
|
||||
- { option: "database", value: "{{ nextcloud_db_name }}" }
|
||||
- { option: "password", value: "{{ nextcloud_db_pass }}" }
|
||||
tags:
|
||||
- nextcloud
|
75
webapps/peertube/tasks/upgrade.yml
Normal file
75
webapps/peertube/tasks/upgrade.yml
Normal file
|
@ -0,0 +1,75 @@
|
|||
---
|
||||
# tasks file for peertube upgrade
|
||||
|
||||
- name: Stop peertube systemd unit
|
||||
service:
|
||||
name: "{{ service }}"
|
||||
state: stopped
|
||||
|
||||
- name: Dump database to a file with compression
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
state: dump
|
||||
target: "~/{{ db_name }}.sql.gz"
|
||||
become_user: postgres
|
||||
|
||||
- name: Unarchive new peertube archive
|
||||
unarchive:
|
||||
src: "{{ download_url }}"
|
||||
dest: ~/versions
|
||||
remote_src: yes
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Symbolic link to new version
|
||||
file:
|
||||
src: "~/versions/peertube-{{ version }}"
|
||||
dest: "~/peertube-latest"
|
||||
state: link
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Install PeerTube nodejs deps (via yarn)
|
||||
shell: "yarn install --production --pure-lockfile"
|
||||
args:
|
||||
chdir: "~/peertube-latest"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Copy default.yaml to prod dir
|
||||
copy:
|
||||
src: "~/peertube-latest/config/default.yaml"
|
||||
dest: "~/config/default.yaml"
|
||||
remote_src: true
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Template peertube conf file
|
||||
template:
|
||||
src: "production.yaml.j2"
|
||||
dest: "~/config/production.yaml"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Restart peertube systemd unit
|
||||
systemd:
|
||||
name: "{{ service }}"
|
||||
daemon_reload: true
|
||||
state: restarted
|
||||
|
||||
- name: Retemplate conf file for nginx vhost
|
||||
template:
|
||||
src: "vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ service }}.conf"
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: Define variable to skip next task by default
|
||||
set_fact:
|
||||
keep_db_dump: true
|
||||
|
||||
- name: Remove database dump
|
||||
file:
|
||||
path: "~/{{ db_name }}.sql.gz"
|
||||
state: absent
|
||||
become_user: postgres
|
||||
when: keep_db_dump is undefined
|
||||
tags: clean
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
- name: Create {{ peertube_user }} unix group
|
||||
group:
|
||||
name: "{{ peertube_user | mandatory }}"
|
||||
state: present
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- name: Create {{ peertube_user | mandatory }} unix user
|
||||
user:
|
||||
name: "{{ peertube_user | mandatory }}"
|
||||
group: "{{ peertube_user | mandatory }}"
|
||||
home: "{{ peertube_home | mandatory }}"
|
||||
shell: '/bin/bash'
|
||||
create_home: True
|
||||
state: present
|
||||
mode: "0755"
|
||||
tags:
|
||||
- peertube
|
||||
|
||||
- name: Create top-level directories
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
state: directory
|
||||
mode: "0700"
|
||||
owner: "{{ peertube_user }}"
|
||||
group: "{{ peertube_user }}"
|
||||
loop:
|
||||
- "{{ peertube_home }}/log"
|
||||
- "{{ peertube_home }}/tmp"
|
||||
- "{{ peertube_home }}/data"
|
||||
tags:
|
||||
- peertube
|
|
@ -1,41 +0,0 @@
|
|||
<VirtualHost *:80 *:443>
|
||||
ServerName {{ nextcloud_domains[0] }}
|
||||
|
||||
{% for domain_alias in nextcloud_domains[1:] %}
|
||||
ServerAlias {{ domain_alias }}
|
||||
{% endfor %}
|
||||
|
||||
# SSLEngine on
|
||||
# SSLCertificateFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/fullchain.pem
|
||||
# SSLCertificateKeyFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/privkey.pem
|
||||
|
||||
DocumentRoot {{ nextcloud_webroot }}/
|
||||
|
||||
<Directory {{ nextcloud_webroot }}/>
|
||||
Require all granted
|
||||
AllowOverride All
|
||||
Options FollowSymLinks MultiViews
|
||||
|
||||
<IfModule mod_dav.c>
|
||||
Dav off
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# SSL Redirect
|
||||
# RewriteEngine On
|
||||
# RewriteCond %{HTTPS} !=on
|
||||
# RewriteCond %{HTTP:X-Forwarded-Proto} !=https
|
||||
# RewriteRule ^ https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
|
||||
|
||||
# ITK
|
||||
AssignUserID {{ nextcloud_user }} {{ nextcloud_user }}
|
||||
|
||||
# LOG
|
||||
CustomLog /var/log/apache2/access.log vhost_combined
|
||||
ErrorLog /var/log/apache2/error.log
|
||||
|
||||
# PHP
|
||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f {{ nextcloud_user }}"
|
||||
php_admin_value open_basedir "/usr/share/php:{{ nextcloud_home }}:/tmp"
|
||||
|
||||
</VirtualHost>
|
8
webapps/peertube/templates/peertube-tcp.conf.j2
Normal file
8
webapps/peertube/templates/peertube-tcp.conf.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
