-
-
Save ROBERT-MCDOWELL/0ed82ec304fa76de9ff52cc4a5a49e4c to your computer and use it in GitHub Desktop.
Revisions
-
ROBERT-MCDOWELL revised this gist
Jun 29, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # PeerTube Apache configuration version 24.6.29 (for PeerTube version 5.x only) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 -
Jun 29, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(51 SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyPreserveHost On ProxyRequests Off # (Note: turn it On if you are using a safe and secure reverse proxy) <VirtualHost *:80 [::]:80> -
Jan 6, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # PeerTube Apache configuration version 24.1.6 (for PeerTube version 5.x only) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 -
Jan 6, 2024 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,8 @@ SSLStaplingCache shmcb:logs/stapling-cache(150000) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyPreserveHost On ProxyRequests On <VirtualHost *:80 [::]:80> -
Dec 5, 2023 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 5, 2023 . No changes.There are no files selected for viewing
-
Dec 5, 2023 . 1 changed file with 1 addition and 238 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,3 @@ # PeerTube Apache configuration version 23.8.15 (for PeerTube version 5.x only) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" @@ -253,235 +247,4 @@ ProxyRequests off # Normal HTTP requests ProxyPass "/" "http://backend/" flushpackets=on keepalive=on enablereuse=on upgrade=websocket </VirtualHost> -
Dec 5, 2023 . 1 changed file with 240 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,10 @@ Here is the full PeerTube apache ( >= 2.4.47) config which is the equivalent of the nginx peertube default --- ```xml # PeerTube Apache configuration version 23.8.15 (for PeerTube version 5.x only) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 @@ -14,7 +19,6 @@ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(51 SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyRequests off <VirtualHost *:80 [::]:80> @@ -241,12 +245,243 @@ ProxyVia off </LocationMatch> # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket.io/)"> Header set Upgrade "websocket" Header set Connection "Upgrade" </LocationMatch> # Normal HTTP requests ProxyPass "/" "http://backend/" flushpackets=on keepalive=on enablereuse=on upgrade=websocket </VirtualHost> ``` --- ```xml # PeerTube Apache configuration version 24.0 (for PeerTube version >= 6+ only) SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) # Please check your Apache installation features the following modules via 'apachectl -M': # STANDARD HTTP MODULES: core_module, proxy_module, proxy_http2_module, proxy_wstunnel_module, proxy_http_module, headers_module, remoteip_module, ssl_module, filter_module, reqtimeout_module # THIRD PARTY MODULES: None. # check https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.6 for hardening security SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyRequests off <VirtualHost *:80 [::]:80> Protocols h2c http/1.1 ServerName peertube.example.com ServerAdmin [email protected] ErrorLog "/var/log/httpd/[peertube.example.com].error.log" CustomLog "/var/log/httpd/[peertube.example.com].access.log" common env=!dontlog RewriteEngine on RewriteOptions inherit RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Alias /.well-known/acme-challenge/ /var/www/certbot/ <Directory "/var/www/certbot"> Options None AllowOverride None ForceType text/plain RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)" Require method GET POST OPTIONS </Directory> </VirtualHost> <VirtualHost *:443 [::]:443> Protocols h2 h2c http/1.1 TLSv1.2 TLSv1.3 http/1.0 ServerName peertube.example.com ServerAdmin [email protected] RewriteEngine on RewriteOptions inherit CustomLog "/usr/local/apache/logs/peertube.access.log" common "env=!dontlog" ErrorLog "/usr/local/apache/logs/example.com.error.log" ## # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/peertube.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/peertube.example.com/privkey.pem ## # Security hardening (as of Nov 15, 2020) # based on Mozilla Guideline v5.6 ## SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSLCipherSuite: add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLSessionTickets off SSLUseStapling on Header set Strict-Transport-Security "max-age=8740000; includeSubDomains; preload" Header set X-Content-Type-Options nosniff Header set X-Robots-Tag none Header set X-XSS-Protection "1; mode=block" # Uncomment if you are using a revers proxy #RequestHeader set Host expr=%{HTTP_HOST} #RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR} #RequestHeader set X-Real-IP expr=%{REMOTE_ADDR} ErrorDocument 400 "Bad Request: The request could not be understood." ErrorDocument 401 "Unauthorized: Authentication is required." ErrorDocument 402 "Payment Required: Payment is needed to access this resource." ErrorDocument 403 "Forbidden: You don't have permission to access this resource." ErrorDocument 500 "Internal Server Error: Something went wrong on the server." ## # Application ## LimitRequestBody 102400 ProxyReceiveBufferSize 0 KeepAliveTimeout 10 ProxyTimeout 900 ProxyIOBufferSize 0 <Location "/api/v1/web-videos/upload-resumable"> LimitRequestBody 0 </Location> <LocationMatch "^/api/v1/web-videos/(upload|([^/]+/studio/edit))$"> Require all granted <LimitExcept POST HEAD> Require all denied </LimitExcept> # This is the maximum upload size, which roughly matches the maximum size of a video file. # Note that temporary space is needed equal to the total size of all concurrent uploads. # You may want to put this directory on a dedicated filesystem. LimitRequestBody 12884901888 # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody) Header set X-File-Maximum-Size 8G </LocationMatch> <LocationMatch "^/api/v1/runners/jobs/[^/]+/(update|success)$"> LimitRequestBody 12884901888 Header set X-File-Maximum-Size 8G </LocationMatch> <LocationMatch "^/api/v1/(web-videos/*/views|video-playlists|video-channels|metrics)*$"> LimitRequestBody 6291456 Header set X-File-Maximum-Size 4M </LocationMatch> ## # Performance optimizations # Compression enabled automatically by filter_module DocumentRoot /var/www/peertube RequestReadTimeout body=30 header=10 Options +FollowSymLinks -SymLinksIfOwnerMatch Alias /client %{DOCUMENT_ROOT}/peertube-latest/client/dist # http/2 tuning H2Push on H2PushPriority * after H2PushPriority txt/css before H2PushPriority image/jpeg after 32 H2PushPriority image/png after 32 H2PushPriority application/javascript interleaved # Bypass PeerTube for performance reasons. Optional. # Should be consistent with client-overrides assets list in /server/controllers/client.ts <LocationMatch "^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$"> Header set Cache-Control "public, max-age=31536000, immutable" RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/peertube-latest/client/dist/$1 [L] </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$"> Header set Cache-Control "public, max-age=31536000, immutable" </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/static/(web-videos|redundancy|streaming-playlists)/*$"> # Clients usually have 4 simultaneous connections, so the real limit is 3MB/s per client SetOutputFilter RATE_LIMIT # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections <If "%{REQUEST_URI} =~ /^(.*)-fragmented.mp4$/"> SetEnv rate-limit 5120 SetEnv rate-limit-burst 6144 </If> <Else> SetEnv rate-limit 832 SetEnv rate-limit-burst 1024 </Else> <If "%{REQUEST_METHOD} == 'OPTIONS'"> Header set Access-Control-Allow-Credentials "true" Header set Access-Control-Allow-Headers "Retry-After" Header set Access-Control-Allow-Methods "GET, OPTIONS" Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" # Preflight request can be cached 20 days Header set Access-Control-Max-Age 1728000 Header set Content-Type "text/plain charset=UTF-8" Header set Content-Length 0 RedirectMatch 204 ^(.*)$ </If> <If "%{REQUEST_METHOD} == 'GET'"> Header set Access-Control-Allow-Credentials "true" Header set Access-Control-Allow-Headers "Retry-After" Header set Access-Control-Allow-Methods "GET, OPTIONS" Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" # Don't spam access log file with byte range requests SetEnvIf %{REQUEST_URI} "^(.*)$" dontlog </If> # Enabling the sendfile directive eliminates the step of copying the data into the buffer # and enables direct copying data from one file descriptor to another. # To disable if the folder is on a network filesystem EnableSendfile off RewriteRule ^/static/web-videos/(.*)$ /web-videos/$1 [L] RewriteRule ^/static/(.*)$ /$1 [L] </LocationMatch> <LocationMatch "^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download"> SetEnv rate-limit 5120 SetEnv rate-limit-burst 6144 </LocationMatch> # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket\.io/)"> Header set Upgrade "websocket" Header set Connection "Upgrade" </LocationMatch> # Normal HTTP requests ProxyPass "/" "http://backend/" enabler </VirtualHost> ``` Pay attention that I'm often updating this config so please check time to time or subscribe and follow its activity to my gist here https://gist.github.com/ROBERT-MCDOWELL/0ed82ec304fa76de9ff52cc4a5a49e4c -
Aug 24, 2023 . 1 changed file with 0 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -240,10 +240,6 @@ ProxyVia off SetEnv rate-limit-burst 6144 </LocationMatch> # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket\.io/)"> Header set Upgrade "websocket" -
Aug 16, 2023 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,6 @@ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(51 SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) # Please check your Apache installation features the following modules via 'apachectl -M': # STANDARD HTTP MODULES: core_module, proxy_module, proxy_http2_module, proxy_wstunnel_module, proxy_http_module, headers_module, remoteip_module, ssl_module, filter_module, reqtimeout_module # THIRD PARTY MODULES: None. -
Aug 16, 2023 . 1 changed file with 1 addition and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -244,9 +244,7 @@ ProxyVia off <Location "/videos/embed"> Header unset X-Frame-Options </Location> # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket\.io/)"> Header set Upgrade "websocket" -
Aug 16, 2023 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ # PeerTube Apache configuration version 23.8.15 # For Apache version 2.4.47+ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 -
Aug 16, 2023 . 1 changed file with 0 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -252,10 +252,6 @@ ProxyVia off Header set Connection "Upgrade" </LocationMatch> # Normal HTTP requests ProxyPass "/" "http://backend/" flushpackets=on keepalive=on enablereuse=on upgrade=websocket -
Aug 16, 2023 . 1 changed file with 4 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -247,17 +247,16 @@ ProxyVia off # Websocket # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket\.io/)"> Header set Upgrade "websocket" Header set Connection "Upgrade" </LocationMatch> RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/(.*)$ ws://backend/$1 [P,L] # Normal HTTP requests ProxyPass "/" "http://backend/" flushpackets=on keepalive=on enablereuse=on upgrade=websocket </VirtualHost> -
Aug 4, 2023 . 1 changed file with 2 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # PeerTube Apache configuration version 23.8.3 SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 @@ -14,10 +14,7 @@ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(51 SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyRequests off ProxyVia off <VirtualHost *:80 [::]:80> -
Aug 4, 2023 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # PeerTube Apache configuration version 23.8.2 SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 @@ -102,8 +102,8 @@ SetEnv proxy-initial-not-pooled 1 KeepAliveTimeout 10 ProxyTimeout 900 ProxyIOBufferSize 1024 ProxyIOBufferSize 1024 ProxyReceiveBufferSize 8192 <Location "/api/v1/videos/upload-resumable"> LimitRequestBody 0 @@ -160,9 +160,9 @@ SetEnv proxy-initial-not-pooled 1 </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$"> Header set Cache-Control "public, max-age=31536000, immutable" </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/static/(thumbnails|avatars)/"> -
Aug 4, 2023 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,5 @@ # PeerTube Apache configuration version 23.8.37 SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) -
Aug 4, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -111,7 +111,7 @@ SetEnv proxy-initial-not-pooled 1 Require all granted <LimitExcept POST HEAD> Require all denied </LimitExcept> # This is the maximum upload size, which roughly matches the maximum size of a video file. # Note that temporary space is needed equal to the total size of all concurrent uploads. -
Aug 4, 2023 . 1 changed file with 3 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -108,11 +108,10 @@ SetEnv proxy-initial-not-pooled 1 </Location> <LocationMatch "^/api/v1/videos/(upload|([^/]+/studio/edit))$"> Require all granted <LimitExcept POST HEAD> Require all denied </LimitExcept # This is the maximum upload size, which roughly matches the maximum size of a video file. # Note that temporary space is needed equal to the total size of all concurrent uploads. -
Aug 4, 2023 . 1 changed file with 13 additions and 22 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,7 +45,9 @@ SetEnv proxy-initial-not-pooled 1 </VirtualHost> <VirtualHost *:443 [::]:443> Protocols h2 h2c http/1.1 TLSv1.2 TLSv1.3 http/1.0 ProtocolsHonorOrder Off ServerName example.com ServerAlias peertube.example.com @@ -244,31 +246,20 @@ SetEnv proxy-initial-not-pooled 1 Header unset X-Frame-Options </Location> # Websocket # Set Upgrade and Connection headers for WebSocket requests <LocationMatch "^/(plugins/[^/]+(/[^/]+)?/ws/|socket.io/)"> RequestHeader set Upgrade "websocket" RequestHeader set Connection "Upgrade" </LocationMatch> RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/(.*)$ ws://backend/$1 [P,L] # Normal HTTP requests ProxyPass "/" "http://backend/" flushpackets=on ProxyPassReverse "/" "http://backend/" flushpackets=on </VirtualHost> -
Jul 27, 2023 . 1 changed file with 45 additions and 57 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,17 +49,15 @@ SetEnv proxy-initial-not-pooled 1 ServerName example.com ServerAlias peertube.example.com SetEnv increaseTimeout false RewriteEngine on RewriteOptions inherit CustomLog "/usr/local/apache/logs/peertube.access.log" common "env=!dontlog" ErrorLog "/usr/local/apache/logs/example.com.error.log" ## # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ @@ -87,17 +85,21 @@ SetEnv proxy-initial-not-pooled 1 Header set X-Robots-Tag none Header set X-XSS-Protection "1; mode=block" RequestHeader set Host expr=%{HTTP_HOST} RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR} RequestHeader set X-Real-IP expr=%{REMOTE_ADDR} ## # Application ## LimitRequestBody 102400 ProxyReceiveBufferSize 0 KeepAliveTimeout 10 ProxyTimeout 900 ProxyIOBufferSize 1024 ProxyIOBufferSize 1024 ProxyReceiveBufferSize 8192 <Location "/api/v1/videos/upload-resumable"> LimitRequestBody 0 @@ -117,13 +119,13 @@ SetEnv proxy-initial-not-pooled 1 # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody) Header set X-File-Maximum-Size 8G </LocationMatch> <LocationMatch "^/api/v1/runners/jobs/[^/]+/(update|success)$"> LimitRequestBody 12884901888; Header set X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size) </LocationMatch> <LocationMatch "^/api/v1/(videos/*/views|video-playlists|video-channels|users/me|metrics)*$"> LimitRequestBody 6291456 # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody) Header set X-File-Maximum-Size 4M @@ -148,20 +150,17 @@ SetEnv proxy-initial-not-pooled 1 # Bypass PeerTube for performance reasons. Optional. # Should be consistent with client-overrides assets list in /server/controllers/client.ts <LocationMatch "^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$"> # Cache 1 year Header set Cache-Control "public, max-age=31536000, immutable" RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/peertube-latest/client/dist/$1 [L] </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$"> Header set Cache-Control "public, max-age=31536000, immutable" </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/static/(thumbnails|avatars)/"> Header set Access-Control-Allow-Origin "*" @@ -190,7 +189,7 @@ SetEnv proxy-initial-not-pooled 1 SetOutputFilter RATE_LIMIT # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections <If "%{REQUEST_URI} =~ /^(.*)-fragmented.mp4$/"> SetEnv rate-limit 5120 SetEnv rate-limit-burst 6144 </If> @@ -236,51 +235,40 @@ SetEnv proxy-initial-not-pooled 1 RewriteRule ^/static/(.*)$ /$1 [L] </LocationMatch> <LocationMatch "^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download"> SetEnv rate-limit 5120 SetEnv rate-limit-burst 6144 </LocationMatch> <Location "/videos/embed"> Header unset X-Frame-Options </Location> <LocationMatch "^/tracker/socket(.*?)$"> Define isWebSocket true </LocationMatch> <IfDefine "${isWebSocket}"> RequestReadTimeout "handshake=5 header=900,MinRate=0 body=900,MinRate=0" </IfDefine> # Websocket <LocationMatch "^/(socket.io/|tracker/socket|plugins/[^/]+(/[^/]+)?/ws/)(.*?)$"> RequestHeader set Upgrade "websocket" RequestHeader set Connection "Upgrade" </LocationMatch> # /socket.io ProxyPassMatch ^/socket.io(.*?)$ ws://backend/socket.io$1 # /tracker/socket ProxyPassMatch /tracker/socket(.*?)$ ws://backend/tracker/socket$1 # /plugins/.../ws/ ProxyPassMatch ^/plugins/[^/]+(/[^/]+)?/ws/(.*?)$ ws://backend/$3 # Normal HTTP requests ProxyPass "/" "http://backend/" </VirtualHost> -
Jul 19, 2023 . 1 changed file with 35 additions and 42 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,3 @@ SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) @@ -253,41 +247,40 @@ SetEnv proxy-initial-not-pooled 1 # Websocket <LocationMatch "^/socket.io/"> ProxyPass ws://backend/ flushpackets=on ProxyPassReverse ws://backend/ </LocationMatch> <IfDefine "${increaseTimeout}"> RequestReadTimeout "handshake=5 header=900,MinRate=0 body=900,MinRate=0" </IfDefine> <LocationMatch "^/tracker/socket"> Define increaseTimeout true ProxyPass ws://backend/ flushpackets=on ProxyPassReverse ws://backend/ SetEnv proxy-sendchunked SetEnv proxy-sendcl RequestHeader set Upgrade "websocket" env=proxy-sendcl RequestHeader set Connection "upgrade" env=proxy-sendcl RequestHeader set X-Real-IP %{REMOTE_ADDR}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s </LocationMatch> <LocationMatch "^/plugins/[^/]+(/[^/]+)?/ws/"> ProxyPass http://backend/ flushpackets=on keepalive=on enablereuse=on ProxyPassReverse http://backend/ SetEnv proxy-sendchunked SetEnv proxy-sendcl RequestHeader set Upgrade "websocket" env=proxy-sendcl RequestHeader set Connection "upgrade" env=proxy-sendcl RequestHeader set X-Real-IP %{REMOTE_ADDR}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s </LocationMatch> <Location "/"> ProxyPass http://backend/ flushpackets=on keepalive=on enablereuse=on ProxyPassReverse http://backend/ </Location> </VirtualHost> -
Jul 19, 2023 . 1 changed file with 4 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -100,7 +100,10 @@ SetEnv proxy-initial-not-pooled 1 LimitRequestBody 102400 ProxyReceiveBufferSize 0 KeepAliveTimeout 10 ProxyTimeout 900 ProxyIOBufferSize 1024 ProxyIOBufferSize 1024 ProxyReceiveBufferSize 8192 <Location "/api/v1/videos/upload-resumable"> LimitRequestBody 0 @@ -249,10 +252,6 @@ SetEnv proxy-initial-not-pooled 1 </Location> # Websocket <Location "/socket.io"> ProxyPass "ws://backend/" flushpackets=on -
Jul 19, 2023 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -138,6 +138,8 @@ SetEnv proxy-initial-not-pooled 1 DocumentRoot /var/www/peertube RequestReadTimeout body=30 header=10 Options +FollowSymLinks -SymLinksIfOwnerMatch Alias /client %{DOCUMENT_ROOT}/peertube-latest/client/dist # http/2 tuning H2Push on -
Jul 19, 2023 . 1 changed file with 36 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -247,14 +247,42 @@ SetEnv proxy-initial-not-pooled 1 </Location> # Websocket ProxyTimeout 900 ProxyIOBufferSize 1024 ProxyIOBufferSize 1024 ProxyReceiveBufferSize 8192 <Location "/socket.io"> ProxyPass "ws://backend/" flushpackets=on ProxyPassReverse "ws://backend/" </Location> <Location "/tracker/socket"> ProxyPass "ws://backend/" flushpackets=on ProxyPassReverse "ws://backend/" SetEnv proxy-sendchunked SetEnv proxy-sendcl ProxyReceiveBufferSize 8192 RequestHeader set Upgrade "websocket" env=proxy-sendcl RequestHeader set Connection "upgrade" env=proxy-sendcl RequestHeader set X-Real-IP %{REMOTE_ADDR}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s </Location> <LocationMatch "^/plugins/[^/]+(/[^/]+)?/ws/"> ProxyPass "http://backend/" ProxyPassReverse "http://backend/" SetEnv proxy-sendchunked SetEnv proxy-sendcl ProxyReceiveBufferSize 8192 RequestHeader set Upgrade "websocket" env=proxy-sendcl RequestHeader set Connection "upgrade" env=proxy-sendcl RequestHeader set X-Real-IP %{REMOTE_ADDR}s RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s </LocationMatch> ProxyPass / http://backend/ flushpackets=on keepalive=on enablereuse=on ProxyPassReverse / http://backend/ </VirtualHost> ``` -
Jul 19, 2023 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,6 +19,10 @@ SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) ProxyRequests off # Disable proxy buffer cache SetEnv proxy-nokeepalive 1 SetEnv proxy-initial-not-pooled 1 <VirtualHost *:80 [::]:80> Protocols h2c http/1.1 -
Jun 28, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -244,7 +244,7 @@ ProxyRequests off # Websocket RewriteCond %{REQUEST_URI} ^/plugins/[^/]+(/[^/]+)?/ws/*$ [OR] RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule ^(.*)$ ws://[::1]:9000$1 [P,L] ProxyPass /tracker/socket http://[::1]:9000/tracker/socket keepalive=on enablereuse=on timeout=900 -
Jun 28, 2023 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -244,8 +244,8 @@ ProxyRequests off # Websocket RewriteCond %{REQUEST_URI} ^/plugins/[^/]+(/[^/]+)?/ws/*$ [OR] RewriteCond %{HTTP:Upgrade} =websocket RewriteRule ^(.*)$ ws://[::1]:9000$1 [P,L] ProxyPass /tracker/socket http://[::1]:9000/tracker/socket keepalive=on enablereuse=on timeout=900 ProxyPassReverse /tracker/socket http://[::1]:9000/tracker/socket -
Jun 25, 2023 . 1 changed file with 52 additions and 35 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,9 @@ Here is the full apache config which is the closest of the nginx peertube default (updated for peertube v5.1.x and v5.2.x --- ```xml SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)" SSLSessionCacheTimeout 87400 SSLStaplingCache shmcb:logs/stapling-cache(150000) @@ -78,10 +84,10 @@ ProxyRequests off SSLSessionTickets off SSLUseStapling on Header set Strict-Transport-Security "max-age=8740000; includeSubDomains; preload" Header set X-Content-Type-Options nosniff Header set X-Robots-Tag none Header set X-XSS-Protection "1; mode=block" ## # Application @@ -108,13 +114,18 @@ ProxyRequests off # You may want to put this directory on a dedicated filesystem. LimitRequestBody 12884901888 # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody) Header set X-File-Maximum-Size 8G </LocationMatch> <LocationMatch "^/api/v1/runners/jobs/[^/]+/(update|success)$"> LimitRequestBody 12884901888 Header set X-File-Maximum-Size 8G </LocationMatch> <LocationMatch "^/api/v1/(videos/*/views|video-playlists|video-channels|metrics)*$"> LimitRequestBody 6291456 # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody) Header set X-File-Maximum-Size 4M </LocationMatch> ## @@ -136,36 +147,36 @@ ProxyRequests off # Should be consistent with client-overrides assets list in /server/controllers/client.ts <LocationMatch "^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$"> # Cache 1 year Header set Cache-Control "public, max-age=31536000, immutable" RewriteCond %{DOCUMENT_ROOT}/storage/client-overrides/$1 -f RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/storage/client-overrides/$1 [L] </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$"> # Cache 1 year Header set Cache-Control "public, max-age=31536000, immutable" RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/peertube-latest/client/dist/$1 [L] </LocationMatch> # Bypass PeerTube for performance reasons. Optional. <LocationMatch "^/static/(thumbnails|avatars)/"> Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Credentials "true" Header set Access-Control-Allow-Headers "Retry-After" Header set Access-Control-Allow-Methods "GET, OPTIONS" Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" <If "%{REQUEST_METHOD} == 'OPTIONS'"> # Preflight request can be cached 20 days Header set Access-Control-Max-Age 1728000 Header set Content-Type "text/plain charset=UTF-8" Header set Content-Length 0 RedirectMatch 204 ^(.*)$ </If> # Cache response 2 hours Header set Cache-Control "public, max-age=7200" RewriteRule ^/static/(.*)$ /$1 [L] </LocationMatch> @@ -176,7 +187,7 @@ ProxyRequests off SetOutputFilter RATE_LIMIT # Increase rate limit in HLS mode, because we don't have multiple simultaneous connections <If "%{REQUEST_URI} =~ /^(.*)-fragmented.mp4$/"> SetEnv rate-limit 5120 SetEnv rate-limit-burst 6144 </If> @@ -186,24 +197,24 @@ ProxyRequests off </Else> <If "%{REQUEST_METHOD} == 'OPTIONS'"> Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Credentials "true" Header set Access-Control-Allow-Headers "Retry-After" Header set Access-Control-Allow-Methods "GET, OPTIONS" Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" # Preflight request can be cached 20 days Header set Access-Control-Max-Age 1728000 Header set Content-Type "text/plain charset=UTF-8" Header set Content-Length 0 RedirectMatch 204 ^(.*)$ </If> <If "%{REQUEST_METHOD} == 'GET'"> Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Credentials "true" Header set Access-Control-Allow-Headers "Retry-After" Header set Access-Control-Allow-Methods "GET, OPTIONS" Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" # Don't spam access log file with byte range requests SetEnvIf %{REQUEST_URI} "^(.*)$" dontlog @@ -215,7 +226,7 @@ ProxyRequests off EnableSendfile on <If "%{REQUEST_URI} =~ /^\x2Fstatic\x2Fwebseed\x2F(.*)$/"> Header set Cache-control "no-cache, no-store" </If> RewriteRule ^/static/webseed/(.*)$ /videos/$1 [L] @@ -230,7 +241,7 @@ ProxyRequests off <Location "/videos/embed"> Header unset X-Frame-Options </Location> # Websocket RewriteCond %{REQUEST_URI} ^/plugins/[^/]+(/[^/]+)?/ws/*$ [OR] RewriteCond %{HTTP:Upgrade} =websocket [NC] @@ -240,4 +251,10 @@ ProxyRequests off ProxyPassReverse /tracker/socket http://[::1]:9000/tracker/socket ProxyPass / http://[::1]:9000/ flushpackets=on keepalive=on enablereuse=on ProxyPassReverse / http://[::1]:9000/ </VirtualHost> ``` this config is compatible with the last version of PeerTube Pay attention that I'm oftenly updating this config so please check time to time or check my fork here https://gist.github.com/ROBERT-MCDOWELL/0ed82ec304fa76de9ff52cc4a5a49e4c -
Apr 20, 2023 . 1 changed file with 4 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -90,7 +90,7 @@ ProxyRequests off LimitRequestBody 102400 ProxyReceiveBufferSize 0 KeepAliveTimeout 10 ProxyTimeout 60 <Location "/api/v1/videos/upload-resumable"> LimitRequestBody 0 @@ -230,20 +230,14 @@ ProxyRequests off <Location "/videos/embed"> Header unset X-Frame-Options </Location> # Websocket RewriteCond %{REQUEST_URI} ^/plugins/[^/]+(/[^/]+)?/ws/*$ [OR] RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule ^(.*)$ ws://[::1]:9000$1 [L] ProxyPass /tracker/socket http://[::1]:9000/tracker/socket keepalive=on enablereuse=on timeout=900 ProxyPassReverse /tracker/socket http://[::1]:9000/tracker/socket ProxyPass / http://[::1]:9000/ flushpackets=on keepalive=on enablereuse=on ProxyPassReverse / http://[::1]:9000/ </VirtualHost>
NewerOlder