Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
a now OUTDATED httpd/Apache vhost to run PeerTube | note that only Nginx is supported by the PeerTube team, and with this or any other Apache configuration, you will likely get NO SUPPORT.
# requires WebSocket support with `a2enmod proxy_wstunnel`
# check https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.6 for hardening security
<VirtualHost *:80 [::]:80>
ServerName peertube.example.com
ServerAdmin webmaster@example.com
Protocols h2c http/1.1
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Alias /.well-known/acme-challenge/ /var/www/certbot/
<Directory /var/www/certbot>
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
Require method GET POST OPTIONS
</Directory>
ErrorLog "/var/log/httpd/peertube.example.com.error.log"
CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>
<VirtualHost *:443 [::]:443>
ServerName peertube.example.com
ServerAdmin webmaster@example.com
Protocols h2 http/1.1
SSLEngine on
# For example with certbot (you need a certificate to run https)
SSLCertificateFile /etc/letsencrypt/live/peertube.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/peertube.example.com/privkey.pem
Header always set X-Content-Type-Options nosniff
Header always set X-Robots-Tag none
Header always set X-XSS-Protection "1; mode=block"
# Bypass PeerTube webseed route for better performances
Alias /static/webseed /var/www/peertube/storage/videos
<Location /static/webseed>
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 800
SetEnvIf Request_Method "GET" GETMETH=1
Header set Access-Control-Allow-Origin "*" env=GETMETH
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH
SetEnvIf GETMETH "1" dontlog
SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1
Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH
Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH
Header set Content-Length "0" env=OPTIONSMETH
</Location>
<Location /videos/embed>
Header unset X-Frame-Options
</Location>
ProxyPreserveHost On
ProxyTimeout 600
# Websocket tracker
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
<Location />
ProxyPass http://127.0.0.1:9000/ timeout=600
</Location>
ErrorLog "/var/log/httpd/peertube.example.com.error.log"
CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>
@tykayn
Copy link

tykayn commented Dec 3, 2018

it nearly works, i have my certificates made with certbot but apache wont start because he cant find a file, but the file exists. i copy and paste the path and i get a symlink.

sudo apache2ctl configtest
AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/peertube.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem' does not exist or is empty
Action 'configtest' failed.

here, the file exists and is filled with certificates:

sudo ls -larth /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem
lrwxrwxrwx 1 root root 53 Dec  2 20:45 /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem -> ../../archive/peertube.cipherbliss.com/fullchain2.pem

@Vertux
Copy link

Vertux commented Nov 22, 2019

 # Hard limit, PeerTube does not support videos > 4GB
  LimitRequestBody 4294967294

The used value is not supported by apache 2.4 reference but you do not get any error.

Die Direktive gibt die Anzahl der Bytes zwischen 0 (unbegrenzt) und 2147483647 (2GB) an, die im Request-Body (Datenteil der Anfrage) erlaubt sind.

@yodahome
Copy link

yodahome commented Apr 25, 2020

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

@strugee
Copy link

strugee commented Jul 23, 2020

Unless I am missing something, this configuration is very dangerous due to the inclusion of the ProxyRequests on. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyrequests - this directive is not required to make ProxyPass work, and instead turns your Apache server into a forward proxy. This means that it can be used as an open proxy which can be used to connect to any host your Apache server can talk to, including other internal services running on localhost (possibly including non-HTTP services) - not just your PeerTube server running on localhost. Running an open proxy like this is a fantastic way to get on lists of problematic/infected/etc. IP addresses like, for example, Spamhaus XBL. Please remove this directive.

Also, while I'm at it, preload probably shouldn't be in the HSTS directive since people tend to not understand what that does. Instead there should be a comment telling folks to follow the instructions on hstspreload.org (see https://hstspreload.org/#opt-in for where this advice/request comes from).

(Again, please tell me if I'm missing something - I'd love to be corrected 😅)

@sc0p91
Copy link

sc0p91 commented Sep 2, 2020

Thanks for your file.
With this configuration, i got several error log lines like this : AH00082: an unknown filter was not added: RATE_LIMIT
Can this be avoided by adding directives ?

maybe somebody still searches this:
you either add:
LoadModule ratelimit_module modules/mod_ratelimit.so
or delete:

                SetOutputFilter RATE_LIMIT
                SetEnv rate-limit 800

@rigelk
Copy link
Author

rigelk commented Nov 24, 2020

@strugee thanks for the notification! I corrected it.

