description: "PeerTube Server"
maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
#docker-image: chocobozzz/peertube:production-stretch  ## YYY: to save in our docker-registry
data-resources:
  - /var/lib/peertube
  - /var/log/peertube
  - /var/cache/peertube
config-resources:
  - /etc/peertube

## XXXvlab: options here are the one provided to the server as
## defaults BUT that can be changed from within the web
## interface.
default-options:
  # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
  # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
  # Please, do not disable transcoding since many uploaded videos will not work
  transcoding:
    enabled: true
    threads: 1
    resolutions: # Only created if the original video has a higher resolution, uses more storage!
      240p: true
      360p: true
      480p: true
      720p: true
      1080p: true

  import:
    # Add ability for your users to import remote videos (from YouTube, torrent...)
    videos:
      http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
        enabled: true
      torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
        enabled: true

  signup:
    enabled: true


uses:
  postgres-database:
    constraint: required
    auto: summon
    solves:
      database: "main storage"
    default-options:
      extensions:
        - pg_trgm
        - unaccent
  redis-database:
    constraint: required
    auto: summon
    solves:
      database: "short time storage"
  # log-rotate:
  #   constraint: recommended
  #   auto: pair
  #   solves:
  #     disk-leak: "/var/log/peertube"
  backup:
    constraint: recommended
    auto: pair
    solves:
      backup: "Automatic regular backup"
    default-options:
      ## First pattern matching wins, no pattern matching includes.
      ## include-patterns are checked first, then exclude-patterns
      ## Patterns rules:
      ##  - ending / for directory
      ##  - '*' authorized
      ##  - must start with a '/', will start from $SERVICE_DATASTORE
      exclude-patterns:
        - /var/cache/
        - /var/tmp/
  web-proxy:
    constraint: required
    auto: pair
    solves:
      proxy: "Public access"
    default-options:
      apache-custom-rules:
      - |
        ## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7

        Protocols h2 http/1.1

        # HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly)
        #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

        Header always set X-Content-Type-Options nosniff
        Header always set X-Robots-Tag none
        Header always set X-XSS-Protection "1; mode=block"

        # Hard limit, PeerTube does not support videos > 4GB
        LimitRequestBody 4294967294

        # Set caching on assets for 1 year
        <FilesMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$>
                Header append Cache-Control "public, max-age=31536000, immutable"
        </FilesMatch>
        AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1

        # Set caching on image files for 1 year
        <FilesMatch ^/static/(thumbnails|avatars)/(.*)$>
                Header append Cache-Control "public, max-age=31536000, immutable"
        </FilesMatch>
        AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2

        # Bypass PeerTube webseed route for better performances
        Alias /static/webseed /var/www/peertube/storage/videos
        <Location /static/webseed>
                # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
                SetOutputFilter RATE_LIMIT
                SetEnv rate-limit 800

                SetEnvIf Request_Method "GET" GETMETH=1

                Header set Access-Control-Allow-Origin "*" env=GETMETH
                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH
                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH
                Header set toto "foo" env=GETMETH
                SetEnvIf GETMETH "1" dontlog

                SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1

                Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH
                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH
                Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
                Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH
                Header set Content-Length "0" env=OPTIONSMETH
        </Location>

        <Location /videos/embed>
                Header unset X-Frame-Options
        </Location>

        ProxyPreserveHost On
        ProxyRequests On
        ProxyTimeout 600

        # Websocket tracker
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]

        # <Location />
        #         ProxyPass http://127.0.0.1:9000/
        # </Location>