description: "PeerTube Server" maintainer: "Valentin Lab <valentin.lab@kalysto.org>" ## XXXvlab: docker uses the 'build' directory or the 'image:' option here. #docker-image: chocobozzz/peertube:production-stretch ## YYY: to save in our docker-registry data-resources: - /var/lib/peertube - /var/log/peertube - /var/cache/peertube config-resources: - /etc/peertube ## XXXvlab: options here are the one provided to the server as ## defaults BUT that can be changed from within the web ## interface. default-options: # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. # Please, do not disable transcoding since many uploaded videos will not work transcoding: enabled: true threads: 1 resolutions: # Only created if the original video has a higher resolution, uses more storage! 240p: true 360p: true 480p: true 720p: true 1080p: true import: # Add ability for your users to import remote videos (from YouTube, torrent...) videos: http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html enabled: true torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) enabled: true signup: enabled: true uses: postgres-database: constraint: required auto: summon solves: database: "main storage" default-options: extensions: - pg_trgm - unaccent redis-database: constraint: required auto: summon solves: database: "short time storage" # log-rotate: # constraint: recommended # auto: pair # solves: # disk-leak: "/var/log/peertube" backup: constraint: recommended auto: pair solves: backup: "Automatic regular backup" default-options: ## First pattern matching wins, no pattern matching includes. ## include-patterns are checked first, then exclude-patterns ## Patterns rules: ## - ending / for directory ## - '*' authorized ## - must start with a '/', will start from $SERVICE_DATASTORE exclude-patterns: - /var/cache/ - /var/tmp/ web-proxy: constraint: required auto: pair solves: proxy: "Public access" default-options: apache-custom-rules: - | ## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7 Protocols h2 http/1.1 # HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly) #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Content-Type-Options nosniff Header always set X-Robots-Tag none Header always set X-XSS-Protection "1; mode=block" # Hard limit, PeerTube does not support videos > 4GB LimitRequestBody 4294967294 # Set caching on assets for 1 year <FilesMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$> Header append Cache-Control "public, max-age=31536000, immutable" </FilesMatch> AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1 # Set caching on image files for 1 year <FilesMatch ^/static/(thumbnails|avatars)/(.*)$> Header append Cache-Control "public, max-age=31536000, immutable" </FilesMatch> AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2 # Bypass PeerTube webseed route for better performances Alias /static/webseed /var/www/peertube/storage/videos <Location /static/webseed> # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client SetOutputFilter RATE_LIMIT SetEnv rate-limit 800 SetEnvIf Request_Method "GET" GETMETH=1 Header set Access-Control-Allow-Origin "*" env=GETMETH Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH Header set toto "foo" env=GETMETH SetEnvIf GETMETH "1" dontlog SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1 Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH Header set Access-Control-Max-Age "1000" env=OPTIONSMETH Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH Header set Content-Length "0" env=OPTIONSMETH </Location> <Location /videos/embed> Header unset X-Frame-Options </Location> ProxyPreserveHost On ProxyRequests On ProxyTimeout 600 # Websocket tracker RewriteEngine On RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L] # <Location /> # ProxyPass http://127.0.0.1:9000/ # </Location>