+2 -17

Makefile

reviewed

··· 833 833 --deb-systemd-restart-after-upgrade \ 834 834 --after-install=util/systemd/after-install.sh \ 835 835 --description="Live video for the AT Protocol. Solving video for everybody forever." \ 836 836 - build-linux-$(SP_ARCH_NAME)/streamplace=/usr/bin/streamplace \ 837 837 - && fpm $(FPM_BASE_OPTS) \ 838 838 - -n streamplace-default-http \ 839 839 - -a $(SP_ARCH_NAME) \ 840 840 - -d streamplace \ 841 841 - --deb-systemd-restart-after-upgrade \ 842 842 - -p bin/streamplace-default-http-$(VERSION)-linux-$(SP_ARCH_NAME).deb \ 843 843 - --description="Installing this package will install Streamplace as the default HTTP server on ports 80 and 443." \ 844 844 - util/systemd/streamplace-http.socket=/lib/systemd/system/streamplace-http.socket \ 845 845 - util/systemd/streamplace-https.socket=/lib/systemd/system/streamplace-https.socket 836 836 + build-linux-$(SP_ARCH_NAME)/streamplace=/usr/bin/streamplace 846 837 847 838 .PHONY: pkg-linux-amd64 848 839 pkg-linux-amd64: ··· 869 860 aptly repo create -distribution=all -component=main streamplace-releases 870 861 aptly mirror create old-version $$S3_PUBLIC_URL/debian all 871 862 aptly mirror update old-version 872 872 - aptly repo import old-version streamplace-releases streamplace streamplace-default-http 863 863 + aptly repo import old-version streamplace-releases streamplace 873 864 aptly repo add streamplace-releases \ 874 874 - bin/streamplace-default-http-$(VERSION)-linux-arm64.deb \ 875 865 bin/streamplace-$(VERSION)-linux-arm64.deb \ 876 876 - bin/streamplace-default-http-$(VERSION)-linux-amd64.deb \ 877 866 bin/streamplace-$(VERSION)-linux-amd64.deb 878 867 aptly snapshot create streamplace-$(VERSION) from repo streamplace-releases 879 868 aptly publish snapshot -distribution=all streamplace-$(VERSION) s3:streamplace-releases: 880 869 881 870 .PHONY: ci-deb-release 882 871 ci-deb-release: 883 883 - $(MAKE) ci-download-file download_file=streamplace-default-http-$(VERSION)-linux-amd64.deb 884 872 $(MAKE) ci-download-file download_file=streamplace-$(VERSION)-linux-amd64.deb 885 885 - $(MAKE) ci-download-file download_file=streamplace-default-http-$(VERSION)-linux-arm64.deb 886 873 $(MAKE) ci-download-file download_file=streamplace-$(VERSION)-linux-arm64.deb 887 874 echo $$CI_SIGNING_KEY_BASE64 | base64 -d | gpg --import 888 875 gpg --armor --export | gpg --no-default-keyring --keyring trustedkeys.gpg --import ··· 905 892 ci-upload-node-linux-amd64: 906 893 $(MAKE) ci-upload-file upload_file=streamplace-$(VERSION)-linux-amd64.tar.gz \ 907 894 && $(MAKE) ci-upload-file upload_file=streamplace-desktop-$(VERSION)-linux-amd64.AppImage \ 908 908 - && $(MAKE) ci-upload-file upload_file=streamplace-default-http-$(VERSION)-linux-amd64.deb \ 909 895 && $(MAKE) ci-upload-file upload_file=streamplace-$(VERSION)-linux-amd64.deb 910 896 911 897 .PHONY: ci-upload-node-linux-arm64 912 898 ci-upload-node-linux-arm64: 913 899 $(MAKE) ci-upload-file upload_file=streamplace-$(VERSION)-linux-arm64.tar.gz \ 914 900 && $(MAKE) ci-upload-file upload_file=streamplace-desktop-$(VERSION)-linux-arm64.AppImage \ 915 915 - && $(MAKE) ci-upload