From 716ea6b19ac3cff2f8b36cee218e26e4513f64c2 Mon Sep 17 00:00:00 2001 From: knoflook Date: Wed, 15 Feb 2023 17:30:59 +0100 Subject: [PATCH] chore: release 4.0.0+v5.0.1-bullseye --- abra.sh | 4 ++-- compose.yml | 7 +++---- entrypoint.sh.tmpl | 2 +- nginx.conf.tmpl | 15 +++++++++++++++ release/4.0.0+v5.0.1-bullseye | 14 ++++++++++++++ 5 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 release/4.0.0+v5.0.1-bullseye diff --git a/abra.sh b/abra.sh index ecbe72a..1c38b9c 100644 --- a/abra.sh +++ b/abra.sh @@ -1,7 +1,7 @@ # shellcheck disable=SC2034,SC2145 -export NGINX_CONFIG_VERSION=v3 -export APP_ENTRYPOINT_VERSION=v5 +export NGINX_CONFIG_VERSION=v4 +export APP_ENTRYPOINT_VERSION=v6 sub_npm() { abra__service_="app" diff --git a/compose.yml b/compose.yml index 026ff60..4657ed3 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: web: - image: nginx:1.20.0 + image: nginx:1.23.3 networks: - proxy - internal @@ -47,12 +47,11 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" app: - image: chocobozzz/peertube:v4.3.0-bullseye + image: chocobozzz/peertube:v5.0.1-bullseye environment: - PEERTUBE_ADMIN_EMAIL - PEERTUBE_CONTACT_FORM_ENABLED - PEERTUBE_DB_HOSTNAME=db - - PEERTUBE_DB_PASSWORD_FILE=/run/secrets/db_password - PEERTUBE_DB_PORT=5432 - PEERTUBE_DB_USERNAME=peertube - PEERTUBE_LIVE_CHAT_ENABLED @@ -86,7 +85,7 @@ services: - internal deploy: labels: - - "coop-cloud.${STACK_NAME}.version=3.0.0+v4.3.0-bullseye" + - "coop-cloud.${STACK_NAME}.version=4.0.0+v5.0.1-bullseye" db: image: postgres:10-alpine diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index e3bf077..bc06aad 100644 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -24,7 +24,7 @@ file_env() { unset "$fileVar" } -file_env "PEERTUBE_DB_PASSWORD" +export PEERTUBE_DB_PASSWORD=$(cat /run/secrets/db_password) {{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }} file_env "PEERTUBE_SMTP_PASSWORD" diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl index 0defdf8..92a0c96 100644 --- a/nginx.conf.tmpl +++ b/nginx.conf.tmpl @@ -170,6 +170,21 @@ http { try_files $uri @api; } + # Plugin websocket routes + location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ { + try_files /dev/null @api_websocket; + } + + location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download { + # We can't rate limit a try_files directive, so we need to duplicate @api + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_limit_rate 5M; + proxy_pass http://backend; + } + # Bypass PeerTube for performance reasons. Optional. location ~ ^/static/(webseed|redundancy|streaming-playlists)/ { limit_rate_after 5M; diff --git a/release/4.0.0+v5.0.1-bullseye b/release/4.0.0+v5.0.1-bullseye new file mode 100644 index 0000000..114ebfa --- /dev/null +++ b/release/4.0.0+v5.0.1-bullseye @@ -0,0 +1,14 @@ +This will break your deployment! +You need to add new lines to /config/production.yaml as shown here: +https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L14 +https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L153 + +you can do that from the host as the file is inside a volume. It should be in /var/lib/docker/volumes/_app-config/_data/production.yaml on your host machine. It's important to save the secret that you're putting in the file somewhere else, as the container has write access to the file, and it's possible it could overwrite it, causing the secret to disappear. We don't know what happens to your data if you lose that secret. + +You'll also have to run a migration as described in https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0 + +abra app run app bash -u peertube +and when inside the container: +node dist/scripts/migrations/peertube-5.0.js + +knoflook & decentralise @ Autonomic Co-op