diff --git a/check_process b/check_process index efd30bf..b4f25f8 100644 --- a/check_process +++ b/check_process @@ -27,6 +27,8 @@ upgrade=1 from_commit=141e5a370e552760b83066fbfe044ca3e5283a72 # 2.4.0~ynh1 upgrade=1 from_commit=10d79175a8a45137d271931cbd6d14e927400729 + # 3.0.1~ynh1 + upgrade=1 from_commit=5a74f4033eafa657fcd32a9713cd77ba0f4f79c9 backup_restore=1 multi_instance=0 port_already_use=0 @@ -45,4 +47,6 @@ Notification=yes name=2.3.0~ynh1 ; commit=10d79175a8a45137d271931cbd6d14e927400729 name=2.4.0~ynh1 + ; commit=5a74f4033eafa657fcd32a9713cd77ba0f4f79c9 + name=3.0.1~ynh1 \ No newline at end of file diff --git a/conf/app.src b/conf/app.src index 02cbf3c..6aadf59 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v3.0.1/peertube-v3.0.1.tar.xz -SOURCE_SUM=85d2a99d3bc30eeafc9201bb4f760e37c0132500ce03909669157e66f813f8e9 +SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v3.1.0/peertube-v3.1.0.tar.xz +SOURCE_SUM=94b4ac2e5dd880039b999e6891e96246b9655070c5d08aedbdc0926ecad1bfa5 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.xz SOURCE_IN_SUBDIR=true diff --git a/conf/message_install b/conf/message_install index dc34d8d..1243f11 100644 --- a/conf/message_install +++ b/conf/message_install @@ -7,4 +7,11 @@ The admin password is: __ADMIN_PASS__ To make PeerTube Live available, you also need to make the TCP port __RTMP_PORT__ available from internet (For example, opening the port on your ISP box if it's not automatically done). -If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh \ No newline at end of file +To enable LDAP authentication open https://__DOMAIN____PATH_URL__admin/plugins/show/peertube-plugin-auth-ldap +Complete with the following informations : +- URL: ldap://127.0.0.1 +- Insecure TLS : checked +- Search base : ou=users,dc=yunohost,dc=org +All YunoHost users will be allowed to login as peertube user. + +If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh diff --git a/conf/message_remove b/conf/message_remove index 8f8c84e..c21fde9 100644 --- a/conf/message_remove +++ b/conf/message_remove @@ -12,5 +12,4 @@ You need to run this command to remove the data (warning all your videos will be rm -R __DATADIR__ -f - -If you facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh \ No newline at end of file +If you facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh diff --git a/conf/nginx.conf b/conf/nginx.conf index f0306bb..99fedf6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,19 +1,141 @@ more_set_headers "X-Frame-Options : ALLOWALL"; -# Bypass PeerTube for performance reasons. Could be removed +## +# Application +## + +location @api { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + client_max_body_size 100k; # default is 1M + + proxy_connect_timeout 10m; + proxy_send_timeout 10m; + proxy_read_timeout 10m; + send_timeout 10m; + + proxy_pass http://127.0.0.1:__PORT__; +} + +location / { + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + try_files /dev/null @api; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} + +location = /api/v1/videos/upload { + limit_except POST HEAD { deny all; } + + # This is the maximum upload size, which roughly matches the maximum size of a video file. + # Note that temporary space is needed equal to the total size of all concurrent uploads. + # This data gets stored in /var/lib/nginx by default, so you may want to put this directory + # on a dedicated filesystem. + client_max_body_size 12G; # default is 1M + more_set_headers "X-File-Maximum-Size : 8G always"; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + + try_files /dev/null @api; +} + +location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) { + client_max_body_size 3M; # default is 1M + more_set_headers "X-File-Maximum-Size : 2M always"; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) + + try_files /dev/null @api; +} + +## +# Websocket +## + +location @api_websocket { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_pass http://127.0.0.1:__PORT__; +} + +location /socket.io { + try_files /dev/null @api_websocket; +} + +location /tracker/socket { + # Peers send a message to the tracker every 15 minutes + # Don't close the websocket before then + proxy_read_timeout 15m; # default is 60s + + try_files /dev/null @api_websocket; +} + +## +# Performance optimizations +# For extra performance please refer to https://github.com/denji/nginx-tuning +## + +root __DATADIR__; + # Enable compression for JS/CSS/HTML, for improved client load times. + # It might be nice to compress JSON/XML as returned by the API, but + # leaving that out to protect against potential BREACH attack. +# gzip on; +gzip_vary on; +gzip_types # text/html is always compressed by HttpGzipModule + text/css + application/javascript + font/truetype + font/opentype + application/vnd.ms-fontobject + image/svg+xml; +gzip_min_length 1000; # default is 20 bytes +gzip_buffers 16 8k; +gzip_comp_level 2; # default is 1 + +client_body_timeout 30s; # default is 60 +client_header_timeout 10s; # default is 60 +send_timeout 10s; # default is 60 +keepalive_timeout 10s; # default is 75 +# resolver_timeout 10s; # default is 30 +reset_timedout_connection on; +proxy_ignore_client_abort on; + +tcp_nopush on; # send headers in one piece +tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time + +# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place +# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path +#client_body_temp_path /var/www/peertube/storage/nginx/; + +# Bypass PeerTube for performance reasons. Optional. +# Should be consistent with client-overrides assets list in /server/controllers/client.ts +location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png))$ { + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year + + try_files __DATADIR__/client-overrides/$1 __FINALPATH__/client/dist/$1 @api; +} + +# Bypass PeerTube for performance reasons. Optional. location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ { - more_set_headers "Cache-Control : public, max-age=31536000, immutable"; + more_set_headers "Cache-Control : public, max-age=31536000, immutable"; # Cache 1 year alias __FINALPATH__/client/dist/$1; } -# Bypass PeerTube for performance reasons. Could be removed +# Bypass PeerTube for performance reasons. Optional. location ~ ^/static/(thumbnails|avatars)/ { if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - more_set_headers "Access-Control-Max-Age : 1728000"; + more_set_headers "Access-Control-Max-Age : 1728000"; # Preflight request can be cached 20 days more_set_headers "Content-Type : text/plain charset=UTF-8"; more_set_headers "Content-Length : 0"; return 204; @@ -22,67 +144,37 @@ location ~ ^/static/(thumbnails|avatars)/ { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; + more_set_headers "Cache-Control : public, max-age=7200"; # Cache response 2 hours - # Cache 2 hours - more_set_headers "Cache-Control : public, max-age=7200"; + rewrite ^/static/(.*)$ /$1 break; root __DATADIR__; - rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break; - try_files $uri /; + try_files $uri @api; } -location / { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://localhost:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # This is the maximum upload size, which roughly matches the maximum size of a video file - # you can send via the API or the web interface. By default this is 8GB, but administrators - # can increase or decrease the limit. Currently there's no way to communicate this limit - # to users automatically, so you may want to leave a note in your instance 'about' page if - # you change this. - # - # Note that temporary space is needed equal to the total size of all concurrent uploads. - # This data gets stored in /var/lib/nginx by default, so you may want to put this directory - # on a dedicated filesystem. - # - client_max_body_size 8G; - - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - send_timeout 600; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} - -# Bypass PeerTube for performance reasons. Could be removed +# Bypass PeerTube for performance reasons. Optional. location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { + limit_rate_after 5M; + # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client - set $peertube_limit_rate 800k; + set $peertube_limit_rate 800k; # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections if ($request_uri ~ -fragmented.mp4$) { - set $peertube_limit_rate 5000k; + set $peertube_limit_rate 5M; } - # Use this with nginx >= 1.17.0 + # Use this line with nginx >= 1.17.0 # limit_rate $peertube_limit_rate; - # Or this if your nginx < 1.17.0 + # Or this line if your nginx < 1.17.0 set $limit_rate $peertube_limit_rate; - limit_rate_after 5000k; if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin : *"; more_set_headers "Access-Control-Allow-Methods : GET, OPTIONS"; more_set_headers "Access-Control-Allow-Headers : Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"; - more_set_headers "Access-Control-Max-Age : 1728000"; + more_set_headers "Access-Control-Max-Age : 1728000"; # Preflight request can be cached 20 days more_set_headers "Content-Type : text/plain charset=UTF-8"; more_set_headers "Content-Length : 0"; return 204; @@ -97,36 +189,22 @@ location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { access_log off; } + # Enabling the sendfile directive eliminates the step of copying the data into the buffer + # and enables direct copying data from one file descriptor to another. + sendfile on; + sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k. + aio threads; + + # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/admin-remote-storage + # to serve files directly from a public bucket without proxying. + # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc. + #set $cdn ; + #rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect; + #rewrite ^/static/(.