PeerTube/support/nginx/peertube

server {
  listen 80;
  # listen [::]:80;
  server_name domain.tld;

  access_log /var/log/nginx/peertube_access.log;
  error_log /var/log/nginx/peertube_error.log;

  location /.well-known/acme-challenge/ { allow all; }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  # listen [::]:443 ssl http2;
  server_name domain.tld;

  access_log /var/log/nginx/peertube_access.log;
  error_log /var/log/nginx/peertube_error.log;

  # For example with Let's Encrypt
  ssl_certificate      /etc/letsencrypt/live/domain.tld/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/domain.tld/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem;

  location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
    add_header Cache-Control "public, max-age=31536000, immutable";

    alias /home/peertube/peertube-latest/client/dist/$1;
  }

  location ~ ^/static/(thumbnails|avatars)/(.*)$ {
    add_header Cache-Control "public, max-age=31536000, immutable";

    alias /home/peertube/storage/$1/$2;
  }

  location / {
    proxy_pass http://localhost:9000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # For the video upload
    client_max_body_size 2G;
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
  }

  # Bypass PeerTube webseed route for better performances
  location /static/webseed {
    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
    limit_rate 800k;

    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }

    if ($request_method = 'GET') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

      # Don't spam access log file with byte range requests
      access_log off;
    }

    alias /home/peertube/storage/videos;
  }

  # Websocket tracker
  location /tracker/socket {
    # Peers send a message to the tracker every 15 minutes
    # Don't close the websocket before this time
    proxy_read_timeout 1200s;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://localhost:9000;
  }
}
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`server {`
			`listen 80;`
			`# listen [::]:80;`
			`server_name domain.tld;`
Update production guide Use release that already contains build files. It requires a specific directories tree but I think it would be fine. 2018-01-15 17:56:58 +01:00
nginx optimizations 2018-01-18 17:44:13 +01:00			`access_log /var/log/nginx/peertube_access.log;`
			`error_log /var/log/nginx/peertube_error.log;`

Update production guide Use release that already contains build files. It requires a specific directories tree but I think it would be fine. 2018-01-15 17:56:58 +01:00			`location /.well-known/acme-challenge/ { allow all; }`
			`location / { return 301 https://$host$request_uri; }`
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`}`

			`server {`
Remove unused webserver configuration And update nginx configuration with a rate limit 2018-01-11 10:45:06 +01:00			`listen 443 ssl http2;`
			`# listen [::]:443 ssl http2;`
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`server_name domain.tld;`

nginx optimizations 2018-01-18 17:44:13 +01:00			`access_log /var/log/nginx/peertube_access.log;`
			`error_log /var/log/nginx/peertube_error.log;`

Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`# For example with Let's Encrypt`
			`ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem;`

nginx optimizations 2018-01-18 17:44:13 +01:00			`location ~ ^/client/(.*\.(js\|css\|woff2\|otf\|ttf\|woff\|eot))$ {`
			`add_header Cache-Control "public, max-age=31536000, immutable";`

			`alias /home/peertube/peertube-latest/client/dist/$1;`
			`}`

Don't serve previews with nginx We need to maintain a cache in the node process 2018-01-18 18:45:27 +01:00			`location ~ ^/static/(thumbnails\|avatars)/(.*)$ {`
nginx optimizations 2018-01-18 17:44:13 +01:00			`add_header Cache-Control "public, max-age=31536000, immutable";`

			`alias /home/peertube/storage/$1/$2;`
			`}`

Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`location / {`
			`proxy_pass http://localhost:9000;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`

			`# For the video upload`
Increase client_max_body_size in NGinx template 2017-10-17 11:45:53 +02:00			`client_max_body_size 2G;`
Add ability to unfollow a server 2017-11-20 11:19:23 +01:00			`proxy_connect_timeout 600;`
			`proxy_send_timeout 600;`
			`proxy_read_timeout 600;`
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`}`

			`# Bypass PeerTube webseed route for better performances`
			`location /static/webseed {`
Remove unused webserver configuration And update nginx configuration with a rate limit 2018-01-11 10:45:06 +01:00			`# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client`
			`limit_rate 800k;`

Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`if ($request_method = 'OPTIONS') {`
			`add_header 'Access-Control-Allow-Origin' '*';`
			`add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';`
			`add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';`
			`add_header 'Access-Control-Max-Age' 1728000;`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Content-Length' 0;`
			`return 204;`
			`}`

			`if ($request_method = 'GET') {`
			`add_header 'Access-Control-Allow-Origin' '*';`
			`add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';`
			`add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';`
nginx optimizations 2018-01-18 17:44:13 +01:00
			`# Don't spam access log file with byte range requests`
			`access_log off;`
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`}`

Update production guide Use release that already contains build files. It requires a specific directories tree but I think it would be fine. 2018-01-15 17:56:58 +01:00			`alias /home/peertube/storage/videos;`
Add peertube https nginx template 2016-11-25 14:20:00 +01:00			`}`

			`# Websocket tracker`
			`location /tracker/socket {`
			`# Peers send a message to the tracker every 15 minutes`
			`# Don't close the websocket before this time`
			`proxy_read_timeout 1200s;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_http_version 1.1;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header Host $host;`
			`proxy_pass http://localhost:9000;`
			`}`
			`}`