# In a video server, we are often sending files to a client
|
||||
# which can't accept it as fast as our local network connection
|
||||
# could produce packets. To prevent packet loss and buffer bloat,
|
||||
# it's especially important to use a modern CoDel scheduler which
|
||||
# knows how to delay outgoing packets to match slower client links.
|
||||
|
||||
net.core.default_qdisc = fq_codel
|
||||
net.ipv4.tcp_congestion_control = bbr
|
35
webapps/peertube/templates/peertube.service.j2
Normal file
35
webapps/peertube/templates/peertube.service.j2
Normal file
|
@ -0,0 +1,35 @@
|
|||
[Unit]
|
||||
Description=PeerTube daemon
|
||||
After=network.target postgresql.service redis-server.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment=NODE_ENV=production
|
||||
Environment=NODE_CONFIG_DIR={{ service_home }}/config
|
||||
User={{ service }}
|
||||
Group={{ service }}
|
||||
ExecStart=/usr/bin/node dist/server
|
||||
WorkingDirectory={{ service_home }}/peertube-latest
|
||||
SyslogIdentifier=peertube
|
||||
Restart=always
|
||||
|
||||
; Some security directives.
|
||||
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
|
||||
ProtectSystem=full
|
||||
; Sets up a new /dev mount for the process and only adds API pseudo devices
|
||||
; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
|
||||
; by default because it may not work on devices like the Raspberry Pi.
|
||||
PrivateDevices=false
|
||||
; Ensures that the service process and all its children can never gain new
|
||||
; privileges through execve().
|
||||
NoNewPrivileges=true
|
||||
; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
|
||||
; by this unit. Make sure that you do not depend on data inside these folders.
|
||||
ProtectHome=true
|
||||
; Drops the sys admin capability from the daemon.
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
|
790
webapps/peertube/templates/production.yaml.j2
Normal file
790
webapps/peertube/templates/production.yaml.j2
Normal file
|
@ -0,0 +1,790 @@
|
|||
listen:
|
||||
hostname: '127.0.0.1'
|
||||
port: 9000
|
||||
|
||||
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
||||
webserver:
|
||||
https: false
|
||||
hostname: '{{ domains| first }}'
|
||||
port: 80
|
||||
|
||||
# Secrets you need to generate the first time you run PeerTube
|
||||
secrets:
|
||||
# Generate one using `openssl rand -hex 32`
|
||||
peertube: '{{ pt_secret }}'
|
||||
|
||||
rates_limit:
|
||||
api:
|
||||
# 50 attempts in 10 seconds
|
||||
window: 10 seconds
|
||||
max: 50
|
||||
login:
|
||||
# 15 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 15
|
||||
signup:
|
||||
# 2 attempts in 5 min (only succeeded attempts are taken into account)
|
||||
window: 5 minutes
|
||||
max: 2
|
||||
ask_send_email:
|
||||
# 3 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 3
|
||||
receive_client_log:
|
||||
# 10 attempts in 10 min
|
||||
window: 10 minutes
|
||||
max: 10
|
||||
|
||||
oauth2:
|
||||
token_lifetime:
|
||||
access_token: '1 day'
|
||||
refresh_token: '2 weeks'
|
||||
|
||||
# Proxies to trust to get real client IP
|
||||
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
|
||||
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
|
||||
trust_proxy:
|
||||
- 'loopback'
|
||||
|
||||
# Your database name will be database.name OR 'peertube'+database.suffix
|
||||
database:
|
||||
hostname: '{{ db_host }}'
|
||||
port: {{ db_port }}
|
||||
ssl: false
|
||||
suffix: ''
|
||||
name: '{{ db_name }}'
|
||||
username: '{{ db_user }}'
|
||||
password: '{{ db_password }}'
|
||||
pool:
|
||||
max: 5
|
||||
|
||||
# Redis server for short time storage
|
||||
# You can also specify a 'socket' path to a unix socket but first need to
|
||||
# set 'hostname' and 'port' to null
|
||||
redis:
|
||||
hostname: 'localhost'
|
||||
port: 6379
|
||||
auth: null
|
||||
db: 0
|
||||
|
||||
# SMTP server to send emails
|
||||
smtp:
|
||||
# smtp or sendmail
|
||||
transport: smtp
|
||||
# Path to sendmail command. Required if you use sendmail transport
|
||||
sendmail: null
|
||||
hostname: null
|
||||
port: 465 # If you use StartTLS: 587
|
||||
username: null
|
||||
password: null
|
||||
tls: true # If you use StartTLS: false
|
||||
disable_starttls: false
|
||||
ca_file: null # Used for self signed certificates
|
||||
from_address: 'admin@example.com'
|
||||
|
||||
email:
|
||||
body:
|
||||
signature: 'PeerTube'
|
||||
subject:
|
||||
prefix: '[PeerTube]'
|
||||
|
||||
# Update default PeerTube values
|
||||
# Set by API when the field is not provided and put as default value in client
|
||||
defaults:
|
||||
# Change default values when publishing a video (upload/import/go Live)
|
||||
publish:
|
||||
download_enabled: true
|
||||
|
||||
comments_enabled: true
|
||||
|
||||
# public = 1, unlisted = 2, private = 3, internal = 4
|
||||
privacy: 1
|
||||
|
||||
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
|
||||
# You can also choose a custom licence value added by a plugin
|
||||
# No licence by default
|
||||
licence: null
|
||||
|
||||
p2p:
|
||||
# Enable P2P by default in PeerTube client
|
||||
# Can be enabled/disabled by anonymous users and logged in users
|
||||
webapp:
|
||||
enabled: true
|
||||
|
||||
# Enable P2P by default in PeerTube embed
|
||||
# Can be enabled/disabled by URL option
|
||||
embed:
|
||||
enabled: true
|
||||
|
||||
# From the project root directory
|
||||
storage:
|
||||
tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
|
||||
bin: '/var/www/peertube/storage/bin/'
|
||||
avatars: '/var/www/peertube/storage/avatars/'
|
||||
videos: '/var/www/peertube/storage/videos/'
|
||||
streaming_playlists: '/var/www/peertube/storage/streaming-playlists/'
|
||||
redundancy: '/var/www/peertube/storage/redundancy/'
|
||||
logs: '/var/www/peertube/storage/logs/'
|
||||
previews: '/var/www/peertube/storage/previews/'
|
||||
thumbnails: '/var/www/peertube/storage/thumbnails/'
|
||||
torrents: '/var/www/peertube/storage/torrents/'
|
||||
captions: '/var/www/peertube/storage/captions/'
|
||||
cache: '/var/www/peertube/storage/cache/'
|
||||
plugins: '/var/www/peertube/storage/plugins/'
|
||||
well_known: '/var/www/peertube/storage/well-known/'
|
||||
# Overridable client files in client/dist/assets/images:
|
||||
# - logo.svg
|
||||
# - favicon.png
|
||||
# - default-playlist.jpg
|
||||
# - default-avatar-account.png
|
||||
# - default-avatar-video-channel.png
|
||||
# - and icons/*.png (PWA)
|
||||
# Could contain for example assets/images/favicon.png
|
||||
# If the file exists, peertube will serve it
|
||||
# If not, peertube will fallback to the default file
|
||||
client_overrides: '/var/www/peertube/storage/client-overrides/'
|
||||
|
||||
static_files:
|
||||
# Require and check user authentication when accessing private files (internal/private video files)
|
||||
private_files_require_auth: true
|
||||
|
||||
object_storage:
|
||||
enabled: false
|
||||
|
||||
# Without protocol, will default to HTTPS
|
||||
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
|
||||
|
||||
region: 'us-east-1'
|
||||
|
||||
upload_acl:
|
||||
# Set this ACL on each uploaded object of public/unlisted videos
|
||||
# Use null if your S3 provider does not support object ACL
|
||||
public: 'public-read'
|
||||
# Set this ACL on each uploaded object of private/internal videos
|
||||
# PeerTube can proxify requests to private objects so your users can access them
|
||||
# Use null if your S3 provider does not support object ACL
|
||||
private: 'private'
|
||||
|
||||
proxy:
|
||||
# If private files (private/internal video files) have a private ACL, users can't access directly the ressource
|
||||
# PeerTube can proxify requests between your object storage service and your users
|
||||
# If you disable PeerTube proxy, ensure you use your own proxy that is able to access the private files
|
||||
# Or you can also set a public ACL for private files in object storage if you don't want to use a proxy
|
||||
proxify_private_files: true
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||
secret_access_key: ''
|
||||
|
||||
# Maximum amount to upload in one request to object storage
|
||||
max_upload_part: 100MB
|
||||
|
||||
streaming_playlists:
|
||||
bucket_name: 'streaming-playlists'
|
||||
|
||||
# Allows setting all buckets to the same value but with a different prefix
|
||||
prefix: '' # Example: 'streaming-playlists:'
|
||||
|
||||
# Base url for object URL generation, scheme and host will be replaced by this URL
|
||||
# Useful when you want to use a CDN/external proxy
|
||||
base_url: '' # Example: 'https://mirror.example.com'
|
||||
|
||||
# Same settings but for webtorrent videos
|
||||
videos:
|
||||
bucket_name: 'videos'
|
||||
prefix: ''
|
||||
base_url: ''
|
||||
|
||||
log:
|
||||
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
|
||||
|
||||
rotation:
|
||||
enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
|
||||
max_file_size: 12MB
|
||||
max_files: 20
|
||||
|
||||
anonymize_ip: false
|
||||
|
||||
log_ping_requests: true
|
||||
log_tracker_unknown_infohash: true
|
||||
|
||||
prettify_sql: false
|
||||
|
||||
# Accept warn/error logs coming from the client
|
||||
accept_client_log: true
|
||||
|
||||
# Support of Open Telemetry metrics and tracing
|
||||
# For more information: https://docs.joinpeertube.org/maintain/observability
|
||||
open_telemetry:
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
http_request_duration:
|
||||
# You can disable HTTP request duration metric that can have a high tag cardinality
|
||||
enabled: true
|
||||
|
||||
# Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
|
||||
prometheus_exporter:
|
||||
hostname: '127.0.0.1'
|
||||
port: 9091
|
||||
|
||||
tracing:
|
||||
enabled: false
|
||||
|
||||
# Send traces to a Jaeger compatible endpoint
|
||||
jaeger_exporter:
|
||||
endpoint: ''
|
||||
|
||||
trending:
|
||||
videos:
|
||||
interval_days: 7 # Compute trending videos for the last x days for 'most-viewed' algorithm
|
||||
|
||||
algorithms:
|
||||
enabled:
|
||||
- 'hot' # Adaptation of Reddit's 'Hot' algorithm
|
||||
- 'most-viewed' # Number of views in the last x days
|
||||
- 'most-liked' # Global views since the upload of the video
|
||||
|
||||
default: 'most-viewed'
|
||||
|
||||
# Cache remote videos on your server, to help other instances to broadcast the video
|
||||
# You can define multiple caches using different sizes/strategies
|
||||
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
|
||||
redundancy:
|
||||
videos:
|
||||
check_interval: '1 hour' # How often you want to check new videos to cache
|
||||
strategies: # Just uncomment strategies you want
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'most-views' # Cache videos that have the most views
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'trending' # Cache trending videos
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'recently-added' # Cache recently added videos
|
||||
# min_views: 10 # Having at least x views
|
||||
|
||||
# Other instances that duplicate your content
|
||||
remote_redundancy:
|
||||
videos:
|
||||
# 'nobody': Do not accept remote redundancies
|
||||
# 'anybody': Accept remote redundancies from anybody
|
||||
# 'followings': Accept redundancies from instance followings
|
||||
accept_from: 'anybody'
|
||||
|
||||
csp:
|
||||
enabled: false
|
||||
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
|
||||
report_uri:
|
||||
|
||||
security:
|
||||
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
|
||||
frameguard:
|
||||
enabled: true
|
||||
|
||||
# Set x-powered-by HTTP header to "PeerTube"
|
||||
# Can help remote software to know this is a PeerTube instance
|
||||
powered_by_header:
|
||||
enabled: true
|
||||
|
||||
tracker:
|
||||
# If you disable the tracker, you disable the P2P on your PeerTube instance
|
||||
enabled: true
|
||||
# Only handle requests on your videos
|
||||
# If you set this to false it means you have a public tracker
|
||||
# Then, it is possible that clients overload your instance with external torrents
|
||||
private: true
|
||||
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
|
||||
reject_too_many_announces: false
|
||||
|
||||
history:
|
||||
videos:
|
||||
# If you want to limit users videos history
|
||||
# -1 means there is no limitations
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
max_age: -1
|
||||
|
||||
views:
|
||||
videos:
|
||||
# PeerTube creates a database entry every hour for each video to track views over a period of time
|
||||
# This is used in particular by the Trending page
|
||||
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
|
||||
# -1 means no cleanup
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
remote:
|
||||
max_age: '30 days'
|
||||
|
||||
# PeerTube buffers local video views before updating and federating the video
|
||||
local_buffer_update_interval: '30 minutes'
|
||||
|
||||
ip_view_expiration: '1 hour'
|
||||
|
||||
# Used to get country location of views of local videos
|
||||
geo_ip:
|
||||
enabled: true
|
||||
|
||||
country:
|
||||
database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb'
|
||||
|
||||
plugins:
|
||||
# The website PeerTube will ask for available PeerTube plugins and themes
|
||||
# This is an unmoderated plugin index, so only install plugins/themes you trust
|
||||
index:
|
||||
enabled: true
|
||||
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
|
||||
url: 'https://packages.joinpeertube.org'
|
||||
|
||||
federation:
|
||||
videos:
|
||||
federate_unlisted: false
|
||||
|
||||
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
|
||||
# It removes objects that do not exist anymore, and potentially fix their URLs
|
||||
cleanup_remote_interactions: true
|
||||
|
||||
peertube:
|
||||
check_latest_version:
|
||||
# Check and notify admins of new PeerTube versions
|
||||
enabled: true
|
||||
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
|
||||
url: 'https://joinpeertube.org/api/v1/versions.json'
|
||||
|
||||
webadmin:
|
||||
configuration:
|
||||
edition:
|
||||
# Set this to false if you don't want to allow config edition in the web interface by instance admins
|
||||
allowed: true
|
||||
|
||||
# XML, Atom or JSON feeds
|
||||
feeds:
|
||||
videos:
|
||||
# Default number of videos displayed in feeds
|
||||
count: 20
|
||||
|
||||
comments:
|
||||
# Default number of comments displayed in feeds
|
||||
count: 20
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
# From this point, almost all following keys can be overridden by the web interface
|
||||
# (local-production.json file). If you need to change some values, prefer to
|
||||
# use the web interface because the configuration will be automatically
|
||||
# reloaded without any need to restart PeerTube
|
||||
#
|
||||
# /!\ If you already have a local-production.json file, modification of some of
|
||||
# the following keys will have no effect /!\
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
cache:
|
||||
previews:
|
||||
size: 500 # Max number of previews you want to cache
|
||||
captions:
|
||||
size: 500 # Max number of video captions/subtitles you want to cache
|
||||
torrents:
|
||||
size: 500 # Max number of video torrents you want to cache
|
||||
|
||||
admin:
|
||||
# Used to generate the root user at first startup
|
||||
# And to receive emails from the contact form
|
||||
email: 'admin@example.com'
|
||||
|
||||
contact_form:
|
||||
enabled: true
|
||||
|
||||
signup:
|
||||
enabled: false
|
||||
|
||||
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
|
||||
|
||||
minimum_age: 16 # Used to configure the signup form
|
||||
|
||||
# Users fill a form to register so moderators can accept/reject the registration
|
||||
requires_approval: true
|
||||
requires_email_verification: false
|
||||
|
||||
filters:
|
||||
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
|
||||
whitelist: []
|
||||
blacklist: []
|
||||
|
||||
user:
|
||||
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
|
||||
# Byte format is supported ("1GB" etc)
|
||||
# -1 == unlimited
|
||||
video_quota: -1
|
||||
video_quota_daily: -1
|
||||
|
||||
video_channels:
|
||||
max_per_user: 20 # Allows each user to create up to 20 video channels.
|
||||
|
||||
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
|
||||
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
|
||||
# Please, do not disable transcoding since many uploaded videos will not work
|
||||
transcoding:
|
||||
enabled: true
|
||||
|
||||
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
|
||||
allow_additional_extensions: true
|
||||
|
||||
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
|
||||
allow_audio_files: true
|
||||
|
||||
# Amount of threads used by ffmpeg for 1 transcoding job
|
||||
threads: 1
|
||||
# Amount of transcoding jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions: # Only created if the original video has a higher resolution, uses more storage!
|
||||
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Transcode and keep original resolution, even if it's above your maximum enabled resolution
|
||||
always_transcode_original_resolution: true
|
||||
|
||||
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
|
||||
# If you also enabled the hls format, it will multiply videos storage by 2
|
||||
# If disabled, breaks federation with PeerTube instances < 2.1
|
||||
webtorrent:
|
||||
enabled: false
|
||||
|
||||
# /!\ Requires ffmpeg >= 4.1
|
||||
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
|
||||
# * Resolution change is smoother
|
||||
# * Faster playback in particular with long videos
|
||||
# * More stable playback (less bugs/infinite loading)
|
||||
# If you also enabled the webtorrent format, it will multiply videos storage by 2
|
||||
hls:
|
||||
enabled: true
|
||||
|
||||
live:
|
||||
enabled: false
|
||||
|
||||
# Limit lives duration
|
||||
# -1 == unlimited
|
||||
max_duration: -1 # For example: '5 hours'
|
||||
|
||||
# Limit max number of live videos created on your instance
|
||||
# -1 == unlimited
|
||||
max_instance_lives: 20
|
||||
|
||||
# Limit max number of live videos created by a user on your instance
|
||||
# -1 == unlimited
|
||||
max_user_lives: 3
|
||||
|
||||
# Allow your users to save a replay of their live
|
||||
# PeerTube will transcode segments in a video file
|
||||
# If the user daily/total quota is reached, PeerTube will stop the live
|
||||
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
|
||||
allow_replay: true
|
||||
|
||||
# Allow your users to change latency settings (small latency/default/high latency)
|
||||
# Small latency live streams cannot use P2P
|
||||
# High latency live streams can increase P2P ratio
|
||||
latency_setting:
|
||||
enabled: true
|
||||
|
||||
# Your firewall should accept traffic from this port in TCP if you enable live
|
||||
rtmp:
|
||||
enabled: true
|
||||
|
||||
# Listening hostname/port for RTMP server
|
||||
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
|
||||
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
|
||||
hostname: null
|
||||
port: 1935
|
||||
|
||||
# Public hostname of your RTMP server
|
||||
# Use null to use the same value than `webserver.hostname`
|
||||
public_hostname: null
|
||||
|
||||
rtmps:
|
||||
enabled: false
|
||||
|
||||
# Listening hostname/port for RTMPS server
|
||||
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
|
||||
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
|
||||
hostname: null
|
||||
port: 1936
|
||||
|
||||
# Absolute paths
|
||||
key_file: ''
|
||||
cert_file: ''
|
||||
|
||||
# Public hostname of your RTMPS server
|
||||
# Use null to use the same value than `webserver.hostname`
|
||||
public_hostname: null
|
||||
|
||||
# Allow to transcode the live streaming in multiple live resolutions
|
||||
transcoding:
|
||||
enabled: true
|
||||
threads: 2
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions:
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Also transcode original resolution, even if it's above your maximum enabled resolution
|
||||
always_transcode_original_resolution: true
|
||||
|
||||
video_studio:
|
||||
# Enable video edition by users (cut, add intro/outro, add watermark etc)
|
||||
# If enabled, users can create transcoding tasks as they wish
|
||||
enabled: false
|
||||
|
||||
import:
|
||||
# Add ability for your users to import remote videos (from YouTube, torrent...)
|
||||
videos:
|
||||
# Amount of import jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Set a custom video import timeout to not block import queue
|
||||
timeout: '2 hours'
|
||||
|
||||
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
|
||||
http:
|
||||
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
|
||||
# See https://docs.joinpeertube.org/maintain/configuration#security for more information
|
||||
enabled: false
|
||||
|
||||
youtube_dl_release:
|
||||
# Direct download URL to youtube-dl binary
|
||||
# Github releases API is also supported
|
||||
# Examples:
|
||||
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
|
||||
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
|
||||
# * https://yt-dl.org/downloads/latest/youtube-dl
|
||||
url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases'
|
||||
|
||||
# Release binary name: 'yt-dlp' or 'youtube-dl'
|
||||
name: 'yt-dlp'
|
||||
|
||||
# Path to the python binary to execute for youtube-dl or yt-dlp
|
||||
python_path: '/usr/bin/python3'
|
||||
|
||||
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
|
||||
force_ipv4: false
|
||||
|
||||
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
|
||||
torrent:
|
||||
# We recommend to only enable magnet URI/torrent import if you trust your users
|
||||
# See https://docs.joinpeertube.org/maintain/configuration#security for more information
|
||||
enabled: false
|
||||
|
||||
# Add ability for your users to synchronize their channels with external channels, playlists, etc.
|
||||
video_channel_synchronization:
|
||||
enabled: false
|
||||
|
||||
max_per_user: 10
|
||||
|
||||
check_interval: 1 hour
|
||||
|
||||
# Number of latest published videos to check and to potentially import when syncing a channel
|
||||
videos_limit_per_synchronization: 10
|
||||
|
||||
# Max number of videos to import when the user asks for full sync
|
||||
full_sync_videos_limit: 1000
|
||||
|
||||
auto_blacklist:
|
||||
# New videos automatically blacklisted so moderators can review before publishing
|
||||
videos:
|
||||
of_users:
|
||||
enabled: false
|
||||
|
||||
# Instance settings
|
||||
instance:
|
||||
name: 'PeerTube'
|
||||
short_description: 'PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.'
|
||||
description: 'Welcome to this PeerTube instance!' # Support markdown
|
||||
terms: 'No terms for now.' # Support markdown
|
||||
code_of_conduct: '' # Supports markdown
|
||||
|
||||
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
|
||||
moderation_information: '' # Supports markdown
|
||||
|
||||
# Why did you create this instance?
|
||||
creation_reason: '' # Supports Markdown
|
||||
|
||||
# Who is behind the instance? A single person? A non profit?
|
||||
administrator: '' # Supports Markdown
|
||||
|
||||
# How long do you plan to maintain this instance?
|
||||
maintenance_lifetime: '' # Supports Markdown
|
||||
|
||||
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
|
||||
business_model: '' # Supports Markdown
|
||||
|
||||
# If you want to explain on what type of hardware your PeerTube instance runs
|
||||
# Example: '2 vCore, 2GB RAM...'
|
||||
hardware_information: '' # Supports Markdown
|
||||
|
||||
# What are the main languages of your instance? To interact with your users for example
|
||||
# Uncomment or add the languages you want
|
||||
# List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
|
||||
languages:
|
||||
# - en
|
||||
# - es
|
||||
# - fr
|
||||
|
||||
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
|
||||
# Uncomment or add the category ids you want
|
||||
# List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
|
||||
categories:
|
||||
# - 1 # Music
|
||||
# - 2 # Films
|
||||
# - 3 # Vehicles
|
||||
# - 4 # Art
|
||||
# - 5 # Sports
|
||||
# - 6 # Travels
|
||||
# - 7 # Gaming
|
||||
# - 8 # People
|
||||
# - 9 # Comedy
|
||||
# - 10 # Entertainment
|
||||
# - 11 # News & Politics
|
||||
# - 12 # How To
|
||||
# - 13 # Education
|
||||
# - 14 # Activism
|
||||
# - 15 # Science & Technology
|
||||
# - 16 # Animals
|
||||
# - 17 # Kids
|
||||
# - 18 # Food
|
||||
|
||||
default_client_route: '/videos/trending'
|
||||
|
||||
# Whether or not the instance is dedicated to NSFW content
|
||||
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
|
||||
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
|
||||
is_nsfw: false
|
||||
# By default, `do_not_list` or `blur` or `display` NSFW videos
|
||||
# Could be overridden per user with a setting
|
||||
default_nsfw_policy: 'do_not_list'
|
||||
|
||||
customizations:
|
||||
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
|
||||
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
|
||||
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
|
||||
robots: |
|
||||
User-agent: *
|
||||
Disallow:
|
||||
# /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
|
||||
# To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
|
||||
securitytxt:
|
||||
'# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
|
||||
|
||||
services:
|
||||
# Cards configuration to format video in Twitter
|
||||
twitter:
|
||||
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
|
||||
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
|
||||
# If false, we use an image link card that will redirect on your PeerTube instance
|
||||
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
|
||||
whitelisted: false
|
||||
|
||||
followers:
|
||||
instance:
|
||||
# Allow or not other instances to follow yours
|
||||
enabled: true
|
||||
# Whether or not an administrator must manually validate a new follower
|
||||
manual_approval: false
|
||||
|
||||
followings:
|
||||
instance:
|
||||
# If you want to automatically follow back new instance followers
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_back:
|
||||
enabled: false
|
||||
|
||||
# If you want to automatically follow instances of the public index
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_index:
|
||||
enabled: false
|
||||
# Host your own using https://framagit.org/framasoft/peertube/instances-peertube#peertube-auto-follow
|
||||
index_url: ''
|
||||
|
||||
theme:
|
||||
default: 'default'
|
||||
|
||||
broadcast_message:
|
||||
enabled: false
|
||||
message: '' # Support markdown
|
||||
level: 'info' # 'info' | 'warning' | 'error'
|
||||
dismissable: false
|
||||
|
||||
search:
|
||||
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
|
||||
# If enabled, the associated group will be able to "escape" from the instance follows
|
||||
# That means they will be able to follow channels, watch videos, list videos of non followed instances
|
||||
remote_uri:
|
||||
users: true
|
||||
anonymous: false
|
||||
|
||||
# Use a third party index instead of your local index, only for search results
|
||||
# Useful to discover content outside of your instance
|
||||
# If you enable search_index, you must enable remote_uri search for users
|
||||
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
|
||||
# instead of loading the video locally
|
||||
search_index:
|
||||
enabled: false
|
||||
# URL of the search index, that should use the same search API and routes
|
||||
# than PeerTube: https://docs.joinpeertube.org/api/rest-reference.html
|
||||
# You should deploy your own with https://framagit.org/framasoft/peertube/search-index,
|
||||
# and can use https://search.joinpeertube.org/ for tests, but keep in mind the latter is an unmoderated search index
|
||||
url: ''
|
||||
# You can disable local search, so users only use the search index
|
||||
disable_local_search: false
|
||||
# If you did not disable local search, you can decide to use the search index by default
|
||||
is_default_search: false
|
||||
|
||||
# PeerTube client/interface configuration
|
||||
client:
|
||||
videos:
|
||||
miniature:
|
||||
# By default PeerTube client displays author username
|
||||
prefer_author_display_name: false
|
||||
display_author_avatar: false
|
||||
resumable_upload:
|
||||
# Max size of upload chunks, e.g. '90MB'
|
||||
# If null, it will be calculated based on network speed
|
||||
max_chunk_size: null
|
||||
|
||||
menu:
|
||||
login:
|
||||
# If you enable only one external auth plugin
|
||||
# You can automatically redirect your users on this external platform when they click on the login button
|
||||
redirect_on_single_external_auth: false
|
||||
|
278
webapps/peertube/templates/vhost.conf.j2
Normal file
278
webapps/peertube/templates/vhost.conf.j2
Normal file
|
@ -0,0 +1,278 @@
|
|||
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
|
||||
# Please check your Nginx installation features the following modules via 'nginx -V':
|
||||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
#server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
# server_name {{ domains | first }};
|
||||
|
||||
# location /.well-known/acme-challenge/ {
|
||||
# default_type "text/plain";
|
||||
# root /var/www/certbot;
|
||||
# }
|
||||
# location / { return 301 https://$host$request_uri; }
|
||||
#}
|
||||
|
||||
upstream backend {
|
||||
server {{ pt_host }};
|
||||
}
|
||||
|
||||
server {
|
||||
#listen 443 ssl http2;
|
||||
#listen [::]:443 ssl http2;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ domains | first }};
|
||||
|
||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/{{ service }}.error.log;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
#ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
||||
#ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
||||
|
||||
location ^~ '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
# based on Mozilla Guideline v5.6
|
||||
##
|
||||
|
||||
#ssl_protocols TLSv1.2 TLSv1.3;
|
||||
#ssl_prefer_server_ciphers on;
|
||||
#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||
#ssl_session_timeout 1d; # defaults to 5m
|
||||
#ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||||
#ssl_session_tickets off;
|
||||
#ssl_stapling on;
|
||||
#ssl_stapling_verify on;
|
||||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
##
|
||||
# Application
|
||||
##
|
||||
|
||||
location @api {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 100k; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload-resumable {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
|
||||
limit_except POST HEAD { deny all; }
|
||||
|
||||
# This is the maximum upload size, which roughly matches the maximum size of a video file.
|
||||
# Note that temporary space is needed equal to the total size of all concurrent uploads.
|
||||
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
|
||||
# on a dedicated filesystem.
|
||||
client_max_body_size 12G; # default is 1M
|
||||
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
||||
client_max_body_size 6M; # default is 1M
|
||||
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
##
|
||||
# Websocket
|
||||
##
|
||||
|
||||
location @api_websocket {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
location /tracker/socket {
|
||||
# Peers send a message to the tracker every 15 minutes
|
||||
# Don't close the websocket before then
|
||||
proxy_read_timeout 15m; # default is 60s
|
||||
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
# Plugin websocket routes
|
||||
location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
##
|
||||
# Performance optimizations
|
||||
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
||||
##
|
||||
|
||||
root {{ service_home }}/storage;
|
||||
|
||||
# Enable compression for JS/CSS/HTML, for improved client load times.
|
||||
# It might be nice to compress JSON/XML as returned by the API, but
|
||||
# leaving that out to protect against potential BREACH attack.
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_types # text/html is always compressed by HttpGzipModule
|
||||
text/css
|
||||
application/javascript
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
gzip_min_length 1000; # default is 20 bytes
|
||||
gzip_buffers 16 8k;
|
||||
gzip_comp_level 2; # default is 1
|
||||
|
||||
client_body_timeout 30s; # default is 60
|
||||
client_header_timeout 10s; # default is 60
|
||||
send_timeout 10s; # default is 60
|
||||
keepalive_timeout 10s; # default is 75
|
||||
resolver_timeout 10s; # default is 30
|
||||
reset_timedout_connection on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
tcp_nopush on; # send headers in one piece
|
||||
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
|
||||
|
||||
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
|
||||
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
|
||||
#client_body_temp_path /var/www/peertube/storage/nginx/;
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
|
||||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
root {{ service_home }};
|
||||
|
||||
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
alias {{ service_home }}/peertube-latest/client/dist/$1;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(thumbnails|avatars)/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
|
||||
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
|
||||
location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
|
||||
# We can't rate limit a try_files directive, so we need to duplicate @api
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_limit_rate 5M;
|
||||
|
||||
proxy_pass http://backend;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
||||
limit_rate_after 5M;
|
||||
|
||||
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
|
||||
set $peertube_limit_rate 800k;
|
||||
|
||||
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
|
||||
if ($request_uri ~ -fragmented.mp4$) {
|
||||
set $peertube_limit_rate 5M;
|
||||
}
|
||||
|
||||
# Use this line with nginx >= 1.17.0
|
||||
limit_rate $peertube_limit_rate;
|
||||
# Or this line with nginx < 1.17.0
|
||||
# set $limit_rate $peertube_limit_rate;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
if ($request_method = 'GET') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
|
||||
# Don't spam access log file with byte range requests
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
|
||||
# and enables direct copying data from one file descriptor to another.
|
||||
sendfile on;
|
||||
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
|
||||
aio threads;
|
||||
|
||||
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
}
|
2
webapps/peertube/tests/inventory
Normal file
2
webapps/peertube/tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
|||
localhost
|
||||
|
5
webapps/peertube/tests/test.yml
Normal file
5
webapps/peertube/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- peertube
|
2
webapps/peertube/vars/main.yml
Normal file
2
webapps/peertube/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# vars file
|
Loading…
Reference in a new issue