*)$ $cdn/$1 redirect; + rewrite ^/static/webseed/(.*)$ /videos/$1 break; + rewrite ^/static/(.*)$ /$1 break; + root __DATADIR__; - rewrite ^/static/webseed/(.*)$ /videos/$1 break; - rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break; - rewrite ^/static/streaming-playlists/(.*)$ /streaming-playlists/$1 break; - - try_files $uri /; -} - -# Websocket tracker -location /tracker/socket { - # Peers send a message to the tracker every 15 minutes - # Don't close the websocket before this time - proxy_read_timeout 1200s; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://localhost:__PORT__; -} - -location /socket.io { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - - proxy_pass http://localhost:__PORT__; - - # enable WebSockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + try_files $uri @api; } diff --git a/conf/production.yaml b/conf/production.yaml index ede8aa8..e850d5e 100644 --- a/conf/production.yaml +++ b/conf/production.yaml @@ -40,7 +40,7 @@ database: suffix: '___APP__' username: '__DB_USER__' password: '__DB_PWD__' -pool: + pool: max: 5 # Redis server for short time storage @@ -100,10 +100,19 @@ log: maxFileSize: 12MB maxFiles: 20 anonymizeIP: false + log_ping_requests: true + prettify_sql: false trending: videos: interval_days: 7 # Compute trending videos for the last x days + algorithms: + enabled: + - 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History) + - 'hot' # adaptation of Reddit's 'Hot' algorithm + - 'most-viewed' # default, used initially by PeerTube as the trending page + - 'most-liked' + default: 'most-viewed' # Cache remote videos on your server, to help other instances to broadcast the video # You can define multiple caches using different sizes/strategies @@ -181,6 +190,12 @@ federation: videos: federate_unlisted: false + # Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments) + # It removes objects that do not exist anymore, and potentially fix their URLs + # This setting is opt-in because due to an old bug in PeerTube, remote rates sent by instance before PeerTube 3.0 will be deleted + # We still suggest you to enable this setting even if your users will loose most of their video's likes/dislikes + cleanup_remote_interactions: false + ############################################################################### # @@ -199,6 +214,8 @@ cache: size: 500 # Max number of previews you want to cache captions: size: 500 # Max number of video captions/subtitles you want to cache + torrents: + size: 500 # Max number of video torrents you want to cache admin: # Used to generate the root user at first startup @@ -228,11 +245,23 @@ user: # Please, do not disable transcoding since many uploaded videos will not work transcoding: enabled: true + # Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos allow_additional_extensions: true + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file allow_audio_files: true + + # Amount of threads used by ffmpeg for 1 transcoding job threads: 1 + # Amount of transcoding jobs to execute in parallel + concurrency: 1 + + # Choose the transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + resolutions: # Only created if the original video has a higher resolution, uses more storage! 0p: false # audio-only (creates mp4 without video stream, always created when enabled) 240p: false @@ -240,6 +269,7 @@ transcoding: 480p: false 720p: false 1080p: false + 1440p: false 2160p: false # Generate videos in a WebTorrent format (what we do since the first PeerTube release) @@ -261,7 +291,7 @@ live: enabled: true # Limit lives duration - # Set null to disable duration limit + # -1 == unlimited max_duration: -1 # For example: '5 hours' # Limit max number of live videos created on your instance @@ -287,17 +317,26 @@ live: enabled: true threads: 2 + # Choose the transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + resolutions: 240p: false 360p: false 480p: false 720p: false 1080p: false + 1440p: false 2160p: false import: # Add ability for your users to import remote videos (from YouTube, torrent...) videos: + # Amount of import jobs to execute in parallel + concurrency: 1 + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html enabled: false @@ -320,7 +359,7 @@ auto_blacklist: # Instance settings instance: name: 'YunoHost PeerTube' - short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' + short_description: 'PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.' description: 'Welcome to this PeerTube instance!' # Support markdown terms: 'No terms for now.' # Support markdown code_of_conduct: '' # Supports markdown diff --git a/conf/systemd.service b/conf/systemd.service index ee30548..794068e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=PeerTube: video streaming platform using P2P +Description=PeerTube daemon After=network.target postgresql.service redis-server.service [Service] diff --git a/manifest.json b/manifest.json index 3cc83f3..5105873 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Video streaming platform using P2P directly in the web browser, connected to a federated network", "fr": "Plateforme de diffusion vidéo par P2P directement dans le navigateur, et connectée à un réseau fédéralisé" }, - "version": "3.0.1~ynh1", + "version": "3.1.0~ynh1", "url": "https://github.com/Chocobozzz/PeerTube", "license": "AGPL-3.0-only", "maintainer": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 03fa0ab..1441eb6 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,7 +7,7 @@ # dependencies used by the app pkg_dependencies="ffmpeg postgresql postgresql-contrib openssl g++ redis-server redis-tools mailutils apt-transport-https" -YNH_NODEJS_VERSION=12 +YNH_NODEJS_VERSION=14 #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index dcb5312..63a838a 100644 --- a/scripts/install +++ b/scripts/install @@ -169,7 +169,7 @@ chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs - #sudo -u $app env PATH=$PATH yarn install --production --pure-lockfile + #ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile popd #================================================= @@ -180,6 +180,40 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config --others_var="ynh_node_load_PATH" +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" + +#================================================= +# INSTALL LDAP PLUGIN +#================================================= +ynh_script_progression --message="Installing LDAP plugin..." + +pushd "$final_path" + #NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run plugin:install -- --npm-name peertube-plugin-auth-ldap +popd + +#================================================= +# CHANGE PEERTUBE ADMIN PASSWORD +#================================================= +ynh_script_progression --message="Changing PeerTube admin password..." + +pushd "$final_path" + #echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root +popd + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" + #================================================= # GENERIC FINALIZATION #================================================= @@ -211,7 +245,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -#ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +#ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # SETUP SSOWAT @@ -235,15 +269,6 @@ ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# CHANGE PEERTUBE ADMIN PASSWORD AFTER INITIAL GEN -#================================================= - -# we need to wait for the service to init peertube's database -pushd "$final_path" - #echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root -popd - #================================================= # SEND A README FOR THE ADMIN #================================================= diff --git a/scripts/restore b/scripts/restore index 70a2ac2..8b4b2e8 100644 --- a/scripts/restore +++ b/scripts/restore @@ -152,7 +152,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 0356db0..74629b8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -246,7 +246,16 @@ chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs - #sudo -u $app env PATH=$PATH yarn install --production --pure-lockfile + #ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile +popd + +#================================================= +# INSTALL LDAP PLUGIN +#================================================= +ynh_script_progression --message="Installing LDAP plugin..." + +pushd "$final_path" + #NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run plugin:install -- --npm-name peertube-plugin-auth-ldap popd #================================================= @@ -287,7 +296,7 @@ yunohost service add $app --description "$app daemon for Peertube" --log "$datad #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server listening on localhost" +#ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="HTTP server listening on localhost" #================================================= # RELOAD NGINX