Peertube and S3/Minio Objectstorage

scooke

I recently discovered how to host media from my Cloudron-hosted Mastodon instance on my Minio instance (non-Cloudron), and it works great. So I started exploring what else I can use my Minio storage for, and found a plugin for Wordpress, , that also works well. So now, I'm trying to see how to use it for Peertube, which apparently can use objectstorage. I've found the following links with sample yaml files, but I haven't been able to get it working on my own Cloudron-hosted Peertube instance. Has anyone else had success?

https://docs.joinpeertube.org/admin-remote-storage

https://framacolibri.org/t/redundancy-videos-not-able-to-use-object-storage/14668

https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/config/custom-environment-variables.yaml#L24

https://github.com/Chocobozzz/PeerTube/blob/develop/config/production.yaml.example

https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/config/production.yaml

https://framagit.org/framasoft/peertube/PeerTube/-/blob/c342726ad4ccbb90b8ff29f1cc1c89f9f7e8d98f/config/production.yaml.example

awnzky

@scooke just open and edit production.yaml with cloudron file manager. i am already use idrive e2. its worked.

add this, and make sure set enabled: true
PeerTube does not support path request style, its only support virtual host style requests.

object_storage:
  enabled: false

  # Without protocol, will default to HTTPS
  endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example

  region: 'us-east-1'

  # Set this ACL on each uploaded object
  upload_acl: 'public'

  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: ''
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: ''

  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB

  streaming_playlists:
    bucket_name: 'streaming-playlists'

    # Allows setting all buckets to the same value but with a different prefix
    prefix: '' # Example: 'streaming-playlists:'

    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: '' # Example: 'https://mirror.example.com'

  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'videos'
    prefix: ''
    base_url: ''

scooke

@awnzky Super, thank you for answering. Four more questions which I think you can help with.

For endpoint:, do I use https://minio.example.com:9000, or minio.example.com:9000? (For a S3/Minio Wordpress plugin Media Cloud, which I mention again below, the custom endpoint includes the https://, but the suggested entry here leaves out the https://.

A detail all the links I shared left out is where exactly does this object_storage: go in relation to the already-existing storage: settings?

Under object_storage: there are two settings for video and streaming-playlists. These are initially under storage: So, do I insert the object_storage: section before storage:? And if so, do I then delete or comment out the two video and streaming-playlists settings that are already under storage:? Or do I leave everything uder storage: as-is?

Finally, for the base_url:, is that my minio url with, or without, the :9000? I ask this because I set up a Wordpress plugin, Media Cloud, so that my WP site could also use my Minio (and it all works), and the url for the uploaded media in this case includes :9000/bucket_name.

Thank you again!

awnzky

@scooke
iam already try using contabo. it's does not work. contabo not support virtual host style, sorry for my bad english.
its my working config. insert after storage section.
if have an error you can check the logs from peertube administration. make sure minio support virtual host style requests
https://github.com/Chocobozzz/PeerTube/issues/4455
example vhost style like this : yourbucket.sin1.contabostorage.com
path style : sin1.contabostorage.com/a808f6dce2514fba8eeb68596724ddd1:yourbucket

object_storage:
  enabled: true
  # Without protocol, will default to HTTPS
  endpoint: 'e4u6.la11.idrivee2-5.com' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
  region: 'us-la'
  # Set this ACL on each uploaded object
  upload_acl: ''
  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: 'secret'
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: 'secret'
  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB
  streaming_playlists:
    bucket_name: 'peertube'
    # Allows setting all buckets to the same value but with a different prefix
    prefix: 'streaming-playlists/' # Example: 'streaming-playlists:'
    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: 'https://peertube.e4u6.la11.idrivee2-5.com' # Example: ''
  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'peertube'
    prefix: 'videos/'
    base_url: 'https://peertube.e4u6.la11.idrivee2-5.com'

scooke

@awnzky said in Peertube and S3/Minio Objectstorage:

its my working config. insert after storage section.

Great, thank you!
And do I also delete or comment out the video and streaming-playlist sections under storage;? I mean, it seems like that would make sense, but you never know!

Did you delete video and streaming-playlist sections under storage;?

awnzky

@scooke no need delete or edit under storage section..

girish

@scooke said in Peertube and S3/Minio Objectstorage:

Finally, for the base_url:, is that my minio url with, or without, the :9000?

Should be without 9000. On Cloudron, there are two separate domains - one for the UI and another for the API. The UI domain is just to access the web console. The API domain is what responds to s3 requests and this is what you want to put as config in other apps.

The domains internally forward to minio's ports. Documented now in https://docs.cloudron.io/apps/minio/#domains

scooke

@girish I'm not sure if what you shared applies to my situation since my Minio is self-hosted on another non-Cloudron VPS. But I'm reading it anyway a few times as all these concepts slowly get understood by me.

girish

@scooke aha.. ignore my response Mine was for a minio hosted on cloudron.

scooke

Sadly, this is STILL not working for me. I've tried EVERY combo but it keeps failing at the point of uploading the video to my Minio. Here is the error with an explanation:

peertube.example.com - this is the domain of Peertube instance on Cloudron
peertube-miniobucket- this is the name of the bucket on my Minio I'm using
minio.myserver.com - this is the domain of my Minio instance elsewhere

[peertube.example.com:443] 2022-06-22 16:36:33.539 error: Cannot move video https://peertube.example.com/videos/watch/a8be4cf6-0004-4522-b38d-bc67dfb8d0c1 to object storage. {
Jun 22 18:36:33 "err": {
Jun 22 18:36:33 "stack": "Error: getaddrinfo ENOTFOUND peertube-minobucket.minio.myserver.com\n at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)",
Jun 22 18:36:33 "message": "getaddrinfo ENOTFOUND peertube-miniobucket.minio.myserver.com",
Jun 22 18:36:33 "errno": -3008,
Jun 22 18:36:33 "code": "ENOTFOUND",
Jun 22 18:36:33 "syscall": "getaddrinfo",
Jun 22 18:36:33 "hostname": "peertube-miniobucket.minio.myserver.com",
Jun 22 18:36:33 "$metadata": {
Jun 22 18:36:33 "attempts": 1,
Jun 22 18:36:33 "totalRetryDelay": 0
Jun 22 18:36:33 }
Jun 22 18:36:33 }
Jun 22 18:36:33 }

For some bizarre reason it seems to be PREPENDING the bucket name to the Minio domain. I've even made a new DNS entry for peertube-miniobucket.minio.myserver.com, just in case. But that didn't make a difference.

Here is my production.yaml:

object_storage:
  enabled: true
  # Without protocol, will default to HTTPS
  endpoint: 'minio.myserver.com:9000' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
  region: 'fr-rbx-5'
  # Set this ACL on each uploaded object
  upload_acl: 'public'
  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: 'acess_key'
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: 'secret_key'
  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB
  streaming_playlists:
    bucket_name: 'peertube-miniobucket'
    # Allows setting all buckets to the same value but with a different prefix
    prefix: 'streaming-playlists/'
    # Example: 'streaming-playlists:'
    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: 'https://minio.myserver.com/buckets/'
  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'peertube-miniobucket'
    prefix: 'videos/'
    base_url: 'https://minio.myserver.com/buckets/'

For base_url I've tried every combo of minio.myserver.com, minio.myserver.com:9000, with the /buckets, or /peertube-miniobucket, or even commenting it out.

For endpoint I've also tried with or without https:// and with and without the :9000.

I had to do alot of this kind of fiddling with my Minio and my Mastodon, but it only took about 10-15 minutes to get it working with the correct combo of details. But this. THIS is taking forever!

Can anyone help?

girish

@scooke said in Peertube and S3/Minio Objectstorage:

"stack": "Error: getaddrinfo ENOTFOUND peertube-minobucket.minio.myserver.com

It says minobucket and not miniobucket . Or is this a copy/paste error ?

scooke

@girish yeah, just a copy paste error here. Good eye!

girish

@scooke The ENOTFOUND means things are failing at DNS level. So, I am going to take a guess of what is happening here.

In S3 object storage, buckets are accessed as "bucket.minio.blah.com" . Notice how the bucket name is part of the domain name. This means that you have to add that in your DNS.

To give more context, S3 "protocol" has two ways to access buckets. The so called prefix style which is like minio.blah.com/bucket and so called subdomain style which bucket.minio.blah.com . The former prefix style was "deprecated" by AWS and most S3 compatible providers have moved to this subdomain style as well.

AFAIK, minio does not support the subdomain style. So, maybe peertube object storage does not even work with minio and only works with the "cloud" s3 providers. I was wrong about this. Please see https://docs.min.io/docs/minio-server-configuration-guide.html (the 'Domain' section) and that should most likely fix your problem.

girish

@scooke This offers a better explanation of this path style vs virtual host style - https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/

scooke

Well, thank you @girish for your help. I don't know what to do. I've made an A record for bucketname.minio.myserver.com, and pinging it shows it is reachable. I've even used certbot to generate a certificate for it. I still get the same error.

So, this is something within Peercode then, right? Because I have not had near the same kinds of problems with using my Minio with either Wordpress sites or Mastodon. I just punch in the right deets and it works. Not so with Peertube.

So I wonder how @awnzky has theirs working?? Or did he say he doesn't have it working?

girish

@scooke an idea might be to first test with a cloud S3 provider.

scooke

@girish I got it. THANK YOU.

I'm going to rewrite the steps in the way that helped click for me. In a nutshell, I didn't realize that I needed to enter the bucket name within the base_url config ( virtual-hosted style). The error messages WERE telling me what the problem was, and you were pointing me in the right direction, I just didn't comprehend it.

IF
peertube.example.com - this is the domain of Peertube instance on Cloudron
peertube-miniobucket- this is the name of the bucket on my Minio
minio.myserver.com - this is the domain of my Minio instance elsewhere

THEN in production.yaml:

object_storage:
  enabled: true
  # Without protocol, will default to HTTPS
  endpoint: 'https://minio.myserver.com:9000' #I entered https:// anyway.
  region: 'fr-rbx-5' # This is my own made-up region entered in Minio
  # Set this ACL on each uploaded object
  upload_acl: 'public'
  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: 'acess_key'
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: 'secret_key'
  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB
  streaming_playlists:
    bucket_name: 'peertube-miniobucket'
    # Allows setting all buckets to the same value but with a different prefix
    prefix: 'streaming-playlists/'
    # Example: 'streaming-playlists:'
    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: 'https://peertube-miniobucket.minio.myserver.com/'
  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'peertube-miniobucket'
    prefix: 'videos/'
    base_url: 'https://peertube-miniobucket.minio.myserver.com/'

For this to work I did have to make a new A Record of peertube-miniobucket.minio.myserver.com.

Then, I had to regenerate the cert using sudo certbot certonly --standalone -d minio.myserver.com -d peertube-miniobucket.minio.myserver.com. The first time I did this I ran it only for the new subdomain. PLUS, since this is --standalone, I forgot to copy the certs to where Minio looks for them. So, having regenerated a new cert with the two domains in it, I could then do:

sudo cp /etc/letsencrypt/live/minio.myserver.com/fullchain.pem /etc/minio/certs/public.crt
and
sudo cp /etc/letsencrypt/live/minio.myserver.com/privkey.pem /etc/minio/certs/private.key (note that even thought the new cert had only the main domain in it's name, both domains were expanded into the new cert.)

Then,

sudo chown minio-user:minio-user /etc/minio/certs/public.crt
sudo chown minio-user:minio-user /etc/minio/certs/private.key

And finally, sudo systemctl restart minio.

**https://vegastack.com/tutorials/how-to-set-up-an-object-storage-server-using-minio-on-ubuntu-18-04/ was super helpful with the cert work.

What threw me the first time was thinking @awnzky's base_url: 'https://peertube.e4u6.la11.idrivee2-5.com' was their Minio domain. I didn't realize that the peertube was the ALSO the bucket name. I also thought that the software was putting the domain together by itself, somehow magically.

So, all this time spent simply because I didn't realize the bucket name has to be part of the base_url in the yaml file. Thank you @girish and @awnzky . Hopefully my write-up can help others with a mind like mine.

scooke

@scooke Well, I'm getting ahead of myself. I've managed to set it up to upload to my Minio... but now there is a problem with playback. As in, the video doesn't playback. When I try to download it, the initial link says https://peertube.example.com/download/videos/longfilename.mp4 but then starting the download results in a failed white screen saying that the following can't be reached, https://peertube-miniobucket.minio.myserver.com/peertube-miniobucket/videos/longfilename.mp4 .

The documentation I find online seems conflicting - some say Peertube doesn't work with S3, others say yes, and still a third says "yes but with a CDN directive". So I'm off to see what I can find out.

girish

@scooke Try unsetting base_url and see if that works. I think base_url is for CDN setups which requires additional configuration - https://docs.joinpeertube.org/admin-remote-storage?id=cache-server . In a CDN setup, the video is served to the browser straight from minio (as opposed to browser -> peertube -> minio).

scooke

@girish Holy smokes. That did it. I just # commented out those two base_url lines, restarted the app, and now the upload works, and the download.

Now, I thought I had reached a similar point before, but I think what I had missed was copying the new cert to the proper directory. Thus, it wasn't working.

Now, it is. You sir are a magician.