February 5, 2021

PeerTube V3 Installation

PeerTube V3 Installation

1. Intro

PeerTube is a free and open-source, decentralized, federated video platform powered by ActivityPub and WebTorrent, that uses peer-to-peer technology to reduce load on individual servers when viewing videos.
Official Website: https://joinpeertube.org/

2. Background

PeerTube deployment with Docker is not that straightforward and convenient, so it is recommended to deploy it manually.
Environment: Ubuntu 20.04 LTS

3. Deployment

3.1 Dependencies

Install node.js and yarn

apt -y update
apt -y install build-essential gnupg curl unzip
curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt -y install nodejs
npm i -g yarn

Install nginx/ffmpeg/postgresql/redis

apt -y install sudo git python-dev nginx ffmpeg postgresql postgresql-contrib redis-server

Enable auto-start of nginx/postgresql/redis

systemctl enable --now nginx postgresql redis-server

3.2 Set directory and database

Create a new user named “peertube”. Note that the user's home directory path is recommended to keep the same as below:

useradd -m -d /var/www/peertube -s /bin/bash peertube

Important: If you would like to change the user's home directory, there will be multiple places in the subsequent configuration that need to be modified. If you don't know how to change these configurations, it is recommended to keep the same as below.

Modify the password of this user

passwd peertube

Create a postgresql user and database

sudo -u postgres createuser -P peertube
sudo -u postgres createdb -O peertube -E UTF8 -T template0 peertube_prod

Note: After the first command is executed, you will be prompted to enter the password twice. If you get a report of directory permission problem, just ignore it.

3.3 Install PeerTube

Switch to the “peertube” user

su - peertube

Create the required directories, download and decompress the source code of peertube (check latest version yourself)

mkdir config storage versions && cd versions
wget https://github.com/Chocobozzz/PeerTube/releases/download/v3.0.0/peertube-v3.0.0.zip
unzip peertube-v3.0.0.zip
ln -s /var/www/peertube/versions/peertube-v3.0.0 ../peertube-latest

Install PeerTube

cd ../peertube-latest
yarn install --production --pure-lockfile

3.4 Config PeerTube

Copy 2 configuration files

cp config/default.yaml /var/www/peertube/config/default.yaml
cp config/production.yaml.example /var/www/peertube/config/production.yaml

Edit production.yaml

nano /var/www/peertube/config/production.yaml

There are lots of configurations that can be set. I will only explain the configurations that MUST be set. Other configurations can be set on the web interface:

webserver:
  https: true
  hostname: 'peertube.example.com' # your domain
  port: 443

database:
  hostname: 'localhost'
  port: 5432
  ssl: false
  suffix: '_prod'
  username: 'peertube'
  password: 'password' # your postgresql password
  pool:
    max: 5

admin:
  email: 'yourname@youremail.ltd' # your email

Switch back to root user

su - root

Copy a configuration file for kernel tuning

cp /var/www/peertube/peertube-latest/support/sysctl.d/30-peertube-tcp.conf /etc/sysctl.d/

Apply the settings in the configuration file

sysctl -p /etc/sysctl.d/30-peertube-tcp.conf

3.5 Config Nginx

Copy a Nginx configuration file

cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/conf.d/peertube.conf

Edit peertube.conf

nano /etc/nginx/conf.d/peertube.conf

Since there is too much content in this configuration file, here I only point out the places to be set. First, the domain name here

server {
  listen 80;
  listen [::]:80;
  server_name peertube.example.com; # your domain

Then delete this configuration

...
  location /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/certbot;
  }

Then the upstream address and port here are changed to the following

upstream backend {
  server 127.0.0.1:9000;
}

Change the domain name here also:

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name peertube.example.com; # your domain

Finally delete this large section of configuration

...
  ssl_certificate     /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;


  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }

  ssl_protocols             TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
  ssl_session_timeout       1d; # defaults to 5m
  ssl_session_cache         shared:SSL:10m; # estimated to 40k sessions
  ssl_session_tickets       off;
  ssl_stapling              on;
  ssl_stapling_verify       on;

Test whether the configuration of nginx is OK

nginx -t

If everything goes well, use certbot to issue ssl certificate

certbot --nginx

3.6 Run PeerTube

Copy a systemd configuration file

cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/

Start and set peertube to start automatically

systemctl enable --now peertube

Check the running status to make sure it is Active

systemctl status peertube

Since PeerTube’s default administrator password is stored in the log, if you don’t want to read the log, you can directly reset it with the following command (admin user name is “root”)

su - peertube
cd peertube-latest && NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run reset-password -- -u root

4. More Info

PeerTube Documentation: https://docs.joinpeertube.org/