peertube improvement

60421bad · Boxiang Sun · 41deb87a · 60421bad · 60421bad · 60421bad
Commit 60421bad authored Oct 28, 2022 by Boxiang Sun
3 changed files
--- a/software/peertube/instance.cfg.in
+++ b/software/peertube/instance.cfg.in
@@ -161,3 +161,5 @@ return = domain secure_access
 [publish-connection-parameter]
 recipe = slapos.cookbook:publish
 frontend-url = $${frontend:connection-secure_access}
+frontend-hostname = $${frontend:connection-domain}
+frontend-port = 9000
--- a/software/peertube/template-nginx.cfg.in
+++ b/software/peertube/template-nginx.cfg.in
@@ -51,7 +51,7 @@ http {
  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 upstream backend {
-  server $${instance-parameter:ipv4-random}:9000;
+  server $${instance-parameter:ipv4-random}:$${publish-connection-parameter:frontend-port};
 }
 server {
@@ -75,16 +75,16 @@ server {
  # based on Mozilla Guideline v5.6
  ##
-  # ssl_protocols             TLSv1.2 TLSv1.3;
+  ssl_protocols             TLSv1.2 TLSv1.3;
-  # ssl_prefer_server_ciphers on;
+  ssl_prefer_server_ciphers on;
-  # ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
+  ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
-  # ssl_session_timeout       1d; # defaults to 5m
+  ssl_session_timeout       1d; # defaults to 5m
-  # ssl_session_cache         shared:SSL:10m; # estimated to 40k sessions
+  ssl_session_cache         shared:SSL:10m; # estimated to 40k sessions
-  # ssl_session_tickets       off;
+  ssl_session_tickets       off;
-  # ssl_stapling              on;
+  ssl_stapling              on;
-  # ssl_stapling_verify       on;
+  ssl_stapling_verify       on;
  # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
-  #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
  ##
  # Application

--- a/software/peertube/template-peertube.yaml.in
+++ b/software/peertube/template-peertube.yaml.in
 listen:
  hostname: '$${instance-parameter:ipv4-random}'
-  port: 9000
+  port: $${publish-connection-parameter:frontend-port}
 # Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
 webserver:
  https: true
-  hostname: '[$${nginx-configuration:ip}]'
+  hostname: '$${publish-connection-parameter:frontend-hostname}'
-  port: $${nginx-configuration:port}
+  port: 443
 # Secrets you need to generate the first time you run PeerTube
 secrets:
@@ -44,10 +44,10 @@ trust_proxy:
 # Your database name will be database.name OR 'peertube'+database.suffix
 database:
  hostname: '$${postgresql:ipv4}'
-  port: 5432
+  port: '$${postgresql:port}'
  ssl: false
  suffix: '_prod'
-  username: 'peertube'
+  username: '$${postgresql:superuser}'
  password: '$${postgresql:password}'
  pool:
    max: 5
@@ -191,22 +191,6 @@ log:
  # Accept warn/error logs coming from the client
  accept_client_log: true
-# Highly experimental support of Open Telemetry
-open_telemetry:
-  metrics:
-    enabled: false
-    # Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
-    prometheus_exporter:
-      port: 9091
-  tracing:
-    enabled: false
-    # Send traces to a Jaeger compatible endpoint
-    jaeger_exporter:
-      endpoint: ''
 trending:
  videos:
    interval_days: 7 # Compute trending videos for the last x days
@@ -302,7 +286,7 @@ plugins:
  # The website PeerTube will ask for available PeerTube plugins and themes
  # This is an unmoderated plugin index, so only install plugins/themes you trust
  index:
-    enabled: true
+    enabled: false
    check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
    url: 'https://packages.joinpeertube.org'
@@ -363,7 +347,7 @@ admin:
  email: 'admin@example.com'
 contact_form:
-  enabled: true
+  enabled: false
 signup:
  enabled: false