搭建 PeerTube 一个去中心化的视频平台
什么是 PeerTube?
https://views.southfox.me/w/kkGMgK9ZtnKfYAgnEtQxbv?subtitle=zh
搭建
如果环境允许的话,还是推荐使用源码安装,毕竟使用 Docker
会产生一些小毛病……
当然本教程依然用 docker-compose
进行安装(
参考官方文档
- 提前为实例地址申请好
HTTPS
证书待用 - 新建一个文件夹并进入
cd /your/peertube/directory
- 获取
docker-compose.yml
文件
curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml
- 获取
.env
配置文件
curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env
- 如果机子打算安装其他服务(即宿主机
80
443
端口已被占用),那么就修改docker-compose.yml
文件使用宿主机的Web
程序进行反代(本教程使用的Web
程序为nginx
)
version: "3.3" services: # You can comment this webserver section if you want to use another webserver/proxy #webserver: # image: chocobozzz/peertube-webserver:latest # If you don't want to use the official image and build one from sources: # build: # context: . # dockerfile: Dockerfile.nginx #env_file: # - .env #ports: # - "80:80" # - "443:443" #volumes: # - type: bind # Switch sources if you downloaded the whole repository #source: ../../nginx/peertube # source: ./docker-volume/nginx/peertube # target: /etc/nginx/conf.d/peertube.template # - assets:/var/www/peertube/peertube-latest/client/dist:ro # - ./docker-volume/data:/var/www/peertube/storage # - certbot-www:/var/www/certbot # - ./docker-volume/certbot/conf:/etc/letsencrypt #depends_on: # - peertube #restart: "always" # You can comment this certbot section if you want to use another webserver/proxy #certbot: # container_name: certbot # image: certbot/certbot # volumes: # - ./docker-volume/certbot/conf:/etc/letsencrypt # - certbot-www:/var/www/certbot # restart: unless-stopped # entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;" # depends_on: # - webserver peertube: # If you don't want to use the official image and build one from sources: # build: # context: . # dockerfile: ./support/docker/production/Dockerfile.bullseye image: chocobozzz/peertube:production-bullseye # Use a static IP for this container because nginx does not handle proxy host change without reload # This container could be restarted on crash or until the postgresql database is ready for connection networks: default: ipv4_address: 172.20.0.42 #官方配置给出的地址可能会被占用 env_file: - .env ports: #- "1935:1935" # If you don't want to use the live feature, you can comment this line - "127.0.0.1:9000:9000" # If you provide your own webserver and reverse-proxy, otherwise not suitable for production volumes: - assets:/app/client/dist - ./docker-volume/data:/data - ./docker-volume/config:/config depends_on: - postgres - redis - postfix restart: "always" ...
着重修改 webserver
, certbot
, peertube
这几项,
0
评论
-
- 为宿主机的
nginx
新建一个站点配置
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017) # Please check your Nginx installation features the following modules via 'nginx -V': # STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading. # THIRD PARTY MODULES: None. server { listen 80; listen [::]:80; server_name views.southfox.me; location /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } upstream backend { server 172.20.0.42:9000; #与 docker-compose.yml 配置保持相同 } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name 实例地址; set_real_ip_from 0.0.0.0/0; real_ip_header X-Forwarded-For; access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m error_log /var/log/nginx/peertube.error.log; ## # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## ssl_certificate /etc/letsencrypt/live/实例地址/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/实例地址/privkey.pem; ## # Security hardening (as of Nov 15, 2020) # based on Mozilla Guideline v5.6 ## ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4 ssl_session_timeout 1d; # defaults to 5m ssl_session_cache shared:SSL:10m; # estimated to 40k sessions ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; ## # Application ## location @api { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; client_max_body_size 100k; # default is 1M proxy_connect_timeout 10m; proxy_send_timeout 10m; proxy_read_timeout 10m; send_timeout 10m; proxy_pass http://backend; } location / { try_files /dev/null @api; } location = /api/v1/videos/upload-resumable { client_max_body_size 0; proxy_request_buffering off; try_files /dev/null @api; } location = /api/v1/videos/upload { limit_except POST HEAD { deny all; } # This is the maximum upload size, which roughly matches the maximum size of a video file. # Note that temporary space is needed equal to the total size of all concurrent uploads. # This data gets stored in /var/lib/nginx by default, so you may want to put this directory # on a dedicated filesystem. client_max_body_size 12G; # default is 1M add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) { client_max_body_size 6M; # default is 1M add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) try_files /dev/null @api; } ## # Websocket ## location @api_websocket { proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://backend; } location /socket.io { try_files /dev/null @api_websocket; } location /tracker/socket { # Peers send a message to the tracker every 15 minutes # Don't close the websocket before then proxy_read_timeout 15m; # default is 60s try_files /dev/null @api_websocket; } ## # Performance optimizations # For extra performance please refer to https://github.com/denji/nginx-tuning ## #root /var/www/peertube/storage; # Enable compression for JS/CSS/HTML, for improved client load times. # It might be nice to compress JSON/XML as returned by the API, but # leaving that out to protect against potential BREACH attack. gzip on; gzip_vary on; gzip_types # text/html is always compressed by HttpGzipModule text/css application/javascript font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_min_length 1000; # default is 20 bytes gzip_buffers 16 8k; gzip_comp_level 2; # default is 1 client_body_timeout 30s; # default is 60 client_header_timeout 10s; # default is 60 send_timeout 10s; # default is 60 keepalive_timeout 10s; # default is 75 resolver_timeout 10s; # default is 30 reset_timedout_connection on; proxy_ignore_client_abort on; tcp_nopush on; # send headers in one piece tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time }
依据官方配置修改而来
其中set_real_ip
一栏尽量设置上,因为PeerTube
依靠用户的真实地址进行分享视频以及进行攻击检测,如果运行在Docker
和CDN
后会导致IP
获取不正常0 - 为宿主机的
-
- 运行服务,
docker-compose up -d
- 等待一段时间后,用
docker-compose logs peertube | grep -A1 root
检索有没有输出,没有的话应是服务还没运行完成,成功的话会显示出服务的root
密码
$ docker-compose logs peertube | grep -A1 root peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root peertube_1 | [example.com:443] 2019-11-16 04:26:06.083 info: User password: abcdefghijklmnop
格式如上所示
- 复制
root
密码,进入实例地址登陆,并设置自己的站点吧!
0 - 运行服务,
-
@SouthFox 说道:
什么是 PeerTube?
https://views.southfox.me/w/kkGMgK9ZtnKfYAgnEtQxbv?subtitle=zh
搭建
如果环境允许的话,还是推荐使用源码安装,毕竟使用
Docker
会产生一些小毛病……
当然本教程依然用docker-compose
进行安装(
参考官方文档- 提前为实例地址申请好
HTTPS
证书待用 - 新建一个文件夹并进入
cd /your/peertube/directory
- 获取
docker-compose.yml
文件
curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml
- 获取
.env
配置文件
curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env
- 如果机子打算安装其他服务(即宿主机
80
443
端口已被占用),那么就修改docker-compose.yml
文件使用宿主机的Web
程序进行反代(本教程使用的Web
程序为nginx
)
version: "3.3" services: # You can comment this webserver section if you want to use another webserver/proxy #webserver: # image: chocobozzz/peertube-webserver:latest # If you don't want to use the official image and build one from sources: # build: # context: . # dockerfile: Dockerfile.nginx #env_file: # - .env #ports: # - "80:80" # - "443:443" #volumes: # - type: bind # Switch sources if you downloaded the whole repository #source: ../../nginx/peertube # source: ./docker-volume/nginx/peertube # target: /etc/nginx/conf.d/peertube.template # - assets:/var/www/peertube/peertube-latest/client/dist:ro # - ./docker-volume/data:/var/www/peertube/storage # - certbot-www:/var/www/certbot # - ./docker-volume/certbot/conf:/etc/letsencrypt #depends_on: # - peertube #restart: "always" # You can comment this certbot section if you want to use another webserver/proxy #certbot: # container_name: certbot # image: certbot/certbot # volumes: # - ./docker-volume/certbot/conf:/etc/letsencrypt # - certbot-www:/var/www/certbot # restart: unless-stopped # entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;" # depends_on: # - webserver peertube: # If you don't want to use the official image and build one from sources: # build: # context: . # dockerfile: ./support/docker/production/Dockerfile.bullseye image: chocobozzz/peertube:production-bullseye # Use a static IP for this container because nginx does not handle proxy host change without reload # This container could be restarted on crash or until the postgresql database is ready for connection networks: default: ipv4_address: 172.20.0.42 #官方配置给出的地址可能会被占用 env_file: - .env ports: #- "1935:1935" # If you don't want to use the live feature, you can comment this line - "127.0.0.1:9000:9000" # If you provide your own webserver and reverse-proxy, otherwise not suitable for production volumes: - assets:/app/client/dist - ./docker-volume/data:/data - ./docker-volume/config:/config depends_on: - postgres - redis - postfix restart: "always" ...
着重修改
webserver
,certbot
,peertube
这几项,补充一点,还需要同时修改下面的subnet为
172.20.0.0/16
networks: default: ipam: driver: default config: - subnet: 172.20.0.0/16 #原为 172.18.0.0/16
0 - 提前为实例地址申请好