@strugee
Copy link

strugee commented Nov 24, 2020

@rigelk thank you! 🎉

@rigelk
Copy link
Author

rigelk commented Nov 24, 2020

please note that isn't enough to make the configuration on par with the file serving optimizations of the project's Nginx configuration. I'm open to contributions for that 🙂

@M-Stenzel
Copy link

M-Stenzel commented Jan 18, 2021

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Hi,
I am facing this very much the same problem. Were you able to resolve the issue in the meantime?
Martin.

@clement850
Copy link

clement850 commented Apr 14, 2021

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:
[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload
I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Hi,
I am facing this very much the same problem. Were you able to resolve the issue in the meantime?
Martin.

Hello, any news about this issue ? thanks.

@yodahome
Copy link

yodahome commented Apr 14, 2021

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:
[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload
I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Hi,
I am facing this very much the same problem. Were you able to resolve the issue in the meantime?
Martin.

Hello, any news about this issue ? thanks.

Hi!
No, not that I'm aware of. As has been pointed out this configuration is outdated and apparently peertube's devs do not and don't plan on supporting the Apache 2 web server with a configuration. I don't know enough about nginx to see in which way the necessary configuration could be replicated with apache and so my takeaway is that maybe it can't be replicated and as of now peertube doesn't fully work with apache.

@M-Stenzel
Copy link

M-Stenzel commented Apr 14, 2021

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Aug 1, 2021

this is very sad that apache is not supported since hundred of millions of web server runs apache, and btw being the major web server on internent. anyhow, i'm working on it to support it, if nginx can do it, apache too.

@Vertux
Copy link

Vertux commented Aug 1, 2021

this is very sad that apache is not supported since hundred of millions of web server runs apache, and btw being the major web server on internent. anyhow, i'm working on it to support it, if nginx can do it, apache too.

I absolutely agree with you, I desperately waiting for working Apache config so I can upgrade to v3.x

@yodahome
Copy link

yodahome commented Aug 1, 2021

this is very sad that apache is not supported since hundred of millions of web server runs apache, and btw being the major web server on internent. anyhow, i'm working on it to support it, if nginx can do it, apache too.

I absolutely agree with you, I desperately waiting for working Apache config so I can upgrade to v3.x

Well, there is no officially supported config for Apache 2, but I've got it working using this very basic config in my vhost, so it seems this is no longer an issue:

ProxyPreserveHost On
ProxyRequests On

#ProxyTimeout 600
# Websocket tracker

RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
<Location />
ProxyPass http://127.0.0.1:9000/
</Location>

I'm not using the docker installation of course.

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Aug 1, 2021

@yodahome
looks good, however I would like to make test on proxy balancer configuration if possible too.

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Aug 1, 2021

@rigelk
Do you have any good nginx config sample file with the optimizations you are talking about so I can find the equivalent on apache (if it exists of course)?

@Vertux
Copy link

Vertux commented Aug 3, 2021

Well, there is no officially supported config for Apache 2, but I've got it working using this very basic config in my vhost, so it seems this is no longer an issue:

ProxyPreserveHost On
ProxyRequests On

#ProxyTimeout 600
# Websocket tracker

RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
<Location />
ProxyPass http://127.0.0.1:9000/
</Location>

I'm not using the docker installation of course.

@yodahome
This sounds promising, have you checked if all peertube functions are executed without errors? I'm a little afraid that not all peertube features are properly supported, but this may not be immediately noticeable.
I don't use Docker either and would like to start a test with your config next weekend, it looks almost too simple to be true 😁
Thank you for sharing your config.

@rigelk
Copy link
Author

rigelk commented Aug 4, 2021

With that configuration, views will not be counted properly, nor will the API be protected against body size DoS attacks. Static files will be going through PeerTube before being handled by Apache, which means performance-wise, no gain is made from letting the PeerTube process do all the work. No Access-Control-Allow-Origin is set on some static assets, which means browsers on other domains running anything else than PeerTube (like, Pleroma displaying a PT account's avatar) will have errors.

