搭建 PeerTube 一个去中心化的视频平台

SouthFox
最后编辑于 April 30 PeerTube

什么是 PeerTube?

https://views.southfox.me/w/kkGMgK9ZtnKfYAgnEtQxbv?subtitle=zh

搭建

如果环境允许的话,还是推荐使用源码安装,毕竟使用 Docker 会产生一些小毛病……
当然本教程依然用 docker-compose 进行安装(
参考官方文档

  • 提前为实例地址申请好 HTTPS 证书待用
  • 新建一个文件夹并进入 cd /your/peertube/directory
  • 获取 docker-compose.yml 文件
curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml
  • 获取 .env 配置文件
curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env
  • 如果机子打算安装其他服务(即宿主机 80 443 端口已被占用),那么就修改 docker-compose.yml 文件使用宿主机的 Web 程序进行反代(本教程使用的 Web 程序为 nginx
version: "3.3"

services:

  # You can comment this webserver section if you want to use another webserver/proxy
  #webserver:
  #  image: chocobozzz/peertube-webserver:latest
    # If you don't want to use the official image and build one from sources:
    # build:
    #   context: .
    #   dockerfile: Dockerfile.nginx
    #env_file:
    #  - .env
    #ports:
    # - "80:80"
    # - "443:443"
    #volumes:
    #  - type: bind
        # Switch sources if you downloaded the whole repository
        #source: ../../nginx/peertube
     #   source: ./docker-volume/nginx/peertube
     #   target: /etc/nginx/conf.d/peertube.template
     # - assets:/var/www/peertube/peertube-latest/client/dist:ro
     # - ./docker-volume/data:/var/www/peertube/storage
     # - certbot-www:/var/www/certbot
     # - ./docker-volume/certbot/conf:/etc/letsencrypt
    #depends_on:
    #  - peertube
    #restart: "always"

  # You can comment this certbot section if you want to use another webserver/proxy
  #certbot:
  #  container_name: certbot
  #  image: certbot/certbot
  #  volumes:
  #    - ./docker-volume/certbot/conf:/etc/letsencrypt
  #    - certbot-www:/var/www/certbot
  #  restart: unless-stopped
  #  entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
  #  depends_on:
  #    - webserver

  peertube:
    # If you don't want to use the official image and build one from sources:
    # build:
    #   context: .
    #   dockerfile: ./support/docker/production/Dockerfile.bullseye
    image: chocobozzz/peertube:production-bullseye
    # Use a static IP for this container because nginx does not handle proxy host change without reload
    # This container could be restarted on crash or until the postgresql database is ready for connection
    networks:
      default:
        ipv4_address: 172.20.0.42 #官方配置给出的地址可能会被占用
    env_file:
      - .env
    ports:
     #- "1935:1935" # If you don't want to use the live feature, you can comment this line
     - "127.0.0.1:9000:9000" # If you provide your own webserver and reverse-proxy, otherwise not suitable for production
    volumes:
      - assets:/app/client/dist
      - ./docker-volume/data:/data
      - ./docker-volume/config:/config
    depends_on:
      - postgres
      - redis
      - postfix
    restart: "always"

...

着重修改 webserver, certbot, peertube 这几项,

评论

    • 为宿主机的 nginx 新建一个站点配置
    # Minimum Nginx version required:  1.13.0 (released Apr 25, 2017)
    # Please check your Nginx installation features the following modules via 'nginx -V':
    # STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
    # THIRD PARTY MODULES:   None.
    
    server {
      listen 80;
      listen [::]:80;
      server_name views.southfox.me;
    
      location /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/certbot;
      }
      location / { return 301 https://$host$request_uri; }
    }
    
    upstream backend {
      server 172.20.0.42:9000; #与 docker-compose.yml 配置保持相同
    }
    
    server {
      listen 443 ssl http2;
      listen [::]:443 ssl http2;
      server_name 实例地址;
      set_real_ip_from 0.0.0.0/0;
      real_ip_header X-Forwarded-For;
    
      access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
      error_log  /var/log/nginx/peertube.error.log;
    
