Added tuning

2018-10-10 23:30:11 +05:30
11 changed files with 77 additions and 94 deletions
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@
 [![Install Peertube with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=peertube)<br><br>
 =======

-Shipped Version: **1.2.1**
+Shipped Version: **1.0.0-rc.2**

 ## What is Peertube ?
 PeerTube is a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser, using <a href="https://github.com/feross/webtorrent">WebTorrent</a>.
@ -52,7 +52,7 @@ Want to see in action?
         $ sudo yunohost app install https://github.com/YunoHost-Apps/peertube_ynh
 1. Admin username is : **root**.
 1. **Admin password** will be sent to the email address given at the time of the installation.
- 1. **TLS** and **starttls** are disabled for the outgoing mails. If you intent to use email address not hosted on your local server,it's advised to have a proper SMTP configured with tls and starttls settings by editing **/var/www/peertube/config/production.yml**.
+ 1. **TLS** and **starttls** are disabled for the outgoing mails. If you intent to use email address not hosted on your local server,it's advised to have a proper SMTP configured with tls and starttls settings by editing **/var/www/peertube/config/porduction.yml**.
 
 ### Update Guide
 1. App can be updated by YunoHost **admin web-interface** or with the following command**:
--- a/conf/30-peertube-tcp.conf
+++ b/conf/30-peertube-tcp.conf
@ -0,0 +1,8 @@
+# In a video server, we are often sending files to a client
+# which can't accept it as fast as our local network connection
+# could produce packets. To prevent packet loss and buffer bloat,
+# it's especially important to use a modern CoDel scheduler which
+# knows how to delay outgoing packets to match slower client links.
+
+net.core.default_qdisc = fq_codel
+net.ipv4.tcp_congestion_control = bbr
--- a/conf/app.src
+++ b/conf/app.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.2.1/peertube-v1.2.1.tar.xz
-SOURCE_SUM=77517c06133704e36b755bdae4f68838221e657ca70a1a40d5c8652655978ed5
+SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.0.0-rc.2/peertube-v1.0.0-rc.2.tar.xz
+SOURCE_SUM=3222dff35dd6784001732e3599f435fb58a7304acffe12a7c19c59a4ee88bbc0
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.xz
 SOURCE_IN_SUBDIR=true
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,10 +1,10 @@
-	# Bypass PeerTube for performance reasons. Could be removed
+	 # Bypass PeerTube for performance reasons. Could be removed
 	location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
    add_header Cache-Control "public, max-age=31536000, immutable";

    alias __FINALPATH__/client/dist/$1;
    }
-   # Bypass PeerTube for performance reasons. Could be removed
+  
   location ~ ^/static/(thumbnails|avatars)/ {
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
@ -37,17 +37,8 @@
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    
-    # This is the maximum upload size, which roughly matches the maximum size of a video file
-    # you can send via the API or the web interface. By default this is 8GB, but administrators
-    # can increase or decrease the limit. Currently there's no way to communicate this limit
-    # to users automatically, so you may want to leave a note in your instance 'about' page if
-    # you change this.
-    #
-    # Note that temporary space is needed equal to the total size of all concurrent uploads.
-    # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
-    # on a dedicated filesystem.
-    #
+
+    # Hard limit, PeerTube does not support videos > 8GB
    client_max_body_size 8G;
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
@ -56,7 +47,7 @@
  }

 	# Bypass PeerTube for performance reasons. Could be removed
-	location ~ ^/static/(webseed|redundancy)/ {
+	location /static/webseed {
    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
    limit_rate 800k;

@ -79,14 +70,7 @@
      access_log off;
    }

-    root /home/yunohost.app/__NAME__/storage;
-
-    rewrite ^/static/webseed/(.*)$ /videos/$1 break;
-    rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
-
-    try_files $uri /;
-    
-   
+    alias /home/yunohost.app/__NAME__/storage/videos;
  }

  # Websocket tracker
@ -101,18 +85,3 @@
    proxy_set_header Host $host;
    proxy_pass http://localhost:__PORT__;
  }
-
-location /socket.io {
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $host;
-
-    proxy_pass http://localhost:__PORT__;
-
-    # enable WebSockets
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-  }
-
-
-
--- a/conf/production.yaml
+++ b/conf/production.yaml
@ -47,10 +47,8 @@ smtp:
  
 # From the project root directory
 storage:
-  tmp: '/home/yunohost.app/__app__/storage/tmp/' # Used to download data (imports etc), store uploaded files before processing...
  avatars: '/home/yunohost.app/__app__/storage/avatars/'
  videos: '/home/yunohost.app/__app__/storage/videos/'
-  redundancy: '/home/yunohost.app/__app__/storage/videos/'
  logs: '/home/yunohost.app/__app__/storage/logs/'
  previews: '/home/yunohost.app/__app__/storage/previews/'
  thumbnails: '/home/yunohost.app/__app__/storage/thumbnails/'
@ -62,10 +60,7 @@ log:
  level: 'info' # debug/info/warning/error

 search:
-# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
-# If enabled, the associated group will be able to "escape" from the instance follows
-# That means they will be able to follow channels, watch videos, list videos of non followed instances
-  remote_uri:
+  remote_uri: # Add ability to search remote videos/actors by URI, that may not be federated with your instance
    users: true
    anonymous: false

@ -88,10 +83,10 @@ trending:
 #      strategy: 'trending' # Cache trending videos
 #    -
 #       size: '1GB'
-#       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
+       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
 #       min_lifetime: '48 hours'
 #       strategy: 'recently-added' # Cache recently added videos
-#       min_views: 10 # Having at least x views
+#       minViews: 10 # Having at least x views

 ###############################################################################
 #
@ -113,13 +108,8 @@ cache:
    

 admin:
-  # Used to generate the root user at first startup
-  # And to receive emails from the contact form
  email: '__email__'

-contact_form:
-  enabled: true
-
 signup:
  enabled: false
  limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
@ -140,8 +130,6 @@ user:
 # Please, do not disable transcoding since many uploaded videos will not work
 transcoding:
  enabled: true
-  # Allow your users to upload .mkv, .mov, .avi, .flv videos
-  allow_additional_extensions: true
  threads: 1
  resolutions: # Only created if the original video has a higher resolution, uses more storage!
    240p: false
@ -180,8 +168,6 @@ instance:
    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"

 services:
-  # You can provide a reporting endpoint for Content Security Policy violations
-  csp-logger:
  # Cards configuration to format video in Twitter
  twitter:
    username: '@yunohost' # Indicates the Twitter account for the website or platform on which the content was published
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -16,24 +16,5 @@ StandardError=syslog
 SyslogIdentifier=__APP__
 Restart=always

-; Some security directives.
-; Use private /tmp and /var/tmp folders inside a new file system namespace,
-; which are discarded after the process stops.
-PrivateTmp=true
-; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
-ProtectSystem=full
-; Sets up a new /dev mount for the process and only adds API pseudo devices
-; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
-; by default because it may not work on devices like the Raspberry Pi.
-PrivateDevices=false
-; Ensures that the service process and all its children can never gain new
-; privileges through execve().
-NoNewPrivileges=true
-; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
-; by this unit. Make sure that you do not depend on data inside these folders.
-ProtectHome=false
-; Drops the sys admin capability from the daemon.
-CapabilityBoundingSet=~CAP_SYS_ADMIN
-
 [Install]
 WantedBy=multi-user.target
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "Video streaming platform using P2P directly in the web browser, connected to a federated network",
        "fr": "Plateforme de diffusion vidéo par P2P directement dans le navigateur, et connectée à un réseau fédéralisé"
    },
-    "version": "1.2.1",
+    "version": "1.0.0-rc.2",
    "url": "https://github.com/Chocobozzz/PeerTube",
    "license": "AGPL-3.0-only",
    "maintainer": {
--- a/scripts/install
+++ b/scripts/install
@ -22,10 +22,11 @@ ynh_abort_if_errors
 #=================================================

 domain=$YNH_APP_ARG_DOMAIN
-path_url="/peertube"
+path_url="/"
 admin_email=$YNH_APP_ARG_EMAIL
 admin_pass=$(ynh_string_random 24)
 is_public=$YNH_APP_ARG_IS_PUBLIC
+tuning="1"


 # This is a multi-instance app, meaning it can be installed several times independently
@ -60,7 +61,7 @@ ynh_app_setting_set "$app" domain      "$domain"
 ynh_app_setting_set "$app" admin_email "$admin_email"
 ynh_app_setting_set "$app" admin_pass  "$admin_pass"
 ynh_app_setting_set "$app" is_public   "$is_public"
-
+ynh_app_setting_set "$app" tuning      "$tuning"
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
@ -69,6 +70,9 @@ ynh_app_setting_set "$app" is_public   "$is_public"

 # Find a free port
 port=$(ynh_find_port 9000)
+
+# Open this port
+yunohost firewall allow Both "$port" 2>&1
 ynh_app_setting_set "$app" port "$port"

 #=================================================
@ -187,6 +191,20 @@ ynh_store_file_checksum "$final_path/config/production.yaml"
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate "/home/yunohost.app/${app}/storage/logs/peertube.log"

+#=================================================
+# ADVERTISE SERVICE IN ADMIN PANEL
+#=================================================
+
+### `yunohost service add` is a CLI yunohost command to add a service in the admin panel.
+### You'll find the service in the 'services' section of YunoHost admin panel.
+### This CLI command would be useless if the app does not have any services (systemd or sysvinit)
+### If you're not using these lines:
+###		- You can remove these files in conf/.
+###		- Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script
+###		- As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script
+
+yunohost service add NAME_INIT.D --log "/home/yunohost.app/${app}/storage/logs/peertube.log"
+
 #=================================================
 # SETUP SSOWAT
 #=================================================
@ -211,8 +229,6 @@ chown -R "$app":"$app" "$final_path" "$datadir"

 systemctl reload nginx

-
-
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@ -234,6 +250,17 @@ systemctl start "$app"
 	echo $admin_pass | NODE_CONFIG_DIR="$final_path/config" NODE_ENV=production npm run reset-password -- -u root
 )

+#=================================================
+# TUNING CONFIGURATION
+#=================================================
+if [ $tuning -eq 1  ]
+then
+
+# Copy 30-peertube-tcp to /etc/sysctl.d/
+	cp -f ../30-peertube-tcp.conf /etc/sysctl.d/
+	sysctl -p /etc/sysctl.d/30-peertube-tcp.conf
+fi
+
 #=================================================
 # SEND A README FOR THE ADMIN
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -101,6 +101,14 @@ fi
 # Delete a system user
 ynh_system_user_delete "$app"

+# Remove 30-peertube-tcp.conf 
+if [ -f /etc/sysctl.d/30-peertube-tcp.conf ]; then
+    
+    # Remove 30-peertube-tcp from /etc/sysctl.d/
+	rm -f /etc/sysctl.d/30-peertube-tcp.conf
+    sysctl -p
+fi
+
 #=================================================
 # SEND A README FOR THE ADMIN
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -62,6 +62,9 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"

 ynh_restore_file "$final_path"

+# Open this port
+yunohost firewall allow Both "$port" 2>&1
+
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@ -74,9 +77,6 @@ ynh_system_user_create "$app"
 #=================================================

 # Set right permissions
-if [ ! -d "/home/yunohost.app/$app" ]; then
-	mkdir -p "/home/yunohost.app/${app}/storage"
-fi
 chown -R "$app":"$app" "/home/yunohost.app/${app}/storage"

 #=================================================
@ -136,6 +136,11 @@ ynh_restore_file "/etc/logrotate.d/$app"
 # Set right permissions 
 chown -R "$app":"$app" "$final_path"

+# TUNING CONFIGURATION
+# Copy 30-peertube-tcp to /etc/sysctl.d/
+cp -f ../30-peertube-tcp.conf /etc/sysctl.d/
+sysctl -p /etc/sysctl.d/30-peertube-tcp.conf
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -77,15 +77,8 @@ datadir="/home/yunohost.app/${app}/storage"
 # Create app folders
 mkdir -p "$datadir"

-#=================================================
-# CLOSE A PORT
-#=================================================
-
-if yunohost firewall list | grep -q "\- $port$"
-then
-	echo "Close port $port"
-	yunohost firewall disallow Both "$port" 2>&1
-fi
+# Open this port
+yunohost firewall allow Both "$port" 2>&1

 #=================================================
 # CREATE DEDICATED USER
@ -203,6 +196,12 @@ then
 	ynh_app_setting_set "$app" unprotected_uris "/"
 fi

+ 
+# TUNING CONFIGURATION
+# Copy 30-peertube-tcp to /etc/sysctl.d/
+cp -f ../30-peertube-tcp.conf /etc/sysctl.d/
+sysctl -p /etc/sysctl.d/30-peertube-tcp.conf
+
 #=================================================
 # RELOAD NGINX
 #=================================================