@yodahome
Copy link

yodahome commented Aug 4, 2021

Well, there is no officially supported config for Apache 2, but I've got it working using this very basic config in my vhost, so it seems this is no longer an issue:

ProxyPreserveHost On
ProxyRequests On

#ProxyTimeout 600
# Websocket tracker

RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
<Location />
ProxyPass http://127.0.0.1:9000/
</Location>

I'm not using the docker installation of course.

@yodahome
This sounds promising, have you checked if all peertube functions are executed without errors? I'm a little afraid that not all peertube features are properly supported, but this may not be immediately noticeable.
I don't use Docker either and would like to start a test with your config next weekend, it looks almost too simple to be true 😁
Thank you for sharing your config.

Well, what I have tested is: Video upload via web interface, federating with a bunch of other instances, subscribing to remote channels, viewing remote video (on my instance that is), liking, commenting, installing themes & plugins, registration, most stuff on the administration end I'd say. I have not yet tested whether I'm federating my videos properly although I have no indication (errors or logs) to believe otherwise.

I'm not saying this is a polished configuration, but it's a place to start from and then possibly try adding some of the options mentioned in the initial post as long as they don't break anything. I haven't had the time to do that but I assume it's possible. It's most certainly not optimized, but again, it's working for myself so far and I might test with a few users too. I don't plan on hosting a huge crowd or thousands of videos. 😉

@yodahome
Copy link

yodahome commented Aug 5, 2021

With that configuration, views will not be counted properly, nor will the API be protected against body size DoS attacks. Static files will be going through PeerTube before being handled by Apache, which means performance-wise, no gain is made from letting the PeerTube process do all the work. No Access-Control-Allow-Origin is set on some static assets, which means browsers on other domains running anything else than PeerTube (like, Pleroma displaying a PT account's avatar) will have errors.

Hmm, so far the views on my local videos seem accurate, under which circumstances wouldn't they be? Do you mean federated views or views on remote videos?
And as mentioned above, in a next step I would try to add other options back in. I understand this is all primarily experimental at this point, but it's better than PT not working in Apache 2 at all.

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Aug 5, 2021

having read the peetube nginx conf there is nothing really special that apache cannot do. The trick is to find the best apache settings that reacts like nginx at least, and maybe better.

@rigelk
Copy link
Author

rigelk commented Aug 6, 2021

Hmm, so far the views on my local videos seem accurate, under which circumstances wouldn't they be? Do you mean federated views or views on remote videos?

Maybe you haven't run into the problem so far, but without passing the proper IP through, the peertube process will only see the loopback adress as emitting the view. If you are alone watching videos, or not watching the same videos in a short timespan, then you are fine. Federated views are not impacted.

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Aug 6, 2021

@rigelk
to get tie client ip intact

RemoteIPHeader X-Client-IP
RemoteIPHeader X-Forwarded-For

@WarpinWolf
Copy link

WarpinWolf commented Apr 30, 2022

Thanks for providing the config! Works!

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Jul 21, 2022

I would like to create a repo especially for peertube apache config respecting the default nginx peertube config.
who are intrested I start it please thumb up.

@M-Stenzel
Copy link

M-Stenzel commented Jul 21, 2022

I would like to create a repo especially for peertube apache config respecting the default nginx peertube config. who are intrested I start it please thumb up.

I, for myself, installed both apache & nginx on the machine, and this works very well, with the help of a port (443) multiplexer

https://github.com/yrutschle/sslh

Martin.

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Jul 21, 2022

@M-Stenzel
interesting, but I want to avoid another layer of software and offer an apache conf from peertube nginx default

@ROBERT-MCDOWELL
Copy link

ROBERT-MCDOWELL commented Jul 24, 2022

Here is the full apache config which is the closest of the nginx peertube default


SSLSessionCache                 "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)"
SSLSessionCacheTimeout          87400
SSLStaplingCache                shmcb:logs/stapling-cache(150000)

# Minimum Apache version required:  2.4.32 (released March 14th, 2018)
# Please check your Apache installation features the following modules via 'apachectl -M':
# STANDARD HTTP MODULES: core_module, proxy_module, proxy_http2_module, proxy_wstunnel_module, proxy_http_module, headers_module, remoteip_module, ssl_module, filter_module, reqtimeout_module
# THIRD PARTY MODULES:   None.
# check https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.6 for hardening security

SSLSessionCache                 "shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)"
SSLSessionCacheTimeout          87400
SSLStaplingCache                shmcb:logs/stapling-cache(150000)

