Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
a now OUTDATED httpd/Apache vhost to run PeerTube | note that only Nginx is supported by the PeerTube team, and with this or any other Apache configuration, you will likely get NO SUPPORT.
# requires WebSocket support with `a2enmod proxy_wstunnel`
# It's generally not a good idea to broadcast the version of Apache you run
ServerSignature Off
ServerTokens Prod
# Security configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.28&openssl=1.0.1e&hsts=yes&profile=modern
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
# Requires Apache >= 2.4
SSLCompression off
# To use stapling, we have to enable it globally
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# OCSP Stapling requires Apache >= 2.3.3
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLSessionTickets off # Requires Apache >= 2.4.11
<VirtualHost *:80 [::]:80>
ServerName peertube.example.com
ServerAdmin webmaster@example.com
Protocols h2c http/1.1
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Alias /.well-known/acme-challenge/ /var/www/certbot/
<Directory /var/www/certbot>
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
Require method GET POST OPTIONS
</Directory>
ErrorLog "/var/log/httpd/peertube.example.com.error.log"
CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>
<VirtualHost *:443 [::]:443>
ServerName peertube.example.com
ServerAdmin webmaster@example.com
Protocols h2 http/1.1
SSLEngine on
# For example with certbot (you need a certificate to run https)
SSLCertificateFile /etc/letsencrypt/live/peertube.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/peertube.example.com/privkey.pem
Header always set X-Content-Type-Options nosniff
Header always set X-Robots-Tag none
Header always set X-XSS-Protection "1; mode=block"
# Bypass PeerTube webseed route for better performances
Alias /static/webseed /var/www/peertube/storage/videos
<Location /static/webseed>
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 800
SetEnvIf Request_Method "GET" GETMETH=1
Header set Access-Control-Allow-Origin "*" env=GETMETH
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH
SetEnvIf GETMETH "1" dontlog
SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1
Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH
Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH
Header set Content-Length "0" env=OPTIONSMETH
</Location>
<Location /videos/embed>
Header unset X-Frame-Options
</Location>
ProxyPreserveHost On
ProxyTimeout 600
# Websocket tracker
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]
<Location />
ProxyPass http://127.0.0.1:9000/ timeout=600
</Location>
ErrorLog "/var/log/httpd/peertube.example.com.error.log"
CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>
@koehn

This comment has been minimized.

Copy link

@koehn koehn commented Mar 21, 2018

Thanks for this! I couldn't get the Websocket to work until I grabbed this code.

@WayOutt

This comment has been minimized.

Copy link

@WayOutt WayOutt commented May 6, 2018

Thanks!

@Pofilo

This comment has been minimized.

Copy link

@Pofilo Pofilo commented Jul 5, 2018

La ligne Header always set X-Frame-Options DENY empêche le fonctionnement des iframe.
Si vous voulez autoriser les iframe, il faut donc supprimer cette ligne.

@MonsieurPoutounours

This comment has been minimized.

Copy link

@MonsieurPoutounours MonsieurPoutounours commented Nov 4, 2018

Thanks for your file.
With this configuration, i got several error log lines like this : AH00082: an unknown filter was not added: RATE_LIMIT
Can this be avoided by adding directives ?

@tykayn

This comment has been minimized.

Copy link

@tykayn tykayn commented Dec 3, 2018

it nearly works, i have my certificates made with certbot but apache wont start because he cant find a file, but the file exists. i copy and paste the path and i get a symlink.

sudo apache2ctl configtest
AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/peertube.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem' does not exist or is empty
Action 'configtest' failed.

here, the file exists and is filled with certificates:

sudo ls -larth /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem
lrwxrwxrwx 1 root root 53 Dec  2 20:45 /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem -> ../../archive/peertube.cipherbliss.com/fullchain2.pem
@Vertux

This comment has been minimized.

Copy link

@Vertux Vertux commented Nov 22, 2019

 # Hard limit, PeerTube does not support videos > 4GB
  LimitRequestBody 4294967294

The used value is not supported by apache 2.4 reference but you do not get any error.

Die Direktive gibt die Anzahl der Bytes zwischen 0 (unbegrenzt) und 2147483647 (2GB) an, die im Request-Body (Datenteil der Anfrage) erlaubt sind.

@yodahome

This comment has been minimized.

Copy link

@yodahome yodahome commented Apr 25, 2020

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

@strugee

This comment has been minimized.

Copy link

@strugee strugee commented Jul 23, 2020

Unless I am missing something, this configuration is very dangerous due to the inclusion of the ProxyRequests on. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyrequests - this directive is not required to make ProxyPass work, and instead turns your Apache server into a forward proxy. This means that it can be used as an open proxy which can be used to connect to any host your Apache server can talk to, including other internal services running on localhost (possibly including non-HTTP services) - not just your PeerTube server running on localhost. Running an open proxy like this is a fantastic way to get on lists of problematic/infected/etc. IP addresses like, for example, Spamhaus XBL. Please remove this directive.

Also, while I'm at it, preload probably shouldn't be in the HSTS directive since people tend to not understand what that does. Instead there should be a comment telling folks to follow the instructions on hstspreload.org (see https://hstspreload.org/#opt-in for where this advice/request comes from).

(Again, please tell me if I'm missing something - I'd love to be corrected 😅)

@sc0p91

This comment has been minimized.

Copy link

@sc0p91 sc0p91 commented Sep 2, 2020

Thanks for your file.
With this configuration, i got several error log lines like this : AH00082: an unknown filter was not added: RATE_LIMIT
Can this be avoided by adding directives ?

maybe somebody still searches this:
you either add:
LoadModule ratelimit_module modules/mod_ratelimit.so
or delete:

                SetOutputFilter RATE_LIMIT
                SetEnv rate-limit 800
@rigelk

This comment has been minimized.

Copy link
Owner Author

@rigelk rigelk commented Nov 24, 2020

@strugee thanks for the notification! I corrected it.

@strugee

This comment has been minimized.

Copy link

@strugee strugee commented Nov 24, 2020

@rigelk thank you! 🎉

@rigelk

This comment has been minimized.

Copy link
Owner Author

@rigelk rigelk commented Nov 24, 2020

please note that isn't enough to make the configuration on par with the file serving optimizations of the project's Nginx configuration. I'm open to contributions for that 🙂

@M-Stenzel

This comment has been minimized.

Copy link

@M-Stenzel M-Stenzel commented Jan 18, 2021

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Hi,
I am facing this very much the same problem. Were you able to resolve the issue in the meantime?
Martin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment