From 85cd9bde5a93500f973773f46680c07dd90d5912 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 11 Jan 2018 10:45:06 +0100 Subject: [PATCH] Remove unused webserver configuration And update nginx configuration with a rate limit --- support/apache/peertube.conf | 26 ------------------ support/nginx/peertube | 51 ------------------------------------ support/nginx/peertube-https | 7 +++-- 3 files changed, 5 insertions(+), 79 deletions(-) delete mode 100644 support/apache/peertube.conf delete mode 100644 support/nginx/peertube diff --git a/support/apache/peertube.conf b/support/apache/peertube.conf deleted file mode 100644 index 97d5e2fa7..000000000 --- a/support/apache/peertube.conf +++ /dev/null @@ -1,26 +0,0 @@ - - ServerName peertube.example.org - - CustomLog /var/log/apache2/peertube/peertube-access.log combined - ErrorLog /var/log/apache2/peertube/peertube-error.log - - ProxyRequests Off - ProxyPreserveHost On - - Timeout 900 - - Header set Access-Control-Allow-Origin "*" - Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, range" - Header set Access-Control-Allow-Methods "POST, GET, OPTIONS" - - ProxyPass /tracker/socket "ws://localhost:9000/tracker/socket" - ProxyPassReverse /tracker/socket "ws://localhost:9000/tracker/socket" - - ProxyPass / http://localhost:9000/ - ProxyPassReverse / http://localhost:9000/ - - ProxyTimeout 1200 - - - - diff --git a/support/nginx/peertube b/support/nginx/peertube deleted file mode 100644 index 8120738f6..000000000 --- a/support/nginx/peertube +++ /dev/null @@ -1,51 +0,0 @@ -server { - listen 80; - server_name domain.tld; - - location / { - proxy_pass http://localhost:9000; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # For the video upload - client_max_body_size 2G; - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - } - - # Bypass PeerTube webseed route for better performances - location /static/webseed { - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } - - alias /your/installation/PeerTube/videos; - } - - # Websocket tracker - location /tracker/socket { - # Peers send a message to the tracker every 15 minutes - # Don't close the websocket before this time - proxy_read_timeout 1200s; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_pass http://localhost:9000; - } -} diff --git a/support/nginx/peertube-https b/support/nginx/peertube-https index 794920280..c3465f74b 100644 --- a/support/nginx/peertube-https +++ b/support/nginx/peertube-https @@ -6,8 +6,8 @@ server { } server { - listen 443 ssl http2; # spdy is deprecated on nginx - # listen [::]:443 ssl spdy; + listen 443 ssl http2; + # listen [::]:443 ssl http2; server_name domain.tld; # For example with Let's Encrypt @@ -30,6 +30,9 @@ server { # Bypass PeerTube webseed route for better performances location /static/webseed { + # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client + limit_rate 800k; + if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';