Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS="full full-vim media"
PEERTUBE_DOWNLOAD="https://github.com/Chocobozzz/PeerTube/releases/download/${PEERTUBE_VERSION}/${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz"
PEERTUBE_CONFIG_FILE=$PEERTUBE_DIR/config/production.yaml
PEERTUBE_SHORT_DESCRIPTION=$'Video broadcast'
PEERTUBE_DESCRIPTION=$'Video broadcast'
peertube_upgrading=
peertube_variables=(PEERTUBE_DOMAIN_NAME
PEERTUBE_CODE
PEERTUBE_ADMIN_PASSWORD
ONION_ONLY
DDNS_PROVIDER
MY_USERNAME
if [ -f "$PEERTUBE_DIR/peertube-latest/support/sysctl.d/30-peertube-tcp.conf" ]; then
cp "$PEERTUBE_DIR/peertube-latest/support/sysctl.d/30-peertube-tcp.conf" /etc/sysctl.d/
sysctl -p /etc/sysctl.d/30-peertube-tcp.conf
fi
}
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
if [ ! -d $PEERTUBE_DIR/config ]; then
mkdir -p $PEERTUBE_DIR/config
fi
if [ ! -d $PEERTUBE_DIR/storage ]; then
mkdir -p $PEERTUBE_DIR/storage
fi
if [ ! -d $PEERTUBE_DIR/versions ]; then
mkdir -p $PEERTUBE_DIR/versions
fi
cd ${PEERTUBE_DIR}/versions || exit 35
if [ -f "/repos/${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz" ]; then
cp "/repos/${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz" "${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz"
else
wget -q "$PEERTUBE_DOWNLOAD" -O "${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz"
fi
peertube_upgrading=
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
unxz "${PEERTUBE_DOWNLOAD_FILENAME}.tar.xz"
if [ ! -f "${PEERTUBE_DOWNLOAD_FILENAME}.tar" ]; then
echo $"${PEERTUBE_DOWNLOAD_FILENAME}.tar not found"
peertube_upgrading=
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
tar -xvf "${PEERTUBE_DOWNLOAD_FILENAME}.tar"
rm "${PEERTUBE_DOWNLOAD_FILENAME}.tar"
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
ln -s "versions/${PEERTUBE_DOWNLOAD_FILENAME}" ./peertube-latest
cd ${PEERTUBE_DIR}/peertube-latest || exit 35
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
# NOTE: these get installed from the global npm
npm install npm@6
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
echo "PATH=/root/.npm-global/bin:\$PATH" > "${PEERTUBE_DIR}/.bashrc"
echo "PATH=/root/.npm-global/bin:\$PATH" >> "${PEERTUBE_DIR}/.bashrc"
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
peertube_local_install="sudo -H -u peertube ${PEERTUBE_DIR}/peertube-latest/node_modules/.bin/npm install"
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
if [ -f "${PEERTUBE_DIR}/package-lock.json" ]; then
rm "${PEERTUBE_DIR}/package-lock.json"
fi
if ! sudo -H -u peertube NPM_CONFIG_PREFIX=${PEERTUBE_DIR}/peertube-latest/node_modules/npm NODE_CONFIG_DIR=${PEERTUBE_DIR}/config ${PEERTUBE_DIR}/peertube-latest/node_modules/.bin/yarn install --production --pure-lockfile; then
peertube_upgrading=
if [ ! $peertube_upgrading ]; then
increment_app_install_progress
fi
if [ ! -d ${PEERTUBE_DIR}/storage/logs ]; then
sudo -H -u peertube mkdir -p ${PEERTUBE_DIR}/storage/logs
fi
#sudo -H -u peertube ${PEERTUBE_DIR}/peertube-latest/node_modules/.bin/npm audit fix
function peertube_setting_registration {
allow_registrations="$1"
if [[ "$allow_registrations" == '1' ]]; then
sed -i "0,/enabled:.*/s//enabled: false/" ${PEERTUBE_CONFIG_FILE}
systemctl restart peertube
fi
if [[ "$allow_registrations" == '0' ]]; then
sed -i "0,/enabled:.*/s//enabled: true/" ${PEERTUBE_CONFIG_FILE}
systemctl restart peertube
fi
}
function peertube_import_from_syncthing {
peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
nodecmd='node'
if [[ "$ONION_ONLY" != 'no' ]]; then
peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
nodecmd='torsocks node'
fi
echo '';
echo 'if [ -f /root/.peertube.lock ]; then';
echo ' else';
echo ' exit 0';
echo ' fi';
echo 'fi';
echo '';
echo "MY_USERNAME=\$(cat /root/${PROJECT_NAME}.cfg | grep MY_USERNAME | awk -F '=' '{print \$2}')";
echo "if [ ! \"\$MY_USERNAME\" ]; then";
echo ' exit 0';
echo 'fi';
echo '';
echo "search_dir=/home/\$MY_USERNAME/Sync/peertube_upload";
echo ' exit 0';
echo 'fi';
echo "import_script=${PEERTUBE_DIR}/peertube-latest/dist/server/tools/upload.js";
echo "if [ ! -f \$import_script ]; then";
echo ' exit 0';
echo 'fi';
echo '';
echo "peertubeuser=\$(sed -n 1p < \"\$search_dir/login.txt\")";
echo "peertubepassword=\$(sed -n 2p < \"\$search_dir/login.txt\")";
echo " peertubensfw='--nsfw'";
echo 'fi';
echo "peertubeprivate='-P 3'";
echo " peertubeprivate='-P 1'";
echo 'fi';
echo " peertubeprivate='-P 1'";
echo 'fi';
echo '';
echo 'failed_uploads=0';
echo '';
echo "cd ${PEERTUBE_DIR} || exit 32";
echo "for video_file in \$search_dir/*; do";
echo " if [[ \"\$video_file\" == *'.ogv' || \"\$video_file\" == *'.webm' ]]; then";
echo " if ! grep -q \"\$video_file\" /root/.peertube_uploaded; then";
echo " peertubetitle=\$(basename \"\$video_file\" | awk -F '.' '{print \$1}' | sed 's|_| |g' | sed 's|-| |g')";
echo " if $nodecmd \$import_script -n \"\$peertubetitle\" \$peertubensfw \$peertubeprivate -u \"\$peertubedomain\" -U \"\$peertubeuser\" --password \"\$peertubepassword\" -f \"\$video_file\"; then";
echo " echo \"\$video_file\" >> /root/.peertube_uploaded";
echo " exit 0";
echo ' else';
echo " failed_uploads=\$((failed_uploads+1))";
echo " if [ \$failed_uploads -gt 1 ]; then";
echo ' fi';
echo ' fi';
echo ' fi';
echo ' fi';
chmod +x /usr/bin/peertubesync
cron_add_mins 1 /usr/bin/peertubesync
}
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
run_system_query_postgresql "CREATE USER peertube WITH PASSWORD '$PEERTUBE_ADMIN_PASSWORD';"
run_system_query_postgresql "CREATE DATABASE peertube OWNER peertube;"
run_system_query_postgresql "GRANT ALL PRIVILEGES ON DATABASE peertube to peertube;"
run_system_query_postgresql "set statement_timeout to 40000;"
peertube_database_extensions
if [ ! -d $PEERTUBE_DIR ]; then
return
fi
sed -i "s|level: '.*|level: 'debug' # debug/info/warning/error|g" "$PEERTUBE_DIR/config/production.yaml"
systemctl restart peertube
if [ ! -d $PEERTUBE_DIR ]; then
return
fi
sed -i "s|level: '.*|level: 'error' # debug/info/warning/error|g" "$PEERTUBE_DIR/config/production.yaml"
systemctl restart peertube
}
function add_user_peertube {
if [[ $(app_is_installed peertube) == "0" ]]; then
echo '0'
return
fi
# new_username="$1"
# new_user_password="$2"
echo '0'
}
function install_interactive_peertube {
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
PEERTUBE_DOMAIN_NAME='peertube.local'
write_config_param "PEERTUBE_DOMAIN_NAME" "$PEERTUBE_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details "peertube" "PEERTUBE_DOMAIN_NAME" "PEERTUBE_CODE"
fi
APP_INSTALLED=1
}
function peertube_set_admin_email {
