Proxy Environment Variables

Peertube allows us to eg allow import with HTTP URL (e.g. YouTube) or allow channel synchronization with channel of other platforms like YouTube (requires allowing import with HTTP URL)

How does one go about setting up the http proxy?

1 Like

1 Like

How does one go about setting up the http proxy?

I would like to know as well.

My questions are:

  1. In this context, does HTTP really mean HTTP(S)? Or are we doing all this just for unencrypted communications?

  2. Are there paid proxy solutions?

  3. Is squid an example of what I should use?

  4. Can I run squid on the same virtual machine as PeerTube? Or does it have to be on a machine with a different IP?

  5. @JohnLivingston kindly explains here that private URLs refer to internal paths on the webserver. To be clear, this means « private URLs » have nothing to do with videos listed as private?

Both.

Yes, but there are a lot of Free and Open Source solutions.

Yes, it can. But the caching part of squid is useless here.

Nothing to do with private videos.

I realize i missed a use case in the previous response.

Imagine your server is on a private network (at your home if self-hosting, in a private network in the datacenter, …). So, there might be some computers accessible only by private IP. So, a malicious actor could try to send request to these IP using the various Peertube functionnalities which sends request.

For example by entering http://192.168.0.23/whatever/something in the import functions.

Or even if there is no private network, maybe you have some monitoring services that are accessible on localhost on your Peertube server. For example, tools like monit could listen http request on a localhost port.

This is why it is suggested to install a proxy. A proxy is just a little server that forwards http(s) requests.
The idea is to either:

  • install a proxy on a separate computer that does nothing else (and has no local service, and no private network access)
  • or install a proxy on the Peertube server, that will ensure there is no request to localhost or private IP (this means it has to be configured so)

There is no one-for-all answer to the question « how do i install a proxy for Peertube ». It really depends on your setup. It is an sys admin job to evaluate the risk, and choose the solution.
If your Peertube is the only service on the server, and is not part of a local/private network, you can probably ignore this step.

2 Likes

In case it is still not clear, here is an example of attack.

You are self-hosting Peertube at your home. Your server is on your local network.
You also have a NAS, with private family video. This NAS serves your private videos throught http (with a media center software). The NAS is not accessible to the internet.

An attacker could try to use the synchronize channel feature, to import all your private videos on your Peertube server, so he can download them.

This is just one example, first that came in mind. As i said, it entirely depends on your setup.

1 Like

Thank you, @JohnLivingston! You’re one of the most helpful people here.

If your Peertube is the only service on the server, and is not part of a local/private network, you can probably ignore this step.

I rented a VPS to run my PeerTube instance and nothing else. It looks like that was the right choice!

Thanks :slight_smile:

1 Like