[Adminsysters] peertube installation

ignifugo ignifugo at insicuri.net
Tue Oct 19 09:03:11 CEST 2021 

On 18/10/21 19:24, mara wrote:
> You are right ignifugo, peertube has node as its own server. But it's
> annoying how much hidden these all are. E.x mailman on systerserver also
> has its own python based web-server (gunicorn), which run with a
> separate unit service, and apache works as a proxy, relaying requests
> from outside to local gunicorn.
yep.. I don't know mailman, but I suspect that gitlab does that also..
>
> The other difficulty, is that peertube also uses websockets. so we need
> to see how to configure this with apache as well.

yes.. I have also this bunch of helps, that send me the neighborg that 
installed peertube in our meshnetwork with me,

but I was really working on another topic in that moment... and yes, 
here in local server we use docker. but I think is quite the same. 
Apache is not dockerized in that installation. so, see you later.

I'm sorry that I'll be present only at the morning, because I have 
another videoconf after..

hugs igni

:::::::::::::::::::::

## modules to enable
a2enmod proxy_wstunnel
a2enmod rewrite
a2enmod headers
a2enmod remoteip

## http only
a2enmod proxy_http

## not checked this error but it should also missing
a2enmod ratelimit
from 
https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7#gistcomment-3439596

## consulted links
a now OUTDATED httpd/Apache vhost to run PeerTube | note that only Nginx 
is supported by the PeerTube team, and with this or any other Apache 
configuration, you will likely get NO SUPPORT.
https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7

https://www.nginx.com/resources/wiki/start/topics/examples/likeapache/
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
https://docs.joinpeertube.org/install-docker
https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/docker.md

### get autogenerated root password (docker)
docker-compose logs | grep -A1 root

>
> cu tmrw, m
>
> On 10/18/21 6:42 PM, ignifugo wrote:
>> On 14/10/21 16:45, Donna Metzlar wrote:
>>> Hi,
>>>
>>> On 14/10/2021 16:34, mara wrote:
>>>> only nginx support. ignifugo suggested to try to install nginx along
>>>> with apache. any thoughts on this?
>>> I always struggle with mixing Apache and Nginx on a system with multiple
>>> domains, because port 80 can't be shared. I tried learning Docker to get
>>> around this once and for all but got stuck and never finished the plan.
>> hum I think that peertube has awebserver inside (maeby node) that
>> exposes on the 9000 port
>>
>> so maybe we can retry using apache to pass on the port 443. I did some
>> experiment in the service machine on the mesh network when I lived and I
>> saw peertube working only with apache. so i have hope! :)
>>
>> I used this configuration, a bit different because I have not https in
>> local network.
>>
>> hugs see you tomorrow
>>
>> igni
>>
>> <VirtualHost *:80 [::]:80>
>>
>>      ServerName hueco.valsamoggia.ninux.org
>>      ServerAdmin webmaster at localhost
>>
>>    Header always set X-Content-Type-Options nosniff
>>    Header always set X-Robots-Tag none
>>    Header always set X-XSS-Protection "1; mode=block"
>>
>>    # Bypass PeerTube webseed route for better performances
>>    Alias /static/webseed /var/www/peertube/storage/videos
>>    <Location /static/webseed>
>>            # Clients usually have 4 simultaneous webseed connections, so
>> the real limit is 3MB/s per client
>>            SetOutputFilter RATE_LIMIT
>>            SetEnv rate-limit 800
>>
>>            SetEnvIf Request_Method "GET" GETMETH=1
>>
>>            Header set Access-Control-Allow-Origin "*" env=GETMETH
>>            Header set Access-Control-Allow-Headers
>> "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
>> env=GETMETH
>>            Header set Access-Control-Allow-Methods "GET, OPTIONS"
>> env=GETMETH
>>            SetEnvIf GETMETH "1" dontlog
>>
>>            SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1
>>
>>            Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
>>            Header set Access-Control-Allow-Headers
>> "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
>> env=OPTIONSMETH
>>            Header set Access-Control-Allow-Methods "GET, OPTIONS"
>> env=OPTIONSMETH
>>            Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
>>            Header set Content-Type "text/plain charset=UTF-8"
>> env=OPTIONSMETH
>>            Header set Content-Length "0" env=OPTIONSMETH
>>    </Location>
>>
>>    <Location /videos/embed>
>>            Header unset X-Frame-Options
>>    </Location>
>>
>>    ProxyPreserveHost On
>>    ProxyTimeout 600
>>
>>    # Websocket tracker
>>    RewriteEngine On
>>    RewriteCond %{HTTP:Upgrade} websocket [NC]
>>    RewriteRule /(.*) ws://0.0.0.0:9000/$1 [P,L]
>>
>>    <Location />
>>            ProxyPass http://0.0.0.0:9000/ timeout=600
>>    </Location>
>>
>>    # Get client ip intact
>>    RemoteIPHeader X-Client-IP
>>    RemoteIPHeader X-Forwarded-For
>>
>>    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
>>      # error, crit, alert, emerg.
>>      # It is also possible to configure the loglevel for particular
>>      # modules, e.g.
>>      # LogLevel info ssl:warn
>>
>>      ErrorLog ${APACHE_LOG_DIR}/error.log
>> #    CustomLog ${APACHE_LOG_DIR}/access.log combined
>>
>> </VirtualHost>
>>
>> _______________________________________________
>> Adminsysters mailing list
>> Adminsysters at lists.genderchangers.org
>> https://lists.genderchangers.org/mailman/listinfo/adminsysters

More information about the Adminsysters mailing list