Mise à jour de 'scripts/install'

Update manifest.json

README.md

@@ -4,8 +4,7 @@
 [![Install Peertube with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=peertube)<br><br>
 =======
 
-Shipped Version: **1.0.0-beta.15**
-
+Shipped Version: **1.2.1**
 
 ## What is Peertube ?
 PeerTube is a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser, using <a href="https://github.com/feross/webtorrent">WebTorrent</a>.
@@ -53,7 +52,7 @@ Want to see in action?
          $ sudo yunohost app install https://github.com/YunoHost-Apps/peertube_ynh
  1. Admin username is : **root**.
  1. **Admin password** will be sent to the email address given at the time of the installation.
- 1. **TLS** and **starttls** are disabled for the outgoing mails. If you intent to use email address not hosted on your local server,it's advised to have a proper SMTP configured with tls and starttls settings by editing **/var/www/peertube/config/porduction.yml**.
+ 1. **TLS** and **starttls** are disabled for the outgoing mails. If you intent to use email address not hosted on your local server,it's advised to have a proper SMTP configured with tls and starttls settings by editing **/var/www/peertube/config/production.yml**.
  
  ### Update Guide
  1. App can be updated by YunoHost **admin web-interface** or with the following command**:

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.0.0-beta.15/peertube-v1.0.0-beta.15.tar.xz
-SOURCE_SUM=fff45acc7cc84fc1847c0ed62fe2a64e683fe84b394cb64edb7a4b7fa9144da0
+SOURCE_URL=https://github.com/Chocobozzz/PeerTube/releases/download/v1.2.1/peertube-v1.2.1.tar.xz
+SOURCE_SUM=77517c06133704e36b755bdae4f68838221e657ca70a1a40d5c8652655978ed5
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.xz
 SOURCE_IN_SUBDIR=true

conf/nginx.conf

@@ -1,9 +1,10 @@
+	# Bypass PeerTube for performance reasons. Could be removed
 	location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
     add_header Cache-Control "public, max-age=31536000, immutable";
 
     alias __FINALPATH__/client/dist/$1;
     }
-  
+   # Bypass PeerTube for performance reasons. Could be removed
    location ~ ^/static/(thumbnails|avatars)/ {
     if ($request_method = 'OPTIONS') {
       add_header 'Access-Control-Allow-Origin' '*';
@@ -36,8 +37,17 @@
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-    # Hard limit, PeerTube does not support videos > 8GB
+    
+    # This is the maximum upload size, which roughly matches the maximum size of a video file
+    # you can send via the API or the web interface. By default this is 8GB, but administrators
+    # can increase or decrease the limit. Currently there's no way to communicate this limit
+    # to users automatically, so you may want to leave a note in your instance 'about' page if
+    # you change this.
+    #
+    # Note that temporary space is needed equal to the total size of all concurrent uploads.
+    # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
+    # on a dedicated filesystem.
+    #
     client_max_body_size 8G;
     proxy_connect_timeout       600;
     proxy_send_timeout          600;
@@ -46,7 +56,7 @@
   }
 
 	# Bypass PeerTube for performance reasons. Could be removed
-	location /static/webseed {
+	location ~ ^/static/(webseed|redundancy)/ {
     # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
     limit_rate 800k;
 
@@ -69,7 +79,14 @@
       access_log off;
     }
 
-    alias /home/yunohost.app/__NAME__/storage/videos;
+    root /home/yunohost.app/__NAME__/storage;
+
+    rewrite ^/static/webseed/(.*)$ /videos/$1 break;
+    rewrite ^/static/redundancy/(.*)$ /redundancy/$1 break;
+
+    try_files $uri /;
+    
+   
   }
 
   # Websocket tracker
@@ -84,3 +101,18 @@
     proxy_set_header Host $host;
     proxy_pass http://localhost:__PORT__;
   }
+
+location /socket.io {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+
+    proxy_pass http://localhost:__PORT__;
+
+    # enable WebSockets
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+
+

conf/production.yaml

@@ -47,8 +47,10 @@ smtp:
   
 # From the project root directory
 storage:
+  tmp: '/home/yunohost.app/__app__/storage/tmp/' # Used to download data (imports etc), store uploaded files before processing...
   avatars: '/home/yunohost.app/__app__/storage/avatars/'
   videos: '/home/yunohost.app/__app__/storage/videos/'
+  redundancy: '/home/yunohost.app/__app__/storage/videos/'
   logs: '/home/yunohost.app/__app__/storage/logs/'
   previews: '/home/yunohost.app/__app__/storage/previews/'
   thumbnails: '/home/yunohost.app/__app__/storage/thumbnails/'
@@ -60,7 +62,10 @@ log:
   level: 'info' # debug/info/warning/error
 
 search:
-  remote_uri: # Add ability to search remote videos/actors by URI, that may not be federated with your instance
+# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
+# If enabled, the associated group will be able to "escape" from the instance follows
+# That means they will be able to follow channels, watch videos, list videos of non followed instances
+  remote_uri:
     users: true
     anonymous: false
 
