software/peertube: Enable nginx

17d6a7db · Boxiang Sun · 93bd2a89 · 17d6a7db · 17d6a7db · 17d6a7db
Commit 17d6a7db authored Oct 03, 2022 by Boxiang Sun
5 changed files
--- a/software/peertube/buildout.hash.cfg
+++ b/software/peertube/buildout.hash.cfg
@@ -15,3 +15,11 @@
 [instance-profile]
 filename = instance.cfg.in
 # md5sum = 483b76d8e6bf72d72a38a3f7bf66fe08
+
+[template-nginx-service]
+filename = template-nginx-service.sh.in
+# md5sum = 458870b70c33a1621b68961ae2372ad5
+
+[template-nginx-configuration]
+filename = template-nginx.cfg.in
+# md5sum = fc4f258e3ae56e0c9596484d736ccfed
--- a/software/peertube/instance.cfg.in
+++ b/software/peertube/instance.cfg.in
 [buildout]
 parts =
  publish-connection-parameter
+  nginx-service
+  nginx-listen-promise

 [peertube-instance]
 recipe = slapos.cookbook:wrapper
@@ -8,15 +10,25 @@ wrapper-path = $${directory:service}/$${:_buildout_section_name_}
 command-line = cd $${directory:versions}; cp -r ${peertube-download:location} ./
  echo $${directory:versions}
 environment =
-  PATH=%(PATH)s
+  PATH=${unzip:location}/bin:${vim:location}/bin:${nodejs:location}/bin:${yarn:location}/bin:${python3:location}/bin:${nginx:location}/sbin:${postgresql:location}/sbin:${gcc-10.2:location}/bin:${redis:location}/bin:{git:location}/bin:{wget:location}/bin:%(PATH)s
+  CPPFLAGS=-I${openssl:location}/include
+  LDFLAGS=-L${curl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl

 [directory]
 recipe = slapos.cookbook:mkdirectory
+etc = $${buildout:directory}/etc
 srv = $${buildout:directory}/srv
+var = $${buildout:directory}/var
+log = $${:var}/log
+run = $${:var}/run
+www = $${:srv}/www
+varnginx = $${:var}/nginx
+services = $${:etc}/service
 peertube_directory = $${:srv}/var/www/peertube
 config = $${:srv}/var/www/peertube/config
 storage = $${:srv}/var/www/peertube/storage
 versions = $${:srv}/var/www/peertube/versions
+ssl = $${:etc}/ssl

 [postgresql-password]
 recipe = slapos.cookbook:generate.password
@@ -43,6 +55,35 @@ command-line =
    $${postgresql:bin}/psql -c "CREATE EXTENSION pg_trgm;" $${postgresql:dbname}
    $${postgresql:bin}/psql -c "CREATE EXTENSION unaccent;" $${postgresql:dbname}

+#################################
+# Nginx service
+#################################
+[nginx-service]
+recipe = slapos.recipe.template
+url = ${template-nginx-service:output}
+output = $${directory:services}/nginx
+virtual-depends =
+  $${nginx-configuration:ip}
+
+[nginx-listen-promise]
+<= monitor-promise-base
+promise = check_socket_listening
+name = nginx_listen.py
+config-host = $${nginx-configuration:ip}
+config-port = $${nginx-configuration:port}
+
+[nginx-configuration]
+recipe = slapos.recipe.template
+url = ${template-nginx-configuration:output}
+output = $${directory:etc}/nginx.cfg
+access_log = $${directory:log}/nginx-access.log
+error_log = $${directory:log}/nginx-error.log
+ip = {{ partition_ipv6 }}
+port = 9443
+ssl_key = $${directory:ssl}/nginx.key
+ssl_csr = $${directory:ssl}/nginx.csr
+ssl_crt = $${directory:ssl}/nginx.crt
+
 [publish-connection-parameter]
 recipe = slapos.cookbook:publish
 url = $${peertube-instance:url}
--- a/software/peertube/software.cfg
+++ b/software/peertube/software.cfg
@@ -41,6 +41,7 @@ parts =
  vim
  nodejs
  yarn
+  openssl
  python3
  nginx
  ffmpeg
@@ -66,3 +67,13 @@ url = https://github.com/Chocobozzz/PeerTube/releases/download/v4.2.2/peertube-v
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/${:filename}
 output = ${buildout:directory}/instance.cfg
+
+[template-nginx-service]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+output = ${buildout:directory}/${:filename}
+
+[template-nginx-configuration]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+output = ${buildout:directory}/${:filename}
--- a/software/peertube/template-nginx-service.sh.in
+++ b/software/peertube/template-nginx-service.sh.in
+#!${dash-output:dash}
+# BEWARE: This file is operated by slapos node
+# BEWARE: It will be overwritten automatically
+
+if [ ! -e $${nginx-configuration:ssl_crt} ]
+then
+  ${openssl-output:openssl} genrsa -out $${nginx-configuration:ssl_key} 2048
+  ${openssl-output:openssl} req -new \
+    -subj "/C=AA/ST=Denial/L=Nowhere/O=Dis/CN=$${nginx-configuration:ip}" \
+    -key $${nginx-configuration:ssl_key} -out $${nginx-configuration:ssl_csr}
+  ${openssl-output:openssl} x509 -req -days 365 \
+    -in $${nginx-configuration:ssl_csr} \
+    -signkey $${nginx-configuration:ssl_key} \
+    -out $${nginx-configuration:ssl_crt}
+fi
+
+exec ${nginx-output:nginx} \
+  -c $${nginx-configuration:output}
--- a/software/peertube/template-nginx.cfg.in
+++ b/software/peertube/template-nginx.cfg.in
+daemon off; # run in the foreground so supervisord can look after it
+
+worker_processes 4;
+pid $${directory:run}/nginx.pid;
+
+events {
+  worker_connections 768;
+  # multi_accept on;
+}
+
+error_log $${nginx-configuration:error_log};
+
+http {
+
+  ##
+  # Basic Settings
+  ##
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  server_tokens off;
+
+  # server_names_hash_bucket_size 64;
+  # server_name_in_redirect off;
+
+  default_type application/octet-stream;
+  include ${nginx-output:mime};
+
+  ##
+  # Logging Settings
+  ##
+
+  access_log $${nginx-configuration:access_log};
+  error_log $${nginx-configuration:error_log};
+
+  ##
+  # Gzip Settings
+  ##
+
+  gzip on;
+  gzip_disable "msie6";
+
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+server {
+  listen [$${nginx-configuration:ip}]:$${nginx-configuration:port};
+
+  ssl                 on;
+  ssl_certificate $${nginx-configuration:ssl_crt};
+  ssl_certificate_key $${nginx-configuration:ssl_key};
+
+  fastcgi_temp_path  $${directory:varnginx} 1 2;
+  uwsgi_temp_path  $${directory:varnginx} 1 2;
+  scgi_temp_path  $${directory:varnginx} 1 2;
+
+  client_body_temp_path $${directory:varnginx} 1 2;
+  proxy_temp_path $${directory:varnginx} 1 2;
+
+  ## Only allow GET and HEAD request methods
+  if ($request_method !~ ^(GET|HEAD)$ ) {
+     return 444;
+  }
+
+  ## Serve an error 204 (No Content) for favicon.ico
+  location = /favicon.ico {
+    return 204;
+  }
+  location /
+  {
+      root $${directory:www};
+#       index index.html;
+  }
+}
+
+}