      ##
      # Certificates
      # you need a certificate to run in production. see https://letsencrypt.org/
      ##
      ssl_certificate     /etc/letsencrypt/live/实例地址/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/实例地址/privkey.pem;
    
      ##
      # Security hardening (as of Nov 15, 2020)
      # based on Mozilla Guideline v5.6
      ##
    
      ssl_protocols             TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
      ssl_session_timeout       1d; # defaults to 5m
      ssl_session_cache         shared:SSL:10m; # estimated to 40k sessions
      ssl_session_tickets       off;
      ssl_stapling              on;
      ssl_stapling_verify       on;
      # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
      #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    
      ##
      # Application
      ##
    
      location @api {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
    
        client_max_body_size  100k; # default is 1M
    
        proxy_connect_timeout 10m;
        proxy_send_timeout    10m;
        proxy_read_timeout    10m;
        send_timeout          10m;
    
        proxy_pass http://backend;
      }
    
      location / {
        try_files /dev/null @api;
      }
    
      location = /api/v1/videos/upload-resumable {
        client_max_body_size    0;
        proxy_request_buffering off;
    
        try_files /dev/null @api;
      }
    
      location = /api/v1/videos/upload {
        limit_except POST HEAD { deny all; }
    
        # This is the maximum upload size, which roughly matches the maximum size of a video file.
        # Note that temporary space is needed equal to the total size of all concurrent uploads.
        # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
        # on a dedicated filesystem.
        client_max_body_size                      12G; # default is 1M
        add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
    
        try_files /dev/null @api;
      }
    
      location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
        client_max_body_size                      6M; # default is 1M
        add_header            X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
    
        try_files /dev/null @api;
      }
    
      ##
      # Websocket
      ##
    
      location @api_websocket {
        proxy_http_version 1.1;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host            $host;
        proxy_set_header   X-Real-IP       $remote_addr;
        proxy_set_header   Upgrade         $http_upgrade;
        proxy_set_header   Connection      "upgrade";
    
        proxy_pass http://backend;
      }
    
      location /socket.io {
        try_files /dev/null @api_websocket;
      }
    
      location /tracker/socket {
        # Peers send a message to the tracker every 15 minutes
        # Don't close the websocket before then
        proxy_read_timeout 15m; # default is 60s
    
        try_files /dev/null @api_websocket;
      }
    
      ##
      # Performance optimizations
      # For extra performance please refer to https://github.com/denji/nginx-tuning
      ##
    
      #root /var/www/peertube/storage;
    
      # Enable compression for JS/CSS/HTML, for improved client load times.
      # It might be nice to compress JSON/XML as returned by the API, but
      # leaving that out to protect against potential BREACH attack.
      gzip              on;
      gzip_vary         on;
      gzip_types        # text/html is always compressed by HttpGzipModule
                        text/css
                        application/javascript
                        font/truetype
                        font/opentype
                        application/vnd.ms-fontobject
                        image/svg+xml;
      gzip_min_length   1000; # default is 20 bytes
      gzip_buffers      16 8k;
      gzip_comp_level   2; # default is 1
    
      client_body_timeout       30s; # default is 60
      client_header_timeout     10s; # default is 60
      send_timeout              10s; # default is 60
      keepalive_timeout         10s; # default is 75
      resolver_timeout          10s; # default is 30
      reset_timedout_connection on;
      proxy_ignore_client_abort on;
    
      tcp_nopush                on; # send headers in one piece
      tcp_nodelay               on; # don't buffer data sent, good for small data bursts in real time
    
    }
    
    

    依据官方配置修改而来
    其中 set_real_ip 一栏尽量设置上,因为 PeerTube 依靠用户的真实地址进行分享视频以及进行攻击检测,如果运行在 DockerCDN 后会导致 IP 获取不正常