@@ -71,8 +76,10 @@ trending:
 # Cache remote videos on your server, to help other instances to broadcast the video
 # You can define multiple caches using different sizes/strategies
 # Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
-redundancy:
-  videos:
+#redundancy:
+#  videos:
+#    check_interval: '6 hour' # How often you want to check new videos to cache
+#    strategies:
 #    -
 #      size: '10GB'
 #      strategy: 'most-views' # Cache videos that have the most views
@@ -80,13 +87,11 @@ redundancy:
 #      size: '10GB'
 #      strategy: 'trending' # Cache trending videos
 #    -
-       size: '1GB'
-       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
-       min_lifetime: '48 hours'
-       strategy: 'recently-added' # Cache recently added videos
-       minViews: 10 # Having at least x views
-
-
+#       size: '1GB'
+#       # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
+#       min_lifetime: '48 hours'
+#       strategy: 'recently-added' # Cache recently added videos
+#       min_views: 10 # Having at least x views
 
 ###############################################################################
 #
@@ -108,8 +113,13 @@ cache:
     
 
 admin:
+  # Used to generate the root user at first startup
+  # And to receive emails from the contact form
   email: '__email__'
 
+contact_form:
+  enabled: true
+
 signup:
   enabled: false
   limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
@@ -130,6 +140,8 @@ user:
 # Please, do not disable transcoding since many uploaded videos will not work
 transcoding:
   enabled: true
+  # Allow your users to upload .mkv, .mov, .avi, .flv videos
+  allow_additional_extensions: true
   threads: 1
   resolutions: # Only created if the original video has a higher resolution, uses more storage!
     240p: false
@@ -162,12 +174,14 @@ instance:
   # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
   robots: |
     User-agent: *
-    Disallow: ''
+    Disallow: 
   # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
   securitytxt:
     "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
 
 services:
+  # You can provide a reporting endpoint for Content Security Policy violations
+  csp-logger:
   # Cards configuration to format video in Twitter
   twitter:
     username: '@yunohost' # Indicates the Twitter account for the website or platform on which the content was published

conf/systemd.service

@@ -16,5 +16,24 @@ StandardError=syslog
 SyslogIdentifier=__APP__
 Restart=always
 
+; Some security directives.
+; Use private /tmp and /var/tmp folders inside a new file system namespace,
+; which are discarded after the process stops.
+PrivateTmp=true
+; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
+ProtectSystem=full
+; Sets up a new /dev mount for the process and only adds API pseudo devices
+; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled
+; by default because it may not work on devices like the Raspberry Pi.
+PrivateDevices=false
+; Ensures that the service process and all its children can never gain new
+; privileges through execve().
+NoNewPrivileges=true
+; This makes /home, /root, and /run/user inaccessible and empty for processes invoked
+; by this unit. Make sure that you do not depend on data inside these folders.
+ProtectHome=false
+; Drops the sys admin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
 [Install]
 WantedBy=multi-user.target

manifest.json

@@ -6,7 +6,7 @@
         "en": "Video streaming platform using P2P directly in the web browser, connected to a federated network",
         "fr": "Plateforme de diffusion vidéo par P2P directement dans le navigateur, et connectée à un réseau fédéralisé"
     },
-    "version": "1.0.0-beta.15",
+    "version": "1.2.1",
     "url": "https://github.com/Chocobozzz/PeerTube",
     "license": "AGPL-3.0-only",
     "maintainer": {

scripts/install

@@ -22,7 +22,7 @@ ynh_abort_if_errors
 #=================================================
 
 domain=$YNH_APP_ARG_DOMAIN
-path_url="/"
+path_url="/peertube"
 admin_email=$YNH_APP_ARG_EMAIL
 admin_pass=$(ynh_string_random 24)
 is_public=$YNH_APP_ARG_IS_PUBLIC
@@ -69,9 +69,6 @@ ynh_app_setting_set "$app" is_public   "$is_public"
 
 # Find a free port
 port=$(ynh_find_port 9000)
-
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
 ynh_app_setting_set "$app" port "$port"
 
 #=================================================

scripts/restore

@@ -62,9 +62,6 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_restore_file "$final_path"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -77,6 +74,9 @@ ynh_system_user_create "$app"
 #=================================================
 
 # Set right permissions
+if [ ! -d "/home/yunohost.app/$app" ]; then
+	mkdir -p "/home/yunohost.app/${app}/storage"
+fi
 chown -R "$app":"$app" "/home/yunohost.app/${app}/storage"
 
 #=================================================

scripts/upgrade

@@ -77,8 +77,15 @@ datadir="/home/yunohost.app/${app}/storage"
 # Create app folders
 mkdir -p "$datadir"
 
-# Open this port
-yunohost firewall allow Both "$port" 2>&1
+#=================================================
+# CLOSE A PORT
+#=================================================
+
+if yunohost firewall list | grep -q "\- $port$"
+then
+	echo "Close port $port"
+	yunohost firewall disallow Both "$port" 2>&1
+fi
 
 #=================================================
 # CREATE DEDICATED USER