Configuring S3 Minio for Peertube

PeerTube
1

Hi! Help to set up Minio and Peertube correctly.

On a local network on a separate server, I configured Minio as Standalone. Everything works for me, and TLS is also configured.
This server is fully accessible on the Internet, here is the link https://s3.ustim.ru
I have created a public Bucket and a user with read/write rights.

The Peertube configuration file is configured as follows:

object_storage:
  enabled: true

  # Without protocol, will default to HTTPS
  endpoint: 's3.ustim.ru' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example

  region: 'ru-sochi-1'

  # Set this ACL on each uploaded object
  upload_acl: 'public-write'

  credentials:
    # You can also use AWS_ACCESS_KEY_ID env variable
    access_key_id: 'username'
    # You can also use AWS_SECRET_ACCESS_KEY env variable
    secret_access_key: 'XXXXXXXX'

  # Maximum amount to upload in one request to object storage
  max_upload_part: 2GB

  streaming_playlists:
    bucket_name: 'video.ustim'

    # Allows setting all buckets to the same value but with a different prefix
    prefix: 'streaming-playlists/' # Example: 'streaming-playlists:'

    # Base url for object URL generation, scheme and host will be replaced by this URL
    # Useful when you want to use a CDN/external proxy
    base_url: '' # Example: 'https://mirror.example.com'

  # Same settings but for webtorrent videos
  videos:
    bucket_name: 'video.ustim'
    prefix: 'videos/'
    base_url: ''

I also tried to add NGINX to the configuration file

    # Use this in tandem with fuse-mounting i.e. https://docs.joinpeertube.org/#/admin-remote-storage
    # to serve files directly from a public bucket without proxying.
    # Assumes you have buckets named after the storage subdirectories, i.e. 'videos', 'redundancy', etc.

    set $cdn https://s3.ustim.ru/;
    rewrite ^/static/webseed/(.*)$ $cdn/videos/$1 redirect;
    rewrite ^/static/(.*)$         $cdn/$1        redirect;

When I add a video, after processing it is moved to S3 storage. But when I run the video in the instance, the video doesn’t work. Here is the result

Скриншот 27.07.22_08.45.52
Скриншот 27.07.22_08.45.521607×740 135 KB

Скриншот 27.07.22_08.47.26
Скриншот 27.07.22_08.47.261626×743 119 KB

2

Hello,

You need to configure minio to use the virtual host bucket style. Path request style is not supported: https://github.com/Chocobozzz/PeerTube/issues/4455

3

For Mini, I have these settings, I also made a proxy for the basket

server {
  listen 80;
  listen [::]:80;
  server_name s3.ustim.ru;

  location /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name s3.ustim.ru;

# To allow special characters in headers
 ignore_invalid_headers off;
 # Allow any size file to be uploaded.
 # Set to a value such as 1000m; to restrict file size to a specific value
 client_max_body_size 0;
 # To disable buffering
 proxy_buffering off;

 location / {
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;

   proxy_connect_timeout 300;
   # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   chunked_transfer_encoding off;

   proxy_pass http://192.168.1.15:34283; # If you are using docker-compose this would be the hostname i.e. minio

   # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
   # /minio/health/live;
 }

 # Proxy requests to the bucket "photos" to MinIO server running on port 9000
 location /video.ustim/ {
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;

   proxy_connect_timeout 300;
   # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   chunked_transfer_encoding off;

   proxy_pass http://192.168.1.15:9000;
 }


  ##
  # Certificates
  # you need a certificate to run in production. see https://letsencrypt.org/
  ##
  ssl_certificate     /etc/letsencrypt/live/s3.ustim.ru/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/s3.ustim.ru/privkey.pem;

  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }
}