a now OUTDATED httpd/Apache vhost to run PeerTube | note that only Nginx is supported by the PeerTube team, and with this or any other Apache configuration, you will likely get NO SUPPORT.

peertube.conf

# requires WebSocket support with `a2enmod proxy_wstunnel`

# It's generally not a good idea to broadcast the version of Apache you run
ServerSignature Off
ServerTokens Prod

# Security configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.28&openssl=1.0.1e&hsts=yes&profile=modern
SSLCipherSuite                    EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol                       All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder               on
# Requires Apache >= 2.4
SSLCompression                    off
# To use stapling, we have to enable it globally
SSLStaplingCache                  "shmcb:logs/stapling-cache(150000)"
# OCSP Stapling requires Apache >= 2.3.3
SSLUseStapling                    on
SSLStaplingResponderTimeout       5
SSLStaplingReturnResponderErrors  off
SSLSessionTickets                 off # Requires Apache >= 2.4.11


<VirtualHost *:80 [::]:80>
        ServerName peertube.example.com
        ServerAdmin webmaster@example.com
        Protocols h2c http/1.1

        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

        Alias /.well-known/acme-challenge/ /var/www/certbot/
        <Directory /var/www/certbot>
                Options None
                AllowOverride None
                ForceType text/plain
                RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
                Require method GET POST OPTIONS
        </Directory>

        ErrorLog "/var/log/httpd/peertube.example.com.error.log"
        CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>

<VirtualHost *:443 [::]:443>
        ServerName peertube.example.com
        ServerAdmin webmaster@example.com
        Protocols h2 http/1.1

        SSLEngine on
        # For example with certbot (you need a certificate to run https)
        SSLCertificateFile /etc/letsencrypt/live/peertube.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/peertube.example.com/privkey.pem

        Header always set X-Content-Type-Options nosniff
        Header always set X-Robots-Tag none
        Header always set X-XSS-Protection "1; mode=block"

        # Bypass PeerTube webseed route for better performances
        Alias /static/webseed /var/www/peertube/storage/videos
        <Location /static/webseed>
                # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
                SetOutputFilter RATE_LIMIT
                SetEnv rate-limit 800

                SetEnvIf Request_Method "GET" GETMETH=1

                Header set Access-Control-Allow-Origin "*" env=GETMETH
                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH
                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH
                SetEnvIf GETMETH "1" dontlog

                SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1

                Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH
                Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH
                Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH
                Header set Access-Control-Max-Age "1000" env=OPTIONSMETH
                Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH
                Header set Content-Length "0" env=OPTIONSMETH
        </Location>

        <Location /videos/embed>
                Header unset X-Frame-Options
        </Location>

        ProxyPreserveHost On
        ProxyTimeout 600

        # Websocket tracker
        RewriteEngine On
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L]

        <Location />
                ProxyPass http://127.0.0.1:9000/ timeout=600
        </Location>

        ErrorLog "/var/log/httpd/peertube.example.com.error.log"
        CustomLog "/var/log/httpd/peertube.example.com.access.log" common env=!dontlog
</VirtualHost>

Thanks for this! I couldn't get the Websocket to work until I grabbed this code.

Thanks!

La ligne Header always set X-Frame-Options DENY empêche le fonctionnement des iframe.
Si vous voulez autoriser les iframe, il faut donc supprimer cette ligne.

Thanks for your file.
With this configuration, i got several error log lines like this : AH00082: an unknown filter was not added: RATE_LIMIT
Can this be avoided by adding directives ?

it nearly works, i have my certificates made with certbot but apache wont start because he cant find a file, but the file exists. i copy and paste the path and i get a symlink.

sudo apache2ctl configtest
AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/peertube.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem' does not exist or is empty
Action 'configtest' failed.

here, the file exists and is filled with certificates:

sudo ls -larth /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem
lrwxrwxrwx 1 root root 53 Dec  2 20:45 /etc/letsencrypt/live/peertube.cipherbliss.com/fullchain.pem -> ../../archive/peertube.cipherbliss.com/fullchain2.pem

 # Hard limit, PeerTube does not support videos > 4GB
  LimitRequestBody 4294967294

The used value is not supported by apache 2.4 reference but you do not get any error.

Die Direktive gibt die Anzahl der Bytes zwischen 0 (unbegrenzt) und 2147483647 (2GB) an, die im Request-Body (Datenteil der Anfrage) erlaubt sind.

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Unless I am missing something, this configuration is very dangerous due to the inclusion of the ProxyRequests on. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyrequests - this directive is not required to make ProxyPass work, and instead turns your Apache server into a forward proxy. This means that it can be used as an open proxy which can be used to connect to any host your Apache server can talk to, including other internal services running on localhost (possibly including non-HTTP services) - not just your PeerTube server running on localhost. Running an open proxy like this is a fantastic way to get on lists of problematic/infected/etc. IP addresses like, for example, Spamhaus XBL. Please remove this directive.

Also, while I'm at it, preload probably shouldn't be in the HSTS directive since people tend to not understand what that does. Instead there should be a comment telling folks to follow the instructions on hstspreload.org (see https://hstspreload.org/#opt-in for where this advice/request comes from).

(Again, please tell me if I'm missing something - I'd love to be corrected 😅)

Thanks for your file.
With this configuration, i got several error log lines like this : AH00082: an unknown filter was not added: RATE_LIMIT
Can this be avoided by adding directives ?

maybe somebody still searches this:
you either add:
LoadModule ratelimit_module modules/mod_ratelimit.so
or delete:

                SetOutputFilter RATE_LIMIT
                SetEnv rate-limit 800

@strugee thanks for the notification! I corrected it.

@rigelk thank you! 🎉

please note that isn't enough to make the configuration on par with the file serving optimizations of the project's Nginx configuration. I'm open to contributions for that 🙂

Thanks for this configuration, it seems to mostly work for me, however uploads of videos of a certain size(above 300 MB apparently) seem to fail and I get 502 errors with log entries like this:

[Sat Apr 25 21:50:31.382970 2020] [proxy_http:error] [pid 19633] [client 8*.15*.2*.1**:47097] AH01097: pass request body failed to 127.0.0.1:9000 (127.0.0.1) from 8*.15*.2*.1** (), referer: https://peertube.***.de/videos/upload

I did split up the config file into several files (one for each vhost and one common .conf), is it possible this is a proxy problem? Because I'm not quite sure why this fails, but smaller videos do work.

Hi,
I am facing this very much the same problem. Were you able to resolve the issue in the meantime?
Martin.