Not finding Admin username and having problem with nginx

Can a mod help me? i can’t write only edit :frowning:

Hey, i’m sorry i do not speak french and therefore don’t know the category this belongs in.

I’ve tried to install peertube a week ago, then it failed when it didn’t want to fork on my vserver, but now it kind of installed.
I’m not professional jet, i’m just super interested in everything open source, so please don’t get too angry when i mess stuff up like i did when i installed collabora office on my vserver in the /opt folder with a vast amount of copy and paste :joy:

My first problem might be smaller: the tutorial doesn’t specify the admin username, it only sais something about the password, i couldn’t find the password in the logs so i set it to something and tried with the admin email once wich didn’t work and was risky because no https seems to work at the moment.
when i try to open my peertube at video.grosskopfgames.de i get nothing and when i try with port 10000 specified in the url i get an error about that it cannot get oauth credentials shown in the bottom right but it opens, so i believe peertube is working :slightly_smiling_face:
This is my nginx config:

  server {
    #if ($host = video.grosskopfgames.de) {
    #    return 301 https://$host$request_uri;
    #} # managed by Certbot
  listen 80;
  listen [::]:80;
  server_name video.grosskopfgames.de;
  access_log /var/log/nginx/video.grosskopfgames.de.access.log;
  error_log /var/log/nginx/video.grosskopfgames.de.error.log;
  location /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location / { return 301 https://$host$request_uri; }
}
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name video.grosskopfgames.de;
  # For example with certbot (you need a certificate to run https)
  ssl_certificate /etc/letsencrypt/live/video.grosskopfgames.de/fullchain.pem; # managed by Certbot
  ssl_certificate_key  /etc/letsencrypt/live/video.grosskopfgames.de/privkey.pem; # managed by Certbot  
  #ssl_certificate      /etc/letsencrypt/live/video.grosskopfgames.de/fullchain.pem;
  #ssl_certificate_key  /etc/letsencrypt/live/video.grosskopfgames.de/privkey.pem;
  # Security hardening (as of 11/02/2018)
  ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  # ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0, not compatible with import-videos script
  ssl_session_timeout  10m;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off; # Requires nginx >= 1.5.9
  ssl_stapling on; # Requires nginx >= 1.3.7
  ssl_stapling_verify on; # Requires nginx => 1.3.7
  # Configure with your resolvers
  # resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
  # resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  access_log /var/log/nginx/video.grosskopfgames.de.access.log;
  error_log /var/log/nginx/video.grosskopfgames.de.error.log;
  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
    add_header Cache-Control "public, max-age=31536000, immutable";
    alias /var/www/peertube/peertube-latest/client/dist/$1;
  }
  location ~ ^/static/(thumbnails|avatars)/(.*)$ {
    add_header Cache-Control "public, max-age=31536000, immutable";
    alias /var/www/peertube/storage/$1/$2;
  }
  location / {
    proxy_pass http://localhost:10000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # Hard limit, PeerTube does not support videos > 4GB
    client_max_body_size 4G;
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
    send_timeout                600;
  }
  # Bypass PeerTube webseed route for better performances
  location /static/webseed {
    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
    limit_rate 800k;
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }
    if ($request_method = 'GET') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      # Don't spam access log file with byte range requests
      access_log off;
    }
    alias /var/www/peertube/storage/videos;
  }
  # Websocket tracker
  location /tracker/socket {
    # Peers send a message to the tracker every 15 minutes
    # Don't close the websocket before this time
    proxy_read_timeout 1200s;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://video.grosskopfgames.de:10000;
  }
}

I have changed port 9000 to 10000 because 9000 is used by php-fpm by default and i believe 10000 is free

sorry about the mess, i know that for not thinking much the docker is great and stuff but my Vserver doesn’t allow virtualisation inside

Does peertube run?

# systemctl status peertube

What is the output of your configuration file? (production.yaml)

1 Like

Peertube is running, it can be reached through the port from the outside at video.grosskopfgames.de:10000

and a cat gives this output (censored the password of course

cat /var/www/peertube/config/production.yaml 
listen:
  hostname: 'video.grosskopfgames.de'
  port: 10000

# Correspond to your reverse proxy "listen" configuration
webserver:
  https: true
  hostname: 'video.grosskopfgames.de'
  port: 443

# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
  - 'loopback'

# Your database name will be "peertube"+database.suffix
database:
  hostname: 'localhost'
  port: 5432
  suffix: '_prod'
  username: 'something'
  password: 'something'

# Redis server for short time storage
redis:
  hostname: 'localhost'
  port: 6379
  auth: null
  db: 0

# SMTP server to send emails
smtp:
  hostname: null
  port: 465 # If you use StartTLS: 587
  username: null
  password: null
  tls: true # If you use StartTLS: false
  disable_starttls: false
  ca_file: null # Used for self signed certificates
  from_address: 'admin@grosskopfgames.de'