    • 编辑 .env 文件中的
      <MY POSTGRES USERNAME>
      <MY POSTGRES PASSWORD>
      <MY DOMAIN> 不带 'https://'
      <MY EMAIL ADDRESS>
      栏目,如果前面修改了 docker-compose.ymlipv4_address,那么也要将修改后的 IP 地址加入到 PEERTUBE_TRUST_PROXY 栏目(如 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.20.0.0/16"])
    • 运行服务,docker-compose up -d
    • 等待一段时间后,用 docker-compose logs peertube | grep -A1 root 检索有没有输出,没有的话应是服务还没运行完成,成功的话会显示出服务的 root 密码
    $ docker-compose logs peertube | grep -A1 root
    
    peertube_1  | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root
    peertube_1  | [example.com:443] 2019-11-16 04:26:06.083 info: User password: abcdefghijklmnop
    

    格式如上所示

    • 复制 root 密码,进入实例地址登陆,并设置自己的站点吧!
  • nonsense
    最后编辑于 June 30

    @SouthFox 说道:

    什么是 PeerTube?

    https://views.southfox.me/w/kkGMgK9ZtnKfYAgnEtQxbv?subtitle=zh

    搭建

    如果环境允许的话,还是推荐使用源码安装,毕竟使用 Docker 会产生一些小毛病……
    当然本教程依然用 docker-compose 进行安装(
    参考官方文档

    • 提前为实例地址申请好 HTTPS 证书待用
    • 新建一个文件夹并进入 cd /your/peertube/directory
    • 获取 docker-compose.yml 文件
    curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml
    
    • 获取 .env 配置文件
    curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env
    
    • 如果机子打算安装其他服务(即宿主机 80 443 端口已被占用),那么就修改 docker-compose.yml 文件使用宿主机的 Web 程序进行反代(本教程使用的 Web 程序为 nginx
    version: "3.3"
    
    services:
    
      # You can comment this webserver section if you want to use another webserver/proxy
      #webserver:
      #  image: chocobozzz/peertube-webserver:latest
        # If you don't want to use the official image and build one from sources:
        # build:
        #   context: .
        #   dockerfile: Dockerfile.nginx
        #env_file:
        #  - .env
        #ports:
        # - "80:80"
        # - "443:443"
        #volumes:
        #  - type: bind
            # Switch sources if you downloaded the whole repository
            #source: ../../nginx/peertube
         #   source: ./docker-volume/nginx/peertube
         #   target: /etc/nginx/conf.d/peertube.template
         # - assets:/var/www/peertube/peertube-latest/client/dist:ro
         # - ./docker-volume/data:/var/www/peertube/storage
         # - certbot-www:/var/www/certbot
         # - ./docker-volume/certbot/conf:/etc/letsencrypt
        #depends_on:
        #  - peertube
        #restart: "always"
    
      # You can comment this certbot section if you want to use another webserver/proxy
      #certbot:
      #  container_name: certbot
      #  image: certbot/certbot
      #  volumes:
      #    - ./docker-volume/certbot/conf:/etc/letsencrypt
      #    - certbot-www:/var/www/certbot
      #  restart: unless-stopped
      #  entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
      #  depends_on:
      #    - webserver
    
      peertube:
        # If you don't want to use the official image and build one from sources:
        # build:
        #   context: .
        #   dockerfile: ./support/docker/production/Dockerfile.bullseye
        image: chocobozzz/peertube:production-bullseye
        # Use a static IP for this container because nginx does not handle proxy host change without reload
        # This container could be restarted on crash or until the postgresql database is ready for connection
        networks:
          default:
            ipv4_address: 172.20.0.42 #官方配置给出的地址可能会被占用
        env_file:
          - .env
        ports:
         #- "1935:1935" # If you don't want to use the live feature, you can comment this line
         - "127.0.0.1:9000:9000" # If you provide your own webserver and reverse-proxy, otherwise not suitable for production
        volumes:
          - assets:/app/client/dist
          - ./docker-volume/data:/data
          - ./docker-volume/config:/config
        depends_on:
          - postgres
          - redis
          - postfix
        restart: "always"
    
    ...
    
    

    着重修改 webserver, certbot, peertube 这几项,

    补充一点,还需要同时修改下面的subnet为172.20.0.0/16

    networks:
      default:
        ipam:
          driver: default
          config:
             - subnet: 172.20.0.0/16   #原为 172.18.0.0/16 
    
登录注册后才能评论。