VIdeo Too Large
-
I first tried out PeerTube via Cloudron on a VSP and it seemed to work fine. So I set it up on my own system and it all seemed to install fine, but I try to upload even a reasonably sized video and it says it's too big. No quota on the user and nginx looks okay from my end, but I'll post the config here just in case I missed something. File is about 45MB, so not very big.
Any ideas?
http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}Allow apps to override this https://stackoverflow.com/questions/13583501/nginx-how-to-add-header-if-it-is-not-set
map $upstream_http_referrer_policy $hrp {
default $upstream_http_referrer_policy;
"" "same-origin";
}http server
server {
# note listen [::]:80 only listens on ipv6 since ipv6only=on since nginx 1.3.4. listen 80 listens on ipv4 only
listen 80;
server_name tube.cloud.midwaytrades.com;
listen [::]:80;server_tokens off; # hide version # acme challenges location /.well-known/acme-challenge/ { default_type text/plain; alias /home/yellowtent/platformdata/acme/; } location /notfound.html { root /home/yellowtent/box/dashboard/dist; try_files /notfound.html =404; internal; } # for default server, serve the notfound page. for other endpoints, redirect to HTTPS location / { return 301 https://$host$request_uri; }
}
https server
server {
listen 443 ssl http2;
server_name tube.cloud.midwaytrades.com;
listen [::]:443 ssl http2;server_tokens off; # hide version # paths are relative to prefix and not to this file ssl_certificate /home/yellowtent/platformdata/nginx/cert/_.cloud.midwaytrades.com.cert; ssl_certificate_key /home/yellowtent/platformdata/nginx/cert/_.cloud.midwaytrades.com.key; ssl_session_timeout 5m; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html # https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#25-use-forward-secrecy # ciphers according to https://ssl-config.mozilla.org/#server=nginx&version=1.14.0&config=intermediate&openssl=1.1.1&guideline=5.4 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers off; # some apps have underscores in headers. this is apparently disabled by default because of some legacy CGI compat underscores_in_headers on; # dhparams is generated only after dns setup ssl_dhparam /home/yellowtent/platformdata/dhparams.pem; proxy_hide_header Strict-Transport-Security; add_header Strict-Transport-Security "max-age=63072000"; # OCSP. LE certs are generated with must-staple flag so clients can enforce OCSP ssl_stapling on; ssl_stapling_verify on; # https://github.com/twitter/secureheaders # https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix # https://wiki.mozilla.org/Security/Guidelines/Web_Security add_header X-XSS-Protection "1; mode=block"; proxy_hide_header X-XSS-Protection; add_header X-Download-Options "noopen"; proxy_hide_header X-Download-Options; add_header X-Content-Type-Options "nosniff"; proxy_hide_header X-Content-Type-Options; add_header X-Permitted-Cross-Domain-Policies "none"; proxy_hide_header X-Permitted-Cross-Domain-Policies; # See header handling from upstream on top of this file add_header Referrer-Policy $hrp; proxy_hide_header Referrer-Policy; # gzip responses that are > 50k and not images gzip on; gzip_min_length 18k; gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json; # enable for proxied requests as well gzip_proxied any; proxy_http_version 1.1; # intercept errors (>= 400) and use the error_page handler proxy_intercept_errors on; # nginx will return 504 on connect/timeout errors proxy_read_timeout 3500; proxy_connect_timeout 3250; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Ssl on; # upgrade is a hop-by-hop header (http://nginx.org/en/docs/http/websocket.html) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # only serve up the status page if we get proxy gateway errors root /home/yellowtent/box/dashboard/dist; # some apps use 503 to indicate updating or maintenance error_page 502 504 /app_error_page; location /app_error_page { root /home/yellowtent/boxdata; # the first argument looks for file under the root try_files /custom_pages/$request_uri /custom_pages/app_not_responding.html /appstatus.html; # internal means this is for internal routing and cannot be accessed as URL from browser internal; } location @wellknown-upstream { proxy_pass http://172.18.18.9:80; } # user defined .well-known resources location /.well-known/ { error_page 404 = @wellknown-upstream; proxy_pass http://127.0.0.1:3000/well-known-handler/; } # increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; # No buffering to temp files, it fails for large downloads proxy_max_temp_file_size 0; # Disable check to allow unlimited body sizes. this allows apps to accept whatever size they want client_max_body_size 0; location = /appstatus.html { root /home/yellowtent/box/dashboard/dist; } location / { proxy_pass http://172.18.18.9:80; }
}
-
@midway Cloudron package is opensource . So, maybe you can take a look at that one - https://git.cloudron.io/cloudron/peertube-app/ . There is a nginx folder with the config.
-
Sorry for the delay, I was out of town. I do have an nginx reverse proxy in front of it, but I don't see anything in the config would restrict that. It's pretty simple:
server {
server_name tube.midwaytrades.com; location / { proxy_pass https://tube.midwaytrades.com; proxy_set_header Host $host; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/tube.midwaytrades.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/tube.midwaytrades.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = tube.midwaytrades.com) {
return 301 https://$host$request_uri;
} # managed by Certbotserver_name tube.midwaytrades.com; listen 80; return 404; # managed by Certbot
}
I will try to bypass it and see if it makes a difference but if you see anything in there that would mess with that, let me know. Thanks!
-
I think I figured it out. Apparently there's a really low default if you don't explicitly set a max size via client_max_body_size. Setting that explicitly seemed to work.
Thanks folks. Sometimes you just need to bounce stuff off people to get to the right place.