# From the project root directory
storage:
  avatars: '/var/www/peertube/storage/avatars/'
  videos: '/var/www/peertube/storage/videos/'
  logs: '/var/www/peertube/storage/logs/'
  previews: '/var/www/peertube/storage/previews/'
  thumbnails: '/var/www/peertube/storage/thumbnails/'
  torrents: '/var/www/peertube/storage/torrents/'
  cache: '/var/www/peertube/storage/cache/'

log:
  level: 'info' # debug/info/warning/error


###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube.
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\.
#
###############################################################################

cache:
  previews:
    size: 100 # Max number of previews you want to cache

admin:
  email: 'some mail'

signup:
  enabled: false
  limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
  filters:
    cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
      whitelist: []
      blacklist: []

user:
  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
  # -1 == unlimited
  video_quota: -1

# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
  enabled: true
  threads: 1
  resolutions: # Only created if the original video has a higher resolution, uses more storage!
    240p: false
    360p: false
    480p: false
    720p: false
    1080p: false

# Instance settings
instance:
  name: 'Peertube'
  short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
  description: '' # Support markdown
  terms: '' # Support markdown
  default_client_route: '/videos/trending'
  # By default, "do_not_list" or "blur" or "display" NSFW videos
  # Could be overridden per user with a setting
  default_nsfw_policy: 'do_not_list'
  customizations:
    javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
    css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
  # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
  robots: |
    User-agent: *
    Disallow: ''

services:
  # Cards configuration to format video in Twitter
  twitter:
    username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
    # If true, a video player will be embedded in the Twitter feed on PeerTube video share
    # If false, we use an image link card that will redirect on your PeerTube instance
    # Test on https://cards-dev.twitter.com/validator to see if you are whitelisted
    whitelisted: false

your nginx reverse proxy is on the same machine than peertube? if yes what is the curl output of localhost:10000?

maybe you’ll find interesting info in /var/log/nginx/video.grosskopfgames.de.error.log; ?

1 Like

oh, yes it is on the same machine but i cannot connect to it with curl, it sais

Failed to connect to localhost port 10000: Connection refused

and i get similar errors in the error log:

connect() failed (111: Connection refused) while connecting to upstream, client: 62.210.36.24, server: video.grosskopfgames.de, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:10000/", host: "video.grosskopfgames.de"

what is causing this?

aah when i use curl on the url, it goes through but i cannot connect to localhost

it seems like i cannot answer anymore, bots think i’m spamming @Chocobozzz what can i do about that? You are an administrator right?
Btw. I changed it to localhost, reinstalled it because of the no-hostname-change policy, nginx points it’s proxys at http://localhost:10000, curl works, the request goes through at the url, no error message but i get a blank page, once i also get this error:
SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET in firefox

@yostral i recieved an automated message in french, i think it was about that but i sadly can’t answer, thank you for checking anyhow :slight_smile: hope it will work again soon :slight_smile:

In your config file, let ‘localhost’ in hostname

1 Like

@grosskopfgames : you should be able to answer and write new posts now :slight_smile:

1 Like

yess, i’m able to answer again :smiley: had to create a new account

hey, i have reinstalled peertube as it was broken after an update :confused: now i have this in the peertube configs:

listen:
  hostname: 'localhost'
  port: 10000

# Correspond to your reverse proxy server_name/listen configuration
webserver:
  https: true
  hostname: 'video.grosskopfgames.de'
  port: 443

# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
  - 'loopback'

# Your database name will be "peertube"+database.suffix
database:
  hostname: 'localhost'
  port: 5432
  suffix: '_prod'
  username: 'working username'
  password: 'working password'
  pool:
    max: 5

# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# comment out hostname and port
redis:
  hostname: 'localhost'
  port: 6379
  auth: null
  db: 0

# SMTP server to send emails
smtp:
  hostname: null
  port: 465 # If you use StartTLS: 587
  username: null
  password: null
  tls: true # If you use StartTLS: false
  disable_starttls: false
  ca_file: null # Used for self signed certificates
  from_address: 'peertube@grosskopfgames.de'

# From the project root directory
storage:
  avatars: '/var/www/peertube/storage/avatars/'
  videos: '/var/www/peertube/storage/videos/'
  logs: '/var/www/peertube/storage/logs/'
  previews: '/var/www/peertube/storage/previews/'
  thumbnails: '/var/www/peertube/storage/thumbnails/'
  torrents: '/var/www/peertube/storage/torrents/'
  captions: '/var/www/peertube/storage/captions/'
  cache: '/var/www/peertube/storage/cache/'

log:
  level: 'info' # debug/info/warning/error

search:
  remote_uri: # Add ability to search remote videos/actors by URI, that may not be federated with your instance
    users: true
    anonymous: false

trending:
  videos:
    interval_days: 7 # Compute trending videos for the last x days

###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube.
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\.
#
###############################################################################

cache:
  previews:
    size: 500 # Max number of previews you want to cache
  captions:
    size: 500 # Max number of video captions/subtitles you want to cache

admin:
  email: 'peertube@grosskopfgames.de'

signup:
  enabled: false
  limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
  requires_email_verification: false
  filters:
    cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
      whitelist: []
      blacklist: []

user:
  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
  # -1 == unlimited
  video_quota: -1
  video_quota_daily: -1

# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
  enabled: true
  threads: 1
  resolutions: # Only created if the original video has a higher resolution, uses more storage!
    240p: false
    360p: false
    480p: false
    720p: false
    1080p: false

import:
  # Add ability for your users to import remote videos (from YouTube, torrent...)
  videos:
    http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
      enabled: false
    torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
      enabled: false

# Instance settings
instance:
  name: 'PeerTube'
  short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
  description: '' # Support markdown
  terms: '' # Support markdown
  default_client_route: '/videos/trending'
  # By default, "do_not_list" or "blur" or "display" NSFW videos
  # Could be overridden per user with a setting
  default_nsfw_policy: 'do_not_list'
  customizations:
    javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
    css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
  # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
  robots: |
    User-agent: *
    Disallow: ''
  # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string.
  securitytxt:
    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"

services:
  # Cards configuration to format video in Twitter
  twitter:
    username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
    # If true, a video player will be embedded in the Twitter feed on PeerTube video share
    # If false, we use an image link card that will redirect on your PeerTube instance
    # Test on https://cards-dev.twitter.com/validator to see if you are whitelisted
    whitelisted: false

and in nginx:

server {
  listen 80;
  listen [::]:80;
  server_name video.grosskopfgames.de;
  access_log /var/log/nginx/video.grosskopfgames.de.access.log;
  error_log /var/log/nginx/video.grosskopfgames.de.error.log;
  location /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location / { return 301 https://$host$request_uri; }
}
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name video.grosskopfgames.de;
    ssl_certificate /etc/letsencrypt/live/video.grosskopfgames.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/video.grosskopfgames.de/privkey.pem; # managed by Certbot
  #ssl_certificate      /etc/letsencrypt/live/video.grosskopfgames.de/fullchain.pem;
  #ssl_certificate_key  /etc/letsencrypt/live/video.grosskopfgames.de/privkey.pem;
  ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_session_timeout  10m;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off; # Requires nginx >= 1.5.9
  ssl_stapling on; # Requires nginx >= 1.3.7
  ssl_stapling_verify on; # Requires nginx => 1.3.7
  gzip on;
  gzip_types text/css text/html application/javascript;
  gzip_vary on;
  access_log /var/log/nginx/video.grosskopfgames.de.access.log;
  error_log /var/log/nginx/video.grosskopfgames.de.error.log;
  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/certbot;
  }
  location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
    add_header Cache-Control "public, max-age=31536000, immutable";
    alias /var/www/peertube/peertube-latest/client/dist/$1;
  }
  location ~ ^/static/(thumbnails|avatars)/ {
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    # Cache 2 hours
    add_header Cache-Control "public, max-age=7200";
    root /var/www/peertube/storage;
    rewrite ^/static/(thumbnails|avatars)/(.*)$ /$1/$2 break;
    try_files $uri /;
  }
  location / {
    proxy_pass http://localhost:10000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # Hard limit, PeerTube does not support videos > 8GB
    client_max_body_size 8G;
    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
    send_timeout                600;
  }
  location /static/webseed {
    # Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
    limit_rate 800k;
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }
    if ($request_method = 'GET') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      # Don't spam access log file with byte range requests
      access_log off;
    }
    alias /var/www/peertube/storage/videos;
 }
  location /tracker/socket {
    # Peers send a message to the tracker every 15 minutes
    # Don't close the websocket before this time
    proxy_read_timeout 1200s;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://localhost:10000;
  }
}

curl gets something back from my desktop and from the server but i still get SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET in firefox, SSL errors in Chrome and over port 10000 i can reach the site but the oauth credentials error is still shown in the bottom right, i forgot, how do i go from here? can you help me another time? :slight_smile:

in journalctl -u peertube this happens when i try to access the page:

Okt 01 18:02:28 h2694058.stratoserver.net peertube[633]: [video.grosskopfgames.de:443] 2018-10-01 18:02:28.203 info: 141.99.0.0 - - [01/Oct/2018:16:02:28 +0000] “GET / HTTP/1.0” 200 2911 “-” “Firefox”

in nginx the proxy points to localhost jet it tries to access over lan and that fails because peertube expects communication from localhost am i right with this suspection?

i updated everything to the current version (v1 rc1) but i didn’t find the solution so far :frowning:

still no news on rc2, is there anyone that could share their configs so i can diff them? i don’t get what i’m doing wrong

it was solved with https://community.letsencrypt.org/t/errors-from-browsers-with-ssl-session-tickets-off-nginx/18124/5

1 Like

tldr: if you have multiple sites enabled in nginx and some have ssl_session_ticket set to on or even just not set at all then some browsers (propably not internet explorer but everyone else propaby) enable session tickets for everything, dunno if bug or feature but sucks a lot