Updated to version 1.2.0

Fix syntaxe

README.md

@@ -4,8 +4,57 @@
 [![Install Peertube with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=peertube)<br><br>
 =======
 
-Shipped Version: **1.0.0-beta.15**
+Shipped Version: **1.2.0**
 
+# Nodejs branch for servers giving error on yarn install (OVH)
+
+You will have to run few **commands in the terminal to run Peertube**. **Nodejs** will not be installed by **shell** and **passowrd** will not be created by shell. So you have to do these **things manually**.
+
+## Steps for installing
+
+1. Install **nodejs**
+   
+    $ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - <br>
+    $ sudo apt-get install -y nodejs
+1. Install the peertube with **OVH fix** branch.
+
+    $ yunohost app --debug install --debug https://github.com/YunoHost-Apps/peertube_ynh/tree/ovh_fix
+1. After installation is complete run **yarn install**.
+    
+    $ cd /var/www/peertube && yarn install --production --pure-lockfile
+1. Give proper **permissions** to peertube
+
+    $ chown -R peertube:peertube /var/www/peertube
+1. **Restart peertube** and check if there is any error message.
+
+    $ service peertube restart && journalctl -feu peertube
+
+1. If there is no **error in red** in the last lines of log. Press **ctrl+c** to stop the logs.
+1. Go to your **domain** to check if peertube is running and everthing is ok.
+1. Change your **root password** by this command:
+    
+    $ cd /var/www/peertube && NODE_CONFIG_DIR="/var/www/peertube/config/" NODE_ENV=production npm run reset-password -- -u root
+    
+    Username: **root**
+    password: **created in above step**
+    
+## Updating peertube
+1. Stop peertube
+  
+    $ service peertube stop
+1. Upgrade the package:
+    
+    $ yunohost app upgrade --debug -u https://github.com/YunoHost-Apps/peertube_ynh/tree/ovh_fix peertube
+1. After installation is complete run **yarn install**.
+    
+    $ cd /var/www/peertube && yarn install --production --pure-lockfile
+1. Give proper **permissions** to peertube
+    
+    $ chown -R peertube:peertube /var/www/peertube
+1. Start service.
+   
+    $ service peertube start
+    
 
 ## What is Peertube ?
 PeerTube is a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser, using <a href="https://github.com/feross/webtorrent">WebTorrent</a>.

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.0.0-beta.15/peertube-v1.0.0-beta.15.tar.xz
-SOURCE_SUM=fff45acc7cc84fc1847c0ed62fe2a64e683fe84b394cb64edb7a4b7fa9144da0
+SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.2.0/peertube-v1.2.0.tar.xz
+SOURCE_SUM=2ef5c4d0cf1f0f8a71e0b1f5a5146fbf4a9617ea79f32de618fe3b3c726d8f7e
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.xz
 SOURCE_IN_SUBDIR=true

conf/nginx.conf

@@ -1,9 +1,10 @@
+	# Bypass PeerTube for performance reasons. Could be removed
 	location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
     add_header Cache-Control "public, max-age=31536000, immutable";
 
     alias __FINALPATH__/client/dist/$1;
     }
-  
+   # Bypass PeerTube for performance reasons. Could be removed
    location ~ ^/static/(thumbnails|avatars)/ {
     if ($request_method = 'OPTIONS') {
       add_header 'Access-Control-Allow-Origin' '*';
@@ -36,8 +37,17 @@
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-    # Hard limit, PeerTube does not support videos > 8GB
+    
+    # This is the maximum upload size, which roughly matches the maximum size of a video file
+    # you can send via the API or the web interface. By default this is 8GB, but administrators
+    # can increase or decrease the limit. Currently there's no way to communicate this limit
+    # to users automatically, so you may want to leave a note in your instance 'about' page if
+    # you change this.
+    #
+    # Note that temporary space is needed equal to the total size of all concurrent uploads.
+    # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
+    # on a dedicated filesystem.
+    #
     client_max_body_size 8G;
     proxy_connect_timeout       600;
     proxy_send_timeout          600;
@@ -46,7 +56,7 @@
   }
 
 	# Bypass PeerTube for performance reasons. Could be removed
-	location /static/webseed {
+	location ~ ^/static/(webseed|redundancy)/ {
     # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
     limit_rate 800k;
 
@@ -69,7 +79,14 @@
       access_log off;
     }
 
-    alias /home/yunohost.app/__NAME__/storage/videos;
+    root /home/yunohost.app/__NAME__/storage;
+
+    rewrite ^/static/webseed/(.*)$ /videos/$1 break;
+    rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
+
+    try_files $uri /;
+    
+   
   }
 
   # Websocket tracker
@@ -84,3 +101,18 @@
     proxy_set_header Host $host;
     proxy_pass http://localhost:__PORT__;
   }
+
+location /socket.io {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+
+    proxy_pass http://localhost:__PORT__;
+
+    # enable WebSockets
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+
+

conf/production.yaml

@@ -47,8 +47,10 @@ smtp:
   
 # From the project root directory
 storage:
+  tmp: '/home/yunohost.app/__app__/storage/tmp/' # Used to download data (imports etc), store uploaded files before processing...
   avatars: '/home/yunohost.app/__app__/storage/avatars/'
   videos: '/home/yunohost.app/__app__/storage/videos/'
+  redundancy: '/home/yunohost.app/__app__/storage/videos/'
   logs: '/home/yunohost.app/__app__/storage/logs/'
   previews: '/home/yunohost.app/__app__/storage/previews/'
   thumbnails: '/home/yunohost.app/__app__/storage/thumbnails/'
@@ -60,7 +62,10 @@ log:
   level: 'info' # debug/info/warning/error
 
 search:
-  remote_uri: # Add ability to search remote videos/actors by URI, that may not be federated with your instance
+# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
+# If enabled, the associated group will be able to "escape" from the instance follows
+# That means they will be able to follow channels, watch videos, list videos of non followed instances
+  remote_uri:
     users: true
     anonymous: false
 
@@ -71,8 +76,10 @@ trending:
 # Cache remote videos on your server, to help other instances to broadcast the video
 # You can define multiple caches using different sizes/strategies
 # Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
-redundancy:
-  videos:
+#redundancy:
+#  videos:
+#    check_interval: '6 hour' # How often you want to check new videos to cache
+#    strategies:
 #    -
 #      size: '10GB'
 #      strategy: 'most-views' # Cache videos that have the most views
@@ -80,13 +87,11 @@ redundancy:
 #      size: '10GB'
 #      strategy: 'trending' # Cache trending videos
 #    -
-       size: '1GB'
-       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
-       min_lifetime: '48 hours'
-       strategy: 'recently-added' # Cache recently added videos
-       minViews: 10 # Having at least x views
-
-
+#       size: '1GB'
+#       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
+#       min_lifetime: '48 hours'
+#       strategy: 'recently-added' # Cache recently added videos
+#       min_views: 10 # Having at least x views
 
 ###############################################################################
 #
@@ -108,8 +113,13 @@ cache:
     
 
 admin:
+  # Used to generate the root user at first startup
+  # And to receive emails from the contact form
   email: '__email__'
 
+contact_form:
+  enabled: true
+
 signup:
   enabled: false
   limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
@@ -130,6 +140,8 @@ user:
 # Please, do not disable transcoding since many uploaded videos will not work
 transcoding:
   enabled: true
+  # Allow your users to upload .mkv, .mov, .avi, .flv videos
+  allow_additional_extensions: true
   threads: 1
   resolutions: # Only created if the original video has a higher resolution, uses more storage!
     240p: false
@@ -162,12 +174,14 @@ instance:
   # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
   robots: |
     User-agent: *
-    Disallow: ''
+    Disallow: 
   # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
   securitytxt:
     "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
 
 services:
+  # You can provide a reporting endpoint for Content Security Policy violations
+  csp-logger:
   # Cards configuration to format video in Twitter
   twitter:
     username: '@yunohost' # Indicates the Twitter account for the website or platform on which the content was published

conf/systemd.service

@@ -16,5 +16,24 @@ StandardError=syslog
 SyslogIdentifier=__APP__
 Restart=always
 
