From 0bd764e8e40b79b5eecd29e921c77af4e189b93d Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 30 Mar 2021 22:58:26 +0200 Subject: [PATCH 1/3] Upgrade to 3.1.0~ynh1 Fix #76 --- README.md | 10 +- README_fr.md | 10 +- check_process | 4 + conf/app.src | 4 +- conf/message_install | 7 ++ conf/nginx.conf | 227 +++++++++++++++++++++++++++++-------------- conf/production.yaml | 45 ++++++++- conf/systemd.service | 2 +- manifest.json | 2 +- scripts/_common.sh | 2 +- scripts/install | 45 +++++++-- scripts/restore | 2 +- scripts/upgrade | 11 ++- 13 files changed, 270 insertions(+), 101 deletions(-) diff --git a/README.md b/README.md index d753472..8afc36f 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,13 @@ Servers are run independently by different people and organizations. They can ap By watching a video, you help the hosting provider to broadcast it by becoming a broadcaster of the video yourself. Each instance doesn’t need much money to broadcast the videos of its users. -**Shipped version:** 3.0.1 +**Shipped version:** 3.1.0 ## Important points to read before installing 1. Require **dedicated domain** like **peertube.domain.tld**. -1. **No LDAP** support (blocked until PeerTube core upstream implements it) 1. Admin username is: **root**. -1. **Admin password** will be sent to the email address given at the time of the installation. +1. **Admin password and LDAP configuration** will be sent to the email address given at the time of the installation. 1. URL can not be changed once selected. Choose the domain wisely. 1. You need more then **1 GB** of RAM. If you don't have it, please create a **swap memory**. @@ -63,6 +62,11 @@ Want to see in action? ## YunoHost specific features +#### Multi-user support + +* LDAP auth is supported, LDAP configuration will be sent to the email address given at the time of the installation. +* HTTP auth is not supported + #### Supported architectures * x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/peertube%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/peertube/) diff --git a/README_fr.md b/README_fr.md index 941d29a..f363581 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,14 +23,13 @@ Les serveurs sont gérés indépendamment par différentes personnes et organisa En regardant une vidéo, vous aidez l'hébergeur à la diffuser en devenant vous-même un diffuseur de la vidéo. Chaque instance n'a pas besoin de beaucoup d'argent pour diffuser les vidéos de ses utilisateurs. -**Version incluse :** 3.0.1 +**Version incluse :** 3.1.0 ## Points importants à lire avant l'installation 1. Nécessite un **domaine dédié** comme **peertube.domain.tld**. -1. **Pas de support LDAP** (bloqué jusqu'à ce que le noyau PeerTube en amont l'implémente) 1. Le nom d'utilisateur de l'administrateur est: **root**. -1. **Le mot de passe administrateur** sera envoyé à l'adresse email indiquée au moment de l'installation. +1. **Le mot de passe administrateur et la configuration LDAP** seront envoyés à l'adresse email indiquée au moment de l'installation. 1. L'URL ne peut pas être modifiée une fois sélectionnée. Choisissez judicieusement le domaine. 1. Vous avez besoin de plus de **1 Go** de RAM. Si vous ne l'avez pas, veuillez créer une **mémoire swap**. @@ -58,6 +57,11 @@ En regardant une vidéo, vous aidez l'hébergeur à la diffuser en devenant vous ## Caractéristiques spécifiques YunoHost +#### Support multi-utilisateur + +* L'authentification LDAP est prise en charge, les instructions de configuration sont envoyées à l'adresse email indiquée au moment de l'installation +* L'authentification HTTP n'est pas prise en charge + #### Architectures supportées * x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/peertube%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/peertube/) diff --git a/check_process b/check_process index efd30bf..b4f25f8 100644 --- a/check_process +++ b/check_process @@ -27,6 +27,8 @@ upgrade=1 from_commit=141e5a370e552760b83066fbfe044ca3e5283a72 # 2.4.0~ynh1 upgrade=1 from_commit=10d79175a8a45137d271931cbd6d14e927400729 + # 3.0.1~ynh1 + upgrade=1 from_commit=5a74f4033eafa657fcd32a9713cd77ba0f4f79c9 backup_restore=1 multi_instance=0 port_already_use=0 @@ -45,4 +47,6 @@ Notification=yes name=2.3.0~ynh1 ; commit=10d79175a8a45137d271931cbd6d14e927400729 name=2.4.0~ynh1 + ; commit=5a74f4033eafa657fcd32a9713cd77ba0f4f79c9 + name=3.0.1~ynh1 \ No newline at end of file diff --git a/conf/app.src b/conf/app.src index 02cbf3c..6aadf59 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v3.0.1/peertube-v3.0.1.tar.xz -SOURCE_SUM=85d2a99d3bc30eeafc9201bb4f760e37c0132500ce03909669157e66f813f8e9 +SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v3.1.0/peertube-v3.1.0.tar.xz +SOURCE_SUM=94b4ac2e5dd880039b999e6891e96246b9655070c5d08aedbdc0926ecad1bfa5 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.xz SOURCE_IN_SUBDIR=true diff --git a/conf/message_install b/conf/message_install index dc34d8d..842e46a 100644 --- a/conf/message_install +++ b/conf/message_install @@ -7,4 +7,11 @@ The admin password is: __ADMIN_PASS__ To make PeerTube Live available, you also need to make the TCP port __RTMP_PORT__ available from internet (For example, opening the port on your ISP box if it's not automatically done). +To enable LDAP authentication open https://__DOMAIN____PATH_URL__admin/plugins/show/peertube-plugin-auth-ldap +Complete with the following informations : +URL: ldap://localhost +Insecure TLS : checked +Search base : ou=users,dc=yunohost,dc=org +All YunoHost users will be allowed to login as peertube user. + If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index f0306bb..ddef42a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,19 +1,140 @@ more_set_headers "X-Frame-Options : ALLOWALL"; + ## + # Application + ## -# Bypass PeerTube for performance reasons. Could be removed +location @api { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + client_max_body_size 100k; # default is 1M + + proxy_connect_timeout 10m; + proxy_send_timeout 10m; + proxy_read_timeout 10m; + send_timeout 10m; + + proxy_pass http://localhost:__PORT__; +} + +location / { + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + try_files /dev/null @api; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} + +location = /api/v1/videos/upload { + limit_except POST HEAD { deny all; } + + # This is the maximum upload size, which roughly matches the maximum size of a video file. + # Note that temporary space is needed equal to the total size of all concurrent uploads. + # This data gets stored in /var/lib/nginx by default, so you may want to put this directory + # on a dedicated filesystem. + client_max_body_size 12G; # default is 1M + add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + + try_files /dev/null @api; +} + +location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) { + client_max_body_size 3M; # default is 1M + add_header X-File-Maximum-Size 2M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + + try_files /dev/null @api; +} + +## +# Websocket +## + +location @api_websocket { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_pass http://localhost:__PORT__; +} + +location /socket.io { + try_files /dev/null @api_websocket; +} + +location /tracker/socket { + # Peers send a message to the tracker every 15 minutes + # Don't close the websocket before then + proxy_read_timeout 15m; # default is 60s + + try_files /dev/null @api_websocket; +} + +## +# Performance optimizations +# For extra performance please refer to https://github.com/denji/nginx-tuning +## + +root __DATADIR__; + # Enable compression for JS/CSS/HTML, for improved client load times. + # It might be nice to compress JSON/XML as returned by the API, but + # leaving that out to protect against potential BREACH attack. +# gzip on; +gzip_vary on; +gzip_types # text/html is always compressed by HttpGzipModule + text/css + application/javascript + font/truetype + font/opentype + application/vnd.ms-fontobject + image/svg+xml; +gzip_min_length 1000; # default is 20 bytes +gzip_buffers 16 8k; +gzip_comp_level 2; # default is 1 + +client_body_timeout 30s; # default is 60 +client_header_timeout 10s; # default is 60 +send_timeout 10s; # default is 60 +keepalive_timeout 10s; # default is 75 +# resolver_timeout 10s; # default is 30 +reset_timedout_connection on; +proxy_ignore_client_abort on; + +tcp_nopush on; # send headers in one piece +tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time + +# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place +# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path +#client_body_temp_path /var/www/peertube/storage/nginx/; + +# Bypass PeerTube for performance reasons. Optional. +# Should be consistent with client-overrides assets list in /server/controllers/client.ts +location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ { + add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year + + try_files __DATADIR__/client-overrides/$1 __FINALPATH__/client/dist/$1 @api; +} + +# Bypass PeerTube for performance reasons. Optional. location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ { - more_set_headers "Cache-Control : public, max-age=31536000, immutable"; + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year alias __FINALPATH__/client/dist/$1; } -# Bypass PeerTube for performance reasons. Could be removed +# Bypass PeerTube for performance reasons. Optional. location ~ ^/static/(thumbnails|avatars)/ { if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - more_set_headers "Access-Control-Max-Age : 1728000"; + more_set_headers "Access-Control-Max-Age : 1728000"; # Preflight request can be cached 20 days more_set_headers "Content-Type : text/plain charset=UTF-8"; more_set_headers "Content-Length : 0"; return 204; @@ -22,67 +143,37 @@ location ~ ^/static/(thumbnails|avatars)/ { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; + more_set_headers "Cache-Control : public, max-age=7200"; # Cache response 2 hours - # Cache 2 hours - more_set_headers "Cache-Control : public, max-age=7200"; + rewrite ^/static/(.