Certificates with Wasabi S3

I am new to PeerTube and I already love it!

I am installing a PeerTube server on an IONOS VPS connected to Wasabi S3 to store the videos using your remote-storage documentation. I am not using a CDN at this time, because it is more than I need for my small installation.

Here’s what works:

  1. My PeerTube instance opens in a browser securely (https://stream.agardenwalk.net)
  2. Login and configuration is successful.
  3. Video upload works perfectly (storing it on the IONOS server)
  4. Video playback from IONOS server.
  5. Trans-coding and transfer to Wasabi S3 works perfectly as well.

Here’s what doesn’t work: Easy playback of trans-coded (HLS) video from Wasabi S3 bucket.

Here’s what I’ve tested and learned:

  • The video playback just « spins. »
  • The log file reads "HLS.js error: networkError - fatal: true - manifestLoadError "

I was able to get the video to playback by attempting to download the video. My browser warned me that it was « unsafe » because the certificate did not match. I moved forward anyway and it added an exception to the browser that allowed videos to play back from that point on.

The exception was for the following site:

Obviously, I cannot expect our end users to add this exception to their browsers. (It worked the same way in Chrome, Firefox, and Brave.) Is there something I can fix in my settings?

Thank you for creating such a great product and for your help with this.


Can you paste your object storage configuration?

It won’t let me paste it here because I am new an there are more than two URLs in the config.
Can you read this image?

It seems you managed to fix your configuration as the videos play correctly now, what did you do?

Since you asked for my configuration information, I started testing different values.
It started working when I treated the Wasabi S3 like it was its own CDN. I changed the « base_url » parameter to point directly to the video storage bucket.

It looks like this now:
base_url: ‹ https://s3.us-east-1.wasabisys.com/[name of bucket removed for security] ›

I’m only using hls streaming right now, but I entered this under both the streaming_playlists (for hls) and videos (for webtorrent videos) in case I change my mind and start using webtorrent later.

Is this a valid solution?
Does it undermine the security you have programmed, or does it still respect your code?

I think it’s fine!

Excellent! Thank you!

Just to offer help for anyone else using a similar configuration,
here are the support pages for Wasabi S3 file access that helped me figure this out:

How to access a Wasabi public file:

Service URLs for different Wasabi regions:


Do you mean that IONOS VPS is already connected to Wasabi S3? Or do you set it up yourself?

I wish to use Wasabi Storage too. Can you please share if you know what shall I do?

I set it up myself using the Peertube Documentation for using Remote Storage (S3).
The documentation tells you what changes to make in the PeerTube configuration file.
I used the settings you can see above in my May 29 post.
I ended up changing that configuration to include a different base_url as described on my May 30 post.
My May 31 post gives you the Wasabi documentation that can help you with your region.
Hope that helps!

Thanks very much for your reply.

I have made new changes according to your posts.

I did not use live stream. Will the videos get uploaded to Wasabi after trancoding? I still cannot find any files uploaded to wasabi.

Below is the configuration:

I just covered the keys and bucket name.

In terms of the How do I map a Wasabi public file(s) to a web site?, I read it. But I still have no ideas what shall I do. Do you mind offer me some instruction, please?

By the way, I also mentioned what I did to my wasabi settings in this post. Would you please take a look, and see if I did the right thing?

It looks good so far from what I can tell.

The « How do I map a Wasabi public file(s) to a web site? » post simply gave me the information that I used in the « base_url » parameter. It looks like you put that in your configuration file the way it worked for me.

In my setup, this is what happens:

  1. An uploaded file is stored in my server’s local storage system
  2. The file is transcoded using the settings I put in Administration/Configuration/VOD Transcoding (in the web-browser tool).
  3. After each new file is created, it is uploaded to S3.

@Chocobozzz did a great job of giving us tools for troubleshooting that whole process. Those tools are located (also in the web-broswer tool) under Administration/System.
Jobs - This shows you each job that is spawned, its progress as it is running, and whether it successfully completed or not.
Logs - This gives you all the details about behind the scenes for those processes. It is very helpful in tracking down what did not work and why.
Debug - This gives your server’s public IP address so you can track down any firewall and other security issues. I did not need to do anything with this page as I was setting up my system with Wasabi S3.

I would recommend checking the Jobs and Logs pages during and after a video upload. This will help you find out what parts worked and what did not.

Thanks very much for taking your time and check my settings.

Yes. I believe the first two steps went well. It just doesn’t uploaded to S3.

In terms of the knowing what’s going on.

Below is the screenshots of local Jobs. I don’t see anything related to uploading to Wasabi. But I did enabled the remote storage in the yaml file(from the screenshot in my previous reply).

In terms of logs, it says,

No log.

Debug -

IP address

PeerTube thinks your web browser public IP is 204.XXX.XXX.XXX

which is right.

I cannot see why it doesn’t get uploaded.

Did you find any help from Wasabi? I asked them this question, and they send me a few links, and let me to find some one to write the script. I don’t think I can get the support I need from them.

I’d make changes to the logs filter to try to get more details.

It defaults to the Last Hour, but you can select Last Hour, Last Day, or Last Week.

In addition, it allows you to look at levels of problem
debug=all details for everything including things that worked properly,
info=basic information for everything including what worked properly,
warning=won’t necessarily stop processing but merits your attention,
error=something didn’t complete and the reason

Also, make sure you’re looking at the Standard Logs, not the Audit Logs.

You should have a bunch of information in the log files.

Wasabi did not help me personally. I ended up reading their documentation and searching the internet for things on their side.

I did go into the settings of my bucket (3 dots, then a settings icon) and clicked on POLICIES.
This is the code I used:
Wasabi - PeertubePolicy

I don’t think this helped with the upload part. I’m pretty sure it only helped with the playback after it was already uploaded

I did make sure the account I used for authorization to my Wasabi bucket had read/write access. I tested that separately to make sure I had the Wasabi security correct.

Thanks very much for sharing your setting, and checking my issue.

I have be able to contact Wasabi support. And the technical support also checked my production.yaml file(the object storage section).

Above is the screenshot, just in case if anyone who may want to use Wasabi storage.

I also checked with Wasabi people that we don’t need to set up CORS, as mentioned in here.

However, the Wasabi side doesn’t receive any upload, there was one successful get from my browser not from peertube site. And no error logs.

May I check with you @gwm_admin
Correct me if I am wrong. I believe if I have enable to the object storage(enabled:true), then it will show « upload » in the log. Can you see that in your log?

@Chocobozzz If I may tag you here.

Would you please help me look into this? I also see other people mentioned they have used Wasabi storage for their peertube site. However, I don’t know what’s wrong with my peertube site.

I have checked with the Wasabi technical support, and I can upload files to the bucket using the same credentials. I cannot afford Amazon or Backblaze.

Would you please help me to use Wasabi storage?

I checked my Jobs list and it has a filter called move-to-object-storage.
I do have completed jobs on that list.

I checked my Logs list with the debug filter on it.
It did have details about the upload, starting with, for example:
info[7/27/2023, 9:28:19 PM] Moving video 0a3b447c-005b-4978-8dee-f0343d4632ec in job 5.

I looked at your production.yaml one more time next to mine. I found three differences:

  1. upload_acl:
    public :'' # I do not have the word 'null' - just two single quotes with no space between them.
    private:'' # I do not have the word 'null' - just two single quotes with no space between them.
  2. streaming_playlists:
    prefix: 'hls/' # I have an actual prefix name here, followed with a / at the end of the name.

I seem to remember the word null causing an issue under the upload_acl, but I don’t remember for sure.

Hope this helps!

Thanks very much.

Here are what I found:

I do have move-to-object-storage on my logs lists with info filter.

It says, it delays?

Then in the Jobs list it says, No move-to-object-storage jobs found.

I have been make changes in the yaml files. Still no files were uploaded in my bucket. :roll_eyes:

Thank YOU very much for taking time to help me. I will continue to change the credentials. I hope I will be able to make it right soon.

hi @Chocobozzz and @JohnLivingston May I ask you two. Why there is move-to-object-storage on my logs but no mention of move-to-object-storage job in the jobs list?

1 Like

hi, I just been told from Wasabi.

Unfortunately, Public Access is only allowed for CDN use cases.
This policy is the same for Amazon S3 as well as Wasabi.

PS: This has been changed starting March 13th 2023 - For more information, please refer to this article.

Being a Paid Customer is not a necessary condition to have public access anymore.
Also, please note that Wasabi is primarily designed as a backup storage solution, and not meant for hosting related activities.
However, it is possible to generate a URL that allows direct access to the object data stored in Wasabi from the outside for 7 days by using the pre-signed URL functionality that we have provided in our previous email.

And after check this guide:

How do I use Cloudflare with Wasabi?

I figured that’s why you use your domain as your bucket name. I noticed that in the past and also made some changes.

However, do you use any CDN with hosting your video? If I understand correctly, it means that public access of the files restored in the bucket is impossible.

Did you set up CDN for Wasabi? I follow the above Cloudflare guide, I still cannot access Wasabi Storage. That’s been said, I haven’t been able to connect Wasabi with my Peertube site. I check the connection of Wasabi using Wordpress site. Just to make sure my credentials are correct.

I have to say, I am a bit disappoint with the support I can get from using Peertube. I thought a lot of people are using PeerTube. Or maybe it just me.

Thanks for sharing. I just came across with this.

After I added the similar codes( replaced with my bucket name), it says,

Public Access to your buckets is currently disabled. Please visit https://docs.wasabi.com/docs/public-access-enabledisable for more information.

Does your buckets shows the same notification?

Bucket name in the base_url is crucial for the video playback after it uploaded to Wasabi. My peertube site can finally upload and play from Wasabi storage. Thank you!