+; Some security directives.
+; Use private /tmp and /var/tmp folders inside a new file system namespace,
+; which are discarded after the process stops.
+PrivateTmp=true
+; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
+ProtectSystem=full
+; Sets up a new /dev mount for the process and only adds API pseudo devices
+; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
+; by default because it may not work on devices like the Raspberry Pi.
+PrivateDevices=false
+; Ensures that the service process and all its children can never gain new
+; privileges through execve().
+NoNewPrivileges=true
+; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
+; by this unit. Make sure that you do not depend on data inside these folders.
+ProtectHome=false
+; Drops the sys admin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
 [Install]
 WantedBy=multi-user.target

manifest.json

@@ -6,7 +6,7 @@
         "en": "Video streaming platform using P2P directly in the web browser, connected to a federated network",
         "fr": "Plateforme de diffusion vidéo par P2P directement dans le navigateur, et connectée à un réseau fédéralisé"
     },
-    "version": "1.0.0-beta.15",
+    "version": "1.2.0",
     "url": "https://github.com/Chocobozzz/PeerTube",
     "license": "AGPL-3.0-only",
     "maintainer": {

scripts/install

@@ -69,9 +69,6 @@ ynh_app_setting_set "$app" is_public   "$is_public"
 
 # Find a free port
 port=$(ynh_find_port 9000)
-
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
 ynh_app_setting_set "$app" port "$port"
 
 #=================================================
@@ -141,10 +138,6 @@ ynh_setup_source "$final_path"
 cp ../conf/production.yaml "$final_path/config/production.yaml"
 touch "$final_path/config/local-production.json"
 
-(
-	cd "$final_path"
-	yarn install --production --pure-lockfile 
-)
 
 #=================================================
 # NGINX CONFIGURATION
@@ -226,28 +219,4 @@ ynh_add_systemd_config
 systemctl enable "$app"
 systemctl start "$app"
 
-#=================================================
-# CHANGE PEERTUBE ADMIN PASSWORD AFTER INITIAL GEN
-#=================================================
 
-# we need to wait for the service to init peertube's database
-(
-	cd "$final_path"
-	sleep 30
-	echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root
-)
-
-#=================================================
-# SEND A README FOR THE ADMIN
-#=================================================
-
-message=" $app was successfully installed :)
-
-Please open your $app domain: https://$domain$path_url
-
-The admin username is: root
-The admin password is: $admin_pass
-
-If you are facing any problem or want to improve this app, please open a new issue here: https://github.com/YunoHost-Apps/peertube_ynh"
-
-ynh_send_readme_to_admin "$message"

scripts/restore

@@ -62,9 +62,6 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_restore_file "$final_path"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -85,8 +82,6 @@ chown -R "$app":"$app" "/home/yunohost.app/${app}/storage"
 # REINSTALL DEPENDENCIES
 #=================================================
 
-# install nodejs
-ynh_install_nodejs 8
 
 # add backports for Debian Jessie (required to install ffmpeg)
 if [ "$(lsb_release --codename --short)" == "jessie" ]; then
@@ -128,11 +123,6 @@ ynh_restore_file "/etc/logrotate.d/$app"
 # RESTORE THE LOGROTATE CONFIGURATION
 #=================================================
 
-(
-	cd "$final_path"
-	yarn install --production --pure-lockfile --silent --cache-folder /var/cache/yarn/
-)
-
 # Set right permissions 
 chown -R "$app":"$app" "$final_path"
 

scripts/upgrade

@@ -77,8 +77,15 @@ datadir="/home/yunohost.app/${app}/storage"
 # Create app folders
 mkdir -p "$datadir"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
+#=================================================
+# CLOSE A PORT
+#=================================================
+
+if yunohost firewall list | grep -q "\- $port$"
+then
+	echo "Close port $port"
+	yunohost firewall disallow Both "$port" 2>&1
+fi
 
 #=================================================
 # CREATE DEDICATED USER
@@ -91,8 +98,6 @@ ynh_system_user_create "$app"
 # INSTALL DEPENDENCIES
 #=================================================
 
-# install nodejs
-ynh_install_nodejs 8
 
 # add backports for Debian Jessie (required to install ffmpeg)
 if [ "$(lsb_release --codename --short)" == "jessie" ]; then
@@ -128,11 +133,6 @@ cp -a  "$tmpdir/local-production.json" "$final_path/config/local-production.json
 # Remove the tmp directory securely
 ynh_secure_remove "$tmpdir"
 
-(
-	cd "$final_path"
-	yarn install --production --pure-lockfile 
-)
-
 
 #=================================================
 # NGINX CONFIGURATION