*)$ /$1 break; root __DATADIR__; - rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break; - try_files $uri /; + try_files $uri @api; } -location / { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://localhost:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # This is the maximum upload size, which roughly matches the maximum size of a video file - # you can send via the API or the web interface. By default this is 8GB, but administrators - # can increase or decrease the limit. Currently there's no way to communicate this limit - # to users automatically, so you may want to leave a note in your instance 'about' page if - # you change this. - # - # Note that temporary space is needed equal to the total size of all concurrent uploads. - # This data gets stored in /var/lib/nginx by default, so you may want to put this directory - # on a dedicated filesystem. - # - client_max_body_size 8G; - - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - send_timeout 600; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} - -# Bypass PeerTube for performance reasons. Could be removed +# Bypass PeerTube for performance reasons. Optional. location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { + limit_rate_after 5M; + # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client - set $peertube_limit_rate 800k; + set $peertube_limit_rate 800k; # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections if ($request_uri ~ -fragmented.mp4$) { - set $peertube_limit_rate 5000k; + set $peertube_limit_rate 5M; } - # Use this with nginx >= 1.17.0 + # Use this line with nginx >= 1.17.0 # limit_rate $peertube_limit_rate; - # Or this if your nginx < 1.17.0 + # Or this line if your nginx < 1.17.0 set $limit_rate $peertube_limit_rate; - limit_rate_after 5000k; if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - more_set_headers "Access-Control-Max-Age : 1728000"; + more_set_headers "Access-Control-Max-Age : 1728000"; # Preflight request can be cached 20 days more_set_headers "Content-Type : text/plain charset=UTF-8"; more_set_headers "Content-Length : 0"; return 204; @@ -97,36 +188,22 @@ location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { access_log off; } + # Enabling the sendfile directive eliminates the step of copying the data into the buffer + # and enables direct copying data from one file descriptor to another. + sendfile on; + sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k. + aio threads; + + # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/admin-remote-storage + # to serve files directly from a public bucket without proxying. + # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc. + #set $cdn ; + #rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect; + #rewrite ^/static/(.*)$ $cdn/$1 redirect; + rewrite ^/static/webseed/(.*)$ /videos/$1 break; + rewrite ^/static/(.*)$ /$1 break; + root __DATADIR__; - rewrite ^/static/webseed/(.*)$ /videos/$1 break; - rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break; - rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break; - - try_files $uri /; -} - -# Websocket tracker -location /tracker/socket { - # Peers send a message to the tracker every 15 minutes - # Don't close the websocket before this time - proxy_read_timeout 1200s; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://localhost:__PORT__; -} - -location /socket.io { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - - proxy_pass http://localhost:__PORT__; - - # enable WebSockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + try_files $uri @api; } diff --git a/conf/production.yaml b/conf/production.yaml index ede8aa8..e850d5e 100644 --- a/conf/production.yaml +++ b/conf/production.yaml @@ -40,7 +40,7 @@ database: suffix: '___APP__' username: '__DB_USER__' password: '__DB_PWD__' -pool: + pool: max: 5 # Redis server for short time storage @@ -100,10 +100,19 @@ log: maxFileSize: 12MB maxFiles: 20 anonymizeIP: false + log_ping_requests: true + prettify_sql: false trending: videos: interval_days: 7 # Compute trending videos for the last x days + algorithms: + enabled: + - 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History) + - 'hot' # adaptation of Reddit's 'Hot' algorithm + - 'most-viewed' # default, used initially by PeerTube as the trending page + - 'most-liked' + default: 'most-viewed' # Cache remote videos on your server, to help other instances to broadcast the video # You can define multiple caches using different sizes/strategies @@ -181,6 +190,12 @@ federation: videos: federate_unlisted: false + # Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments) + # It removes objects that do not exist anymore, and potentially fix their URLs + # This setting is opt-in because due to an old bug in PeerTube, remote rates sent by instance before PeerTube 3.0 will be deleted + # We still suggest you to enable this setting even if your users will loose most of their video's likes/dislikes + cleanup_remote_interactions: false + ############################################################################### # @@ -199,6 +214,8 @@ cache: size: 500 # Max number of previews you want to cache captions: size: 500 # Max number of video captions/subtitles you want to cache + torrents: + size: 500 # Max number of video torrents you want to cache admin: # Used to generate the root user at first startup @@ -228,11 +245,23 @@ user: # Please, do not disable transcoding since many uploaded videos will not work transcoding: enabled: true + # Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos allow_additional_extensions: true + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file allow_audio_files: true + + # Amount of threads used by ffmpeg for 1 transcoding job threads: 1 + # Amount of transcoding jobs to execute in parallel + concurrency: 1 + + # Choose the transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + resolutions: # Only created if the original video has a higher resolution, uses more storage! 0p: false # audio-only (creates mp4 without video stream, always created when enabled) 240p: false @@ -240,6 +269,7 @@ transcoding: 480p: false 720p: false 1080p: false + 1440p: false 2160p: false # Generate videos in a WebTorrent format (what we do since the first PeerTube release) @@ -261,7 +291,7 @@ live: enabled: true # Limit lives duration - # Set null to disable duration limit + # -1 == unlimited max_duration: -1 # For example: '5 hours' # Limit max number of live videos created on your instance @@ -287,17 +317,26 @@ live: enabled: true threads: 2 + # Choose the transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + resolutions: 240p: false 360p: false 480p: false 720p: false 1080p: false + 1440p: false 2160p: false import: # Add ability for your users to import remote videos (from YouTube, torrent...) videos: + # Amount of import jobs to execute in parallel + concurrency: 1 + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html enabled: false @@ -320,7 +359,7 @@ auto_blacklist: # Instance settings instance: name: 'YunoHost PeerTube' - short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' + short_description: 'PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.' description: 'Welcome to this PeerTube instance!' # Support markdown terms: 'No terms for now.' # Support markdown code_of_conduct: '' # Supports markdown diff --git a/conf/systemd.service b/conf/systemd.service index ee30548..794068e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=PeerTube: video streaming platform using P2P +Description=PeerTube daemon After=network.target postgresql.service redis-server.service [Service] diff --git a/manifest.json b/manifest.json index 3cc83f3..5105873 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video streaming platform using P2P directly in the web browser, connected to a federated network", "fr": "Plateforme de diffusion vidéo par P2P directement dans le navigateur, et connectée à un réseau fédéralisé" }, - "version": "3.0.1~ynh1", + "version": "3.1.0~ynh1", "url": "https://github.com/Chocobozzz/PeerTube", "license": "AGPL-3.0-only", "maintainer": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 03fa0ab..1441eb6 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,7 +7,7 @@ # dependencies used by the app pkg_dependencies="ffmpeg postgresql postgresql-contrib openssl g++ redis-server redis-tools mailutils apt-transport-https" -YNH_NODEJS_VERSION=12 +YNH_NODEJS_VERSION=14 #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index f24c8d2..c99eedc 100644 --- a/scripts/install +++ b/scripts/install @@ -180,6 +180,40 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config --others_var="ynh_node_load_PATH" +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" + +#================================================= +# INSTALL LDAP PLUGIN +#================================================= +ynh_script_progression --message="Installing LDAP plugin..." + +pushd "$final_path" + NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run plugin:install -- --npm-name peertube-plugin-auth-ldap +popd + +#================================================= +# CHANGE PEERTUBE ADMIN PASSWORD +#================================================= +ynh_script_progression --message="Changing PeerTube admin password..." + +pushd "$final_path" + echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root +popd + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" + #================================================= # GENERIC FINALIZATION #================================================= @@ -211,7 +245,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # SETUP SSOWAT @@ -235,15 +269,6 @@ ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# CHANGE PEERTUBE ADMIN PASSWORD AFTER INITIAL GEN -#================================================= - -# we need to wait for the service to init peertube's database -pushd "$final_path" - echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root -popd - #================================================= # SEND A README FOR THE ADMIN #================================================= diff --git a/scripts/restore b/scripts/restore index 70a2ac2..8b4b2e8 100644 --- a/scripts/restore +++ b/scripts/restore @@ -152,7 +152,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 26c512f..8988d5b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -249,6 +249,15 @@ pushd "$final_path" sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile popd +#================================================= +# INSTALL LDAP PLUGIN +#================================================= +ynh_script_progression --message="Installing LDAP plugin..." + +pushd "$final_path" + NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run plugin:install -- --npm-name peertube-plugin-auth-ldap +popd + #================================================= # SETUP SYSTEMD #================================================= @@ -287,7 +296,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # RELOAD NGINX From e81b32e9d48abf2d805f3a584e16697a8a76b252 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 31 Mar 2021 02:56:34 +0200 Subject: [PATCH 2/3] Several fixes --- conf/nginx.conf | 17 +++++++++-------- scripts/install | 2 +- scripts/upgrade | 2 +- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index ddef42a..99fedf6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,8 @@ more_set_headers "X-Frame-Options : ALLOWALL"; - ## - # Application - ## + +## +# Application +## location @api { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -15,7 +16,7 @@ location @api { proxy_read_timeout 10m; send_timeout 10m; - proxy_pass http://localhost:__PORT__; + proxy_pass http://127.0.0.1:__PORT__; } location / { @@ -37,14 +38,14 @@ location = /api/v1/videos/upload { # This data gets stored in /var/lib/nginx by default, so you may want to put this directory # on a dedicated filesystem. client_max_body_size 12G; # default is 1M - add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + more_set_headers "X-File-Maximum-Size : 8G always"; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) { client_max_body_size 3M; # default is 1M - add_header X-File-Maximum-Size 2M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + more_set_headers "X-File-Maximum-Size : 2M always"; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } @@ -61,7 +62,7 @@ location @api_websocket { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_pass http://localhost:__PORT__; + proxy_pass http://127.0.0.1:__PORT__; } location /socket.io { @@ -116,7 +117,7 @@ tcp_nodelay on; # don't buffer data sent, good for small data burs # Bypass PeerTube for performance reasons. Optional. # Should be consistent with client-overrides assets list in /server/controllers/client.ts location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ { - add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year try_files __DATADIR__/client-overrides/$1 __FINALPATH__/client/dist/$1 @api; } diff --git a/scripts/install b/scripts/install index c99eedc..98434c2 100644 --- a/scripts/install +++ b/scripts/install @@ -169,7 +169,7 @@ chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs - sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8988d5b..a8d7517 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -246,7 +246,7 @@ chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs - sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile popd #================================================= From e7240ea5a437b1f66ed9988d40e5deebd245f1cc Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 31 Mar 2021 20:28:34 +0200 Subject: [PATCH 3/3] typo --- conf/message_install | 8 ++++---- conf/message_remove | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/conf/message_install b/conf/message_install index 842e46a..1243f11 100644 --- a/conf/message_install +++ b/conf/message_install @@ -9,9 +9,9 @@ To make PeerTube Live available, you also need to make the TCP port __RTMP_PORT_ To enable LDAP authentication open https://__DOMAIN____PATH_URL__admin/plugins/show/peertube-plugin-auth-ldap Complete with the following informations : -URL: ldap://localhost -Insecure TLS : checked -Search base : ou=users,dc=yunohost,dc=org +- URL: ldap://127.0.0.1 +- Insecure TLS : checked +- Search base : ou=users,dc=yunohost,dc=org All YunoHost users will be allowed to login as peertube user. -If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh \ No newline at end of file +If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh diff --git a/conf/message_remove b/conf/message_remove index 8f8c84e..c21fde9 100644 --- a/conf/message_remove +++ b/conf/message_remove @@ -12,5 +12,4 @@ You need to run this command to remove the data (warning all your videos will be rm -R __DATADIR__ -f - -If you facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh \ No newline at end of file +If you facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh