April 12, 2021

PeerTube v3 Docker Installation

Decentralized Video Hosting

PeerTube v3 Docker Installation

0. Background

Previously, I posted an installation guide of PeerTube by manual deployment.

PeerTube V3 Installation
1. IntroPeerTube is a free and open-source, decentralized, federated video platformpowered by ActivityPub and WebTorrent, that uses peer-to-peer technology toreduce load on individual servers when viewing videos.Official Website: https://joinpeertube.org/ 2. BackgroundPeerTube deployment with …

Less flexibility, but easier, you can deploy PeerTube via Docker.
Note: Suppose you have multiple services on port 443.

1. Pre-requisite

Install Docker

curl -sSL https://get.docker.com/ | sh
systemctl enable docker

Install Docker Compose (check latest version yourself)

curl -L https://github.com/docker/compose/releases/download/1.29.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

2. Install PeerTube

Go to your workdir

cd /your/peertube/directory

Get the latest Compose file

curl https://raw.githubusercontent.com/chocobozzz/PeerTube/develop/support/docker/production/docker-compose.yml > docker-compose.yml

Get the latest .env file

curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/develop/support/docker/production/.env > .env

Edit docker-compose.yml

nano docker-compose.yml
  • Comment out the “webserver”, “certbot”, “postfix” block
  • Comment out peertube - depends_on - postfix
  • Comment out volumes - certbot-www

Set peertube - ports

    ports:
     - "1935:1935"
     - "127.0.0.1:3001:9000"

The docker-compose.yml will be like:

version: "3.8"

services:

  peertube:
    image: chocobozzz/peertube:production-buster
    networks:
      default:
        ipv4_address: 172.18.0.42
    env_file:
      - .env

    ports:
     - "1935:1935"
     - "127.0.0.1:3001:9000"
    volumes:
      - assets:/app/client/dist
      - ./docker-volume/data:/data
      - ./docker-volume/config:/config
    depends_on:
      - postgres
      - redis
    restart: "always"

  postgres:
    image: postgres:13-alpine
    env_file:
      - .env
    volumes:
      - ./docker-volume/db:/var/lib/postgresql/data
    restart: "always"

  redis:
    image: redis:6-alpine
    volumes:
      - ./docker-volume/redis:/data
    restart: "always"

networks:
  default:
    ipam:
      driver: default
      config:
      - subnet: 172.18.0.0/16

volumes:
  assets:

Edit .env file

nano .env
POSTGRES_USER=<example_username>
POSTGRES_PASSWORD=<example_password>
POSTGRES_DB=peertube
PEERTUBE_DB_USERNAME=<example_username>
PEERTUBE_DB_PASSWORD=<example_password>
PEERTUBE_DB_HOSTNAME=postgres

PEERTUBE_WEBSERVER_HOSTNAME=video.example.com
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]

[email protected]
PEERTUBE_SMTP_PASSWORD=example_password
PEERTUBE_SMTP_HOSTNAME=smtp.example.com
PEERTUBE_SMTP_PORT=587
[email protected]
PEERTUBE_SMTP_TLS=false
PEERTUBE_SMTP_DISABLE_STARTTLS=false
[email protected]

Run docker-compose

docker-compose up -d

3. Config Nginx

Suppose PeerTube is your first service on port 443, and Ghost is your second service on port 443.

nano /etc/nginx/nginx.conf

Add the following configuration outside the “http block”

stream {
        map $ssl_preread_server_name $example_multi {
                video.example.com peertube;
                ghost.example.com ghost;
        }
        upstream video {
                server 127.0.0.1:20001;
        }
        upstream ghost {
                server 127.0.0.1:20002;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $example_multi;
                ssl_preread     on;
        }
}

Config http to https

nano /etc/nginx/conf.d/http2https.conf
server {
        listen 80;
        server_name video.example.com;
        if ($host = video.example.com) {
                return 301 https://$host$request_uri;
        }
        server_name ghost.example.com;
        if ($host = ghost.example.com) {
                return 301 https://$host$request_uri;
        }
        return 404;
}

Config webserver

server {
  listen 127.0.0.1:20001 ssl http2;

  ssl_certificate       /your/ssl/path/fullchain.pem;
  ssl_certificate_key   /your/ssl/path/privkey.pem;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;
  ssl_session_tickets off;

  client_max_body_size 10G;

  ssl_protocols         TLSv1.2 TLSv1.3;
  ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

  ssl_prefer_server_ciphers off;

  server_name           video.example.com;
    add_header Content-Security-Policy upgrade-insecure-requests;
  location / {
    proxy_redirect off;
    proxy_pass http://127.0.0.1:3001; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_next_upstream off;
  }
}

Conf file of your second service will not be specified here.
Check Nginx syntax

nginx -t

Restart Nginx

systemctl restart nginx

5. Post Installation

The initial password of root user is stored in the log file.

.../peertube/docker-volume/data/logs/peertube.log

For upgrade, pull the latest images:

cd /your/peertube/directory
docker-compose pull

Stop, delete the containers and internal volumes

docker-compose down -v

Rerun PeerTube

docker-compose up -d