read_config_param "$MY_EMAIL_ADDRESS"
data=$(mktemp 2>/dev/null)
dialog --title $"Set PeerTube administrator email address" \
--backtitle $"Freedombone Control Panel" \
--inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
if [ ${#peertube_email} -gt 8 ]; then
sed -i "s|email:.*|email: '${peertube_email}'|g" ${PEERTUBE_CONFIG_FILE}
systemctl restart peertube
dialog --title $"Set PeerTube administrator email address" \
--msgbox $"Set to $peertube_email" 6 75
fi
fi
;;
esac
}
function peertube_disable_signups {
dialog --title $"Disable PeerTube signups" \
--backtitle $"Freedombone Control Panel" \
--yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
0) sed -i "0,/enabled:.*/s//enabled: false/" ${PEERTUBE_CONFIG_FILE};;
1) sed -i "0,/enabled:.*/s//enabled: true/" ${PEERTUBE_CONFIG_FILE};;
255) return;;
esac
systemctl restart peertube
}
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
function peertube_import_from_file {
read_config_param MY_USERNAME
read_config_param PEERTUBE_DOMAIN_NAME
read_config_param ONION_ONLY
data2=$(mktemp 2>/dev/null)
dialog --backtitle $"Freedombone Control Panel" \
--title $"Import Video from file" \
--form $"Enter your PeerTube login details and video title" 10 65 4 \
$"Username:" 1 1 "$MY_USERNAME" 1 18 16 15 \
$"Password:" 2 1 "" 2 18 40 10000 \
$"Video Title:" 3 1 "" 3 18 40 1000 \
$"NSFW:" 4 1 $"no" 4 18 4 4 \
2> "$data2"
sel=$?
case $sel in
1) rm -f "$data2"
return;;
255) rm -f "$data2"
return;;
esac
peertubeuser=$(sed -n 1p < "$data2")
peertubepassword=$(sed -n 2p < "$data2")
peertubetitle=$(sed -n 3p < "$data2")
peertubensfw=$(sed -n 4p < "$data2")
rm -f "$data2"
peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
nodecmd='node'
if [[ "$ONION_ONLY" != 'no' ]]; then
peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
nodecmd='torsocks node'
fi
selected_file=$(dialog --title "Choose the video file (select with spacebar)" --fselect "/home/$MY_USERNAME/" 30 60)
if [ ! "$selected_file" ]; then
return
fi
if [[ "$selected_file" != *'.ogv' && "$selected_file" != *'.webm' ]]; then
dialog --title $"Import video from file" \
--msgbox $"The video should be in ogv or webm format" 6 75
cd $PEERTUBE_DIR || exit 32
import_script=$PEERTUBE_DIR/peertube-latest/dist/server/tools/upload.js
if [ ! -f $import_script ]; then
dialog --title $"Import videos" \
--msgbox $"upload script was not found" 6 75
return
fi
nsfwstr=
if [[ "$peertubensfw" == *'y'* || "$peertubensfw" == *'Y'* ]]; then
nsfwstr='--nsfw'
fi
titlestr=$(basename "$selected_file" | awk -F '.' '{print $1}' | sed 's|_| |g' | sed 's|-| |g')
if [ "$peertubetitle" ]; then
titlestr="-n \"$peertubetitle\""
fi
clear
$nodecmd $import_script $nsfwstr "$titlestr" -u "$peertubedomain" -U "$peertubeuser" --password "$peertubepassword" -f "$selected_file"
dialog --title $"Import video from file" \
--msgbox $"Video imported from $selected_file" 6 75
}
function peertube_import_videos {
read_config_param MY_USERNAME
read_config_param PEERTUBE_DOMAIN_NAME
read_config_param ONION_ONLY
dialog --backtitle $"Freedombone Control Panel" \
--title $"Import Videos from legacy sites" \
--form $"Enter a channel of video URL for YouTube/Vimeo/Dailymotion" 10 75 4 \
$"Username:" 1 1 "$MY_USERNAME" 1 22 16 15 \
$"Password:" 2 1 "" 2 22 50 10000 \
$"Video/Channel URL:" 3 1 "" 3 22 50 10000 \
peertubeuser=$(sed -n 1p < "$data2")
peertubepassword=$(sed -n 2p < "$data2")
video_url=$(sed -n 3p < "$data2")
rm -f "$data2"
peertubedomain="https://$PEERTUBE_DOMAIN_NAME"
nodecmd='node'
if [[ "$ONION_ONLY" != 'no' ]]; then
peertubedomain="http://$(cat /var/lib/tor/hidden_service_peertube/hostname)"
nodecmd='torsocks node'
fi
if [ ${#peertubeuser} -lt 3 ]; then
dialog --title $"Import videos from legacy sites" \
--msgbox $"Username was not valid" 6 75
return
fi
if [ ${#peertubepassword} -lt 3 ]; then
dialog --title $"Import videos from legacy sites" \
--msgbox $"Password was not valid" 6 75
return
fi
if [[ "$video_url" == *' '* || "$video_url" == *','* || "$video_url" == *'@'* ]]; then
dialog --title $"Import videos from legacy sites" \
--msgbox $"Video/channel URL was not valid" 6 75
return
fi
if [ ${#video_url} -lt 8 ]; then
dialog --title $"Import videos from legacy sites" \
--msgbox $"Video/channel URL was not valid" 6 75
return
fi
cd $PEERTUBE_DIR || exit 32
import_script=$PEERTUBE_DIR/peertube-latest/dist/server/tools/import-videos.js
# default to downloading as webm
sed -i "s|'.mp4'|'.webm'|g" $import_script
sed -i "s|const options = \\['-f'.*|const options = ['-f', '43', '-o', path];|g" $import_script
dialog --title $"Import videos from legacy sites" \
--msgbox $"import-videos script was not found" 6 75
return
fi
clear
$nodecmd $import_script -u "$peertubedomain" -U "$peertubeuser" --password "$peertubepassword" -t "$video_url"
dialog --title $"Import videos from legacy sites" \
--msgbox $"Video/s imported from $video_url" 6 75
}
function configure_interactive_peertube {
W=(1 $"Set administrator email address"
2 $"Disable or enable signups"
3 $"Import video from file")
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"PeerTube" --menu $"Choose an operation, or ESC to exit:" 12 60 4 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
fi
case $selection in
1) peertube_set_admin_email;;
2) peertube_disable_signups;;
3) peertube_import_from_file;;
peertube_user="$1"
new_peertube_password="$2"
if [ ${#new_peertube_password} -lt 8 ]; then
cd $PEERTUBE_DIR/peertube-latest || exit 53
echo -n "$new_peertube_password" | sudo -H -u peertube NODE_CONFIG_DIR=$PEERTUBE_DIR/config NODE_ENV=production npm run reset-password -- -u "$peertube_user"
"${PROJECT_NAME}-pass" -u "$peertube_user" -a peertube -p "$new_peertube_password"
# also change the root password if this is the admin user
read_config_param MY_USERNAME
if [[ "$peertube_user" == "$MY_USERNAME" ]]; then
peertube_user=root
echo -n "$new_peertube_password" | sudo -H -u peertube NODE_CONFIG_DIR=$PEERTUBE_DIR/config NODE_ENV=production npm run reset-password -- -u "$peertube_user"
"${PROJECT_NAME}-pass" -u "$peertube_user" -a peertube -p "$new_peertube_password"
fi
}
function reconfigure_peertube {
echo -n ''
}
function peertube_database_extensions {
cd /etc/postgresql || exit 34
sudo -u postgres psql peertube -c 'CREATE EXTENSION IF NOT EXISTS unaccent;'
sudo -u postgres psql peertube -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;'
}
peertube_upgrading=1
peertube_import_from_syncthing
peertube_upgrading=
CURR_PEERTUBE_VERSION=$(get_completion_param "peertube version")
if [[ "$CURR_PEERTUBE_VERSION" == "$PEERTUBE_VERSION" ]]; then
peertube_upgrading=
return
fi
read_config_param PEERTUBE_DOMAIN_NAME
systemctl stop peertube
if [ -d $PEERTUBE_DIR/.cache ]; then
chmod -R 700 $PEERTUBE_DIR/.cache
fi
peertube_database_extensions
if ! grep -q 'tmp: ' "${PEERTUBE_CONFIG_FILE}"; then
sed -i "/storage:/a tmp: '$PEERTUBE_DIR/storage/tmp/'" "${PEERTUBE_CONFIG_FILE}"
sed -i 's|tmp:| tmp:|g' "${PEERTUBE_CONFIG_FILE}"
fi
if ! grep -q 'redundancy: ' "${PEERTUBE_CONFIG_FILE}"; then
sed -i "/storage:/a redundancy: '$PEERTUBE_DIR/storage/videos/'" "${PEERTUBE_CONFIG_FILE}"
sed -i 's|redundancy:| redundancy:|g' "${PEERTUBE_CONFIG_FILE}"
fi
if ! grep -q 'csp-logger:' "${PEERTUBE_CONFIG_FILE}"; then
sed -i "/services:/a csp-logger:" "${PEERTUBE_CONFIG_FILE}"
sed -i 's|csp-logger:| csp-logger:|g' "${PEERTUBE_CONFIG_FILE}"
fi
if ! grep -q 'allow_additional_extensions:' "${PEERTUBE_CONFIG_FILE}"; then
sed -i "/transcoding:/a allow_additional_extensions:" "${PEERTUBE_CONFIG_FILE}"
sed -i 's|allow_additional_extensions:| allow_additional_extensions:|g' "${PEERTUBE_CONFIG_FILE}"
fi
if ! grep -q 'contact_form:' "${PEERTUBE_CONFIG_FILE}"; then
sed -i "/email:/a contact_form:" "${PEERTUBE_CONFIG_FILE}"
sed -i "/contact_form:/a enabled: true 82284" "${PEERTUBE_CONFIG_FILE}"
sed -i 's|enabled: true 82284| enabled: true|g' "${PEERTUBE_CONFIG_FILE}"
fi
set_completion_param "peertube version" "$PEERTUBE_VERSION"
peertube_upgrading=
}
function backup_local_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local'
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi
systemctl stop peertube
USE_POSTGRESQL=1
function_check backup_database_to_usb
backup_database_to_usb peertube
systemctl start peertube
peertube_path=$PEERTUBE_DIR/storage/videos
systemctl stop peertube
backup_directory_to_usb $peertube_path peertubevideos
systemctl start peertube
restart_site
fi
}
function restore_local_peertube {
PEERTUBE_DOMAIN_NAME='peertube.local'
PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
fi
if [ "$PEERTUBE_DOMAIN_NAME" ]; then
suspend_site "${PEERTUBE_DOMAIN_NAME}"
systemctl stop peertube
USE_POSTGRESQL=1
restore_database peertube
temp_restore_dir=/root/temppeertubevideos
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir peertubevideos
if [ -d $temp_restore_dir ]; then
if [ -d $temp_restore_dir$PEERTUBE_DIR/storage/videos ]; then
cp -r $temp_restore_dir$PEERTUBE_DIR/storage/videos/* $PEERTUBE_DIR/storage/videos/
cp -r $temp_restore_dir/* $PEERTUBE_DIR/storage/videos/
fi
chown -R peertube:peertube $PEERTUBE_DIR
rm -rf $temp_restore_dir
fi
systemctl start peertube
restart_site
fi
}
function backup_remote_peertube {
}
function remove_peertube {
if [ ${#PEERTUBE_DOMAIN_NAME} -eq 0 ]; then
return
fi
systemctl stop peertube
systemctl disable peertube
rm /etc/systemd/system/peertube.service
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs peertube
rm /etc/sysctl.d/30-peertube-tcp.conf
sysctl -p -q
nginx_dissite "$PEERTUBE_DOMAIN_NAME"
remove_certs "${PEERTUBE_DOMAIN_NAME}"
if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
fi
remove_config_param PEERTUBE_DOMAIN_NAME
remove_config_param PEERTUBE_CODE
function_check remove_onion_service
remove_onion_service peertube ${PEERTUBE_ONION_PORT}
remove_completion_param "install_peertube"
sed -i '/peertubesync/d' /etc/crontab
if [ -f /usr/bin/peertubesync ]; then
rm /usr/bin/peertubesync
fi
if [ -f /root/peertube_uploaded ]; then
rm /root/peertube_uploaded
fi
drop_database_postgresql peertube peertube
groupdel -f peertube
userdel -r peertube
if [ -d $PEERTUBE_DIR ]; then
rm -rf $PEERTUBE_DIR
fi
function_check remove_ddns_domain
}
function peertube_setup_web {
peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
{ echo 'server {';
echo ' listen 80;';
echo ' listen [::]:80;';
echo " server_name ${PEERTUBE_DOMAIN_NAME};";
echo '';
echo " access_log /dev/null;";
echo " error_log /dev/null;";
echo '';
echo " location / { return 301 https://\$host\$request_uri; }";
echo '}';
echo '';
echo 'server {';
echo ' listen 443 ssl http2;';
echo ' listen [::]:443 ssl http2;';
echo " server_name ${PEERTUBE_DOMAIN_NAME};";
echo ''; } > "$peertube_nginx_file"
function_check nginx_ssl
nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
function_check nginx_security_options
nginx_security_options "$PEERTUBE_DOMAIN_NAME"
echo ' ssl_session_cache shared:SSL:10m;';
echo ' ssl_session_tickets off;';
echo '';
echo ' # Enable compression for JS/CSS/HTML bundle, for improved client load times.';
echo ' # It might be nice to compress JSON, but leaving that out to protect against potential';
echo ' # compression+encryption information leak attacks like BREACH.';
echo ' gzip on;';
echo ' gzip_types text/css application/javascript;';
echo ' gzip_vary on;';
echo '';
echo ' # Enable HSTS'
echo ' # Tells browsers to stick with HTTPS and never visit the insecure HTTP';
echo ' # version. Once a browser sees this header, it will only visit the site over';
echo ' # HTTPS for the next 2 years: (read more on hstspreload.org)';
echo ' add_header Strict-Transport-Security "max-age=63072000;";';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " proxy_pass http://localhost:$PEERTUBE_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # Hard limit, PeerTube does not support videos > 8GB';
echo ' client_max_body_size 8G;';
echo ' proxy_connect_timeout 600;';
echo ' proxy_send_timeout 600;';
echo ' proxy_read_timeout 600;';
echo ' send_timeout 600;';
echo ' # Bypass PeerTube for performance reasons. Could be removed';
echo ' # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client';
echo ' limit_rate 800k;';
echo '';
echo " if (\$request_method = 'OPTIONS') {";
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo " add_header 'Access-Control-Max-Age' 1728000;";
echo " add_header 'Content-Type' 'text/plain charset=UTF-8';";
echo " add_header 'Content-Length' 0;";
echo ' return 204;';
echo ' }';
echo '';
echo " if (\$request_method = 'GET') {";
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo '';
echo ' # Dont spam access log file with byte range requests';
echo ' access_log off;';
echo " alias $PEERTUBE_DIR/storage/videos;";
echo ' }';
echo '';
echo ' # Websocket tracker';
echo ' location /tracker/socket {';
echo ' # Peers send a message to the tracker every 15 minutes';
echo ' # Dont close the websocket before this time';
echo ' proxy_read_timeout 1200s;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo " proxy_set_header Connection \"upgrade\";";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header Host \$host;";
echo " proxy_pass http://localhost:$PEERTUBE_PORT;";
echo -n '' > "$peertube_nginx_file"
fi
{ echo 'server {';
echo " listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
echo ' # Enable compression for JS/CSS/HTML bundle, for improved client load times.';
echo ' # It might be nice to compress JSON, but leaving that out to protect against potential';
echo ' # compression+encryption information leak attacks like BREACH.';
echo ' gzip on;';
echo ' gzip_types text/css application/javascript;';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " proxy_pass http://localhost:$PEERTUBE_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # Hard limit, PeerTube does not support videos > 8GB';
echo ' client_max_body_size 8G;';
echo ' proxy_connect_timeout 600;';
echo ' proxy_send_timeout 600;';
echo ' proxy_read_timeout 600;';
echo ' send_timeout 600;';
echo ' # Bypass PeerTube for performance reasons. Could be removed';
echo ' # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client';
echo ' limit_rate 800k;';
echo '';
echo " if (\$request_method = 'OPTIONS') {";
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo " add_header 'Access-Control-Max-Age' 1728000;";
echo " add_header 'Content-Type' 'text/plain charset=UTF-8';";
echo " add_header 'Content-Length' 0;";
echo ' return 204;';
echo ' }';
echo '';
echo " if (\$request_method = 'GET') {";
echo " add_header 'Access-Control-Allow-Origin' '*';";
echo " add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
echo " add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
echo '';
echo ' # Dont spam access log file with byte range requests';
echo ' access_log off;';
echo " alias $PEERTUBE_DIR/storage/videos;";
echo ' }';
echo '';
echo ' # Websocket tracker';
echo ' location /tracker/socket {';
echo ' # Peers send a message to the tracker every 15 minutes';
echo ' # Dont close the websocket before this time';
echo ' proxy_read_timeout 1200s;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo " proxy_set_header Connection \"upgrade\";";
echo ' proxy_http_version 1.1;';
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo " proxy_set_header Host \$host;";
echo " proxy_pass http://localhost:$PEERTUBE_PORT;";
echo '}'; } >> "$peertube_nginx_file"
# CSP currently causes an error
sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"
function_check create_site_certificate
create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'
function_check nginx_ensite
nginx_ensite "$PEERTUBE_DOMAIN_NAME"
}
function mesh_peertube_setup_web {
# TODO
echo -n ''
new_peertube_config_file=$peertube_prefix${PEERTUBE_CONFIG_FILE}
echo " port: $PEERTUBE_PORT";
echo '';
echo '# Correspond to your reverse proxy "listen" configuration';
echo 'webserver:'; } > "$new_peertube_config_file"
if [ ! "$peertube_prefix" ]; then
if [[ "$ONION_ONLY" == 'no' ]]; then
{ echo ' https: true';
echo " hostname: '$PEERTUBE_DOMAIN_NAME'";
echo ' port: 443'; } >> "$new_peertube_config_file"
{ echo ' https: false';
echo " hostname: '$PEERTUBE_ONION_HOSTNAME'";
echo ' port: 80'; } >> "$new_peertube_config_file"
echo " port: $MESH_PEERTUBE_PORT"; } >> "$new_peertube_config_file"
{ echo '# Proxies to trust to get real client IP';
echo "# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'";
echo '# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)';
echo 'trust_proxy:';
echo " - 'loopback'";
echo '';