<VirtualHost *:80 [::]:80>

	Protocols h2c http/1.1
	ServerName peertube.example.com
	ServerAdmin webmaster@example.com
	
	ErrorLog "/var/log/httpd/[peertube.example.com].error.log"
	CustomLog "/var/log/httpd/[peertube.example.com].access.log" common env=!dontlog

	RewriteEngine on
	RewriteOptions inherit
	
	RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
	RewriteCond %{HTTPS} off
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

	Alias /.well-known/acme-challenge/ /var/www/certbot/
	<Directory "/var/www/certbot">
		Options None
		AllowOverride None
		ForceType text/plain
		RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
		Require method GET POST OPTIONS
	</Directory>
	
</VirtualHost>

<VirtualHost *:443 [::]:443>
	Protocols h2 http/1.1

	ServerName example.com
	ServerAlias peertube.example.com

	RewriteEngine on
	RewriteOptions inherit

	CustomLog	"/usr/local/apache/logs/peertube.access.log" common "env=!dontlog"
	ErrorLog	"/usr/local/apache/logs/example.com.error.log"

	##
	# Certificates
	# you need a certificate to run in production. see https://letsencrypt.org/
	##
	
	SSLEngine	on
	SSLProxyEngine	on
	SSLCertificateFile /etc/letsencrypt/live/peertube.example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/peertube.example.com/privkey.pem
	
	##
	# Security hardening (as of Nov 15, 2020)
	# based on Mozilla Guideline v5.6
	##
	
	SSLProtocol             	all -SSLv3 -TLSv1 -TLSv1.1
	# SSLCipherSuite: add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
	SSLCipherSuite			ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder		on
	SSLSessionTickets		off
	SSLUseStapling			on

	Header always set       Strict-Transport-Security "max-age=8740000; includeSubDomains; preload"
	Header always set	X-Content-Type-Options nosniff
	Header always set	X-Robots-Tag none
	Header always set	X-XSS-Protection "1; mode=block"
	
	##
	# Application
	##

	LimitRequestBody		102400
	ProxyReceiveBufferSize		0
	KeepAliveTimeout		10
	ProxyTimeout			900
	
	<Location "/api/v1/videos/upload-resumable">
		LimitRequestBody	0
	</Location>

	<LocationMatch "^/api/v1/videos/(upload|([^/]+/studio/edit))$">
		Order allow,deny
		Allow from all
		<LimitExcept POST HEAD>
			Deny from all
		</LimitExcept>

		# This is the maximum upload size, which roughly matches the maximum size of a video file.
		# Note that temporary space is needed equal to the total size of all concurrent uploads.
		# You may want to put this directory on a dedicated filesystem.
		LimitRequestBody 12884901888
		# inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody)
		Header always set	X-File-Maximum-Size 8G
	</LocationMatch>

	<LocationMatch "^/api/v1/(videos|video-playlists|video-channels|users/me)">
		LimitRequestBody 6291456
		# inform backend of the set value in bytes before mime-encoding (x * 1.4 >= LimitRequestBody)
		Header always set	X-File-Maximum-Size 4M
	</LocationMatch>
	
	##
	# Performance optimizations
	# Compression enabled automatically by filter_module
	DocumentRoot /var/www/peertube
	RequestReadTimeout body=30 header=10
	Options +FollowSymLinks -SymLinksIfOwnerMatch

	# http/2 tuning
	H2Push		on
	H2PushPriority	*			after
	H2PushPriority	txt/css			before
	H2PushPriority	image/jpeg		after		32
	H2PushPriority	image/png		after		32
	H2PushPriority	application/javascript	interleaved

	# Bypass PeerTube for performance reasons. Optional.
	# Should be consistent with client-overrides assets list in /server/controllers/client.ts
	<LocationMatch "^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$">
		# Cache 1 year
		Header always set	Cache-Control "public, max-age=31536000, immutable"
		RewriteCond %{DOCUMENT_ROOT}/storage/client-overrides/$1 -f
		RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/storage/client-overrides/$1 [L]
	</LocationMatch>

	# Bypass PeerTube for performance reasons. Optional.
	<LocationMatch "^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$">
		# Cache 1 year
		Header always	set Cache-Control "public, max-age=31536000, immutable"
		RewriteRule ^/client/(.*)$ %{DOCUMENT_ROOT}/peertube-latest/client/dist/$1 [L]
	</LocationMatch>

	# Bypass PeerTube for performance reasons. Optional.
	<LocationMatch "^/static/(thumbnails|avatars)/">
		Header always set	Access-Control-Allow-Origin    "*"
                Header always set       Access-Control-Allow-Credentials "true"
                Header always set       Access-Control-Allow-Headers     "Retry-After"
		Header always set	Access-Control-Allow-Methods   "GET, OPTIONS"
		Header always set	Access-Control-Allow-Headers   "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"

		<If "%{REQUEST_METHOD} == 'OPTIONS'">
			# Preflight request can be cached 20 days
			Header always set	Access-Control-Max-Age       1728000
			Header always set	Content-Type                 "text/plain charset=UTF-8"
			Header always set	Content-Length               0
			RedirectMatch 204 ^(.*)$
		</If>

		# Cache response 2 hours
		Header always set	Cache-Control                  "public, max-age=7200"

		RewriteRule ^/static/(.*)$ /$1 [L]
	</LocationMatch>

	# Bypass PeerTube for performance reasons. Optional.
	<LocationMatch "^/static/(webseed|redundancy|streaming-playlists)/">
		# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
		SetOutputFilter RATE_LIMIT

		# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
		<If "%{REQUEST_URI} =~ /^((.*).mp4|[-0-9]+.ts)$/">
			SetEnv rate-limit       5120
			SetEnv rate-limit-burst 6144
		</If>
		<Else>
			SetEnv rate-limit       832
			SetEnv rate-limit-burst 1024
		</Else>

		<If "%{REQUEST_METHOD} == 'OPTIONS'">
			Header always set       Access-Control-Allow-Origin  "*"
                        Header always set       Access-Control-Allow-Credentials "true"
                        Header always set       Access-Control-Allow-Headers     "Retry-After"
			Header always set       Access-Control-Allow-Methods "GET, OPTIONS"
			Header always set       Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
			# Preflight request can be cached 20 days
			Header always set       Access-Control-Max-Age       1728000
			Header always set       Content-Type                 "text/plain charset=UTF-8"
			Header always set       Content-Length               0
			RedirectMatch 204 ^(.*)$
		</If>

		<If "%{REQUEST_METHOD} == 'GET'">
			Header always set       Access-Control-Allow-Origin  "*"
                        Header always set       Access-Control-Allow-Credentials "true"
                        Header always set       Access-Control-Allow-Headers     "Retry-After"
			Header always set       Access-Control-Allow-Methods "GET, OPTIONS"
			Header always set       Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"

			# Don't spam access log file with byte range requests
			SetEnvIf %{REQUEST_URI} "^(.*)$" dontlog
		</If>

		# Enabling the sendfile directive eliminates the step of copying the data into the buffer
		# and enables direct copying data from one file descriptor to another.
		# To disable if the folder is on a network filesystem like NFS or other.
		EnableSendfile on

		<If "%{REQUEST_URI} =~ /^\x2Fstatic\x2Fwebseed\x2F(.*)$/">
			Header always set       Cache-control   "no-cache, no-store"
		</If>

		RewriteRule ^/static/webseed/(.*)$ /videos/$1 [L]
		RewriteRule ^/static/(.*)$ /$1 [L]
	</LocationMatch>

	<Location "/videos/embed">
		Header unset X-Frame-Options
	</Location>

        <Location "/tracker/socket">
                Define increaseTimeout true
        </Location>

        <IfDefine "${increaseTimeout}">
                RequestReadTimeout handshake=5 header=900,MinRate=0 body=900,MinRate=0
        </IfDefine>

        # Websocket
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule ^(.*)$ ws://127.0.0.1:9000$1 [L]

	<Location "/">
		ProxyPas http://127.0.0.1:9000/ flushpackets=on keepalive=on enablereuse=on
		ProxyRequests off
	</Location>
</VirtualHost>

Pay attention that I'm oftenly updating this config so please check time to time

@Vertux
Copy link

Vertux commented Jul 24, 2022

@ROBERT-MCDOWELL

interesting, but I want to avoid another layer of software and offer an apache conf from peertube nginx default

I agree, I prefer to keep things as simple as possible as well.

Attached the full apache config which is the closest of the nginx peertube default

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment