diff --git a/webapps/peertube/defaults/main.yml b/webapps/peertube/defaults/main.yml index a71c8be2..fc33feed 100644 --- a/webapps/peertube/defaults/main.yml +++ b/webapps/peertube/defaults/main.yml @@ -1,12 +1,12 @@ --- # defaults file for vars system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']" -version: 'v5.1.0' +version: 'v6.0.1' download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip" domains: ['example.domain.org'] -certbot_admin_email: 'mgauthier@evolix.ca' +certbot_admin_email: 'security@evolix.fr' service_home: '/var/www/peertube' -db_host: 'localhost' +db_host: '127.0.0.1' db_port: '5432' db_name: "{{ service }}" db_user: "{{ service }}" diff --git a/webapps/peertube/tasks/upgrade.yml b/webapps/peertube/tasks/upgrade.yml index fdda1728..28a03487 100644 --- a/webapps/peertube/tasks/upgrade.yml +++ b/webapps/peertube/tasks/upgrade.yml @@ -6,6 +6,16 @@ name: "{{ service }}" state: stopped +- name: stat videos + stat: + path: "{{ service_home }}/storage/videos/" + register: videos + +- name: Move videos to web-videos (needed when upgrading to version 6) + command: "mv {{ service_home }}/storage/videos/ {{ service_home }}/storage/web-videos/" + when: videos.stat.exists + become_user: "{{ service }}" + - name: Dump database to a file with compression postgresql_db: name: "{{ db_name }}" @@ -20,6 +30,15 @@ remote_src: yes become_user: "{{ service }}" +- name: Adjust permissions + file: + path: "{{ item }}" + mode: o+rx + loop: + - "~/versions/peertube-{{ version }}" + - "~/versions/peertube-{{ version }}/client" + become_user: "{{ service }}" + - name: Symbolic link to new version file: src: "~/versions/peertube-{{ version }}" @@ -52,6 +71,11 @@ daemon_reload: true state: restarted +- name: Check if SSL certificate is present and register result + stat: + path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + register: ssl + - name: Retemplate conf file for nginx vhost template: src: "vhost.conf.j2" diff --git a/webapps/peertube/templates/production.yaml.j2 b/webapps/peertube/templates/production.yaml.j2 index a2edee5e..ffbd133f 100644 --- a/webapps/peertube/templates/production.yaml.j2 +++ b/webapps/peertube/templates/production.yaml.j2 @@ -122,12 +122,13 @@ storage: tmp_persistent: '/var/www/peertube/storage/tmp-persistent/' # As tmp but the directory is not cleaned up between PeerTube restarts bin: '/var/www/peertube/storage/bin/' avatars: '/var/www/peertube/storage/avatars/' - videos: '/var/www/peertube/storage/videos/' + web_videos: '/var/www/peertube/storage/web-videos/' streaming_playlists: '/var/www/peertube/storage/streaming-playlists/' redundancy: '/var/www/peertube/storage/redundancy/' logs: '/var/www/peertube/storage/logs/' previews: '/var/www/peertube/storage/previews/' thumbnails: '/var/www/peertube/storage/thumbnails/' + storyboards: '/var/www/peertube/storage/storyboards/' torrents: '/var/www/peertube/storage/torrents/' captions: '/var/www/peertube/storage/captions/' cache: '/var/www/peertube/storage/cache/' @@ -193,7 +194,7 @@ object_storage: base_url: '' # Example: 'https://mirror.example.com' # Same settings but for webtorrent videos - videos: + web_videos: bucket_name: 'videos' prefix: '' base_url: '' @@ -468,7 +469,7 @@ transcoding: # Generate videos in a WebTorrent format (what we do since the first PeerTube release) # If you also enabled the hls format, it will multiply videos storage by 2 # If disabled, breaks federation with PeerTube instances < 2.1 - webtorrent: + web_videos: enabled: false # /!\ Requires ffmpeg >= 4.1 diff --git a/webapps/peertube/templates/vhost.conf.j2 b/webapps/peertube/templates/vhost.conf.j2 index 0674772d..1ec48930 100644 --- a/webapps/peertube/templates/vhost.conf.j2 +++ b/webapps/peertube/templates/vhost.conf.j2 @@ -85,7 +85,7 @@ server { try_files /dev/null @api; } - location = /api/v1/videos/upload-resumable { + location ~ ^/api/v1/videos/(upload-resumable|([^/]+/source/replace-resumable))$ { client_max_body_size 0; proxy_request_buffering off; @@ -206,29 +206,7 @@ server { alias {{ service_home }}/peertube-latest/client/dist/$1; } - # Bypass PeerTube for performance reasons. Optional. - location ~ ^/static/(thumbnails|avatars)/ { - if ($request_method = 'OPTIONS') { - add_header Access-Control-Allow-Origin '*'; - add_header Access-Control-Allow-Methods 'GET, OPTIONS'; - add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days - add_header Content-Type 'text/plain charset=UTF-8'; - add_header Content-Length 0; - return 204; - } - - add_header Access-Control-Allow-Origin '*'; - add_header Access-Control-Allow-Methods 'GET, OPTIONS'; - add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours - - rewrite ^/static/(.*)$ /$1 break; - - try_files $uri @api; - } - - location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download { + location ~ ^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download { # We can't rate limit a try_files directive, so we need to duplicate @api proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -241,16 +219,10 @@ server { } # Bypass PeerTube for performance reasons. Optional. - location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { + location ~ ^/static/(webseed|web-videos|redundancy|streaming-playlists)/ { limit_rate_after 5M; - - # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client - set $peertube_limit_rate 800k; - - # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections - if ($request_uri ~ -fragmented.mp4$) { - set $peertube_limit_rate 5M; - } + + set $peertube_limit_rate 5M; # Use this line with nginx >= 1.17.0 limit_rate $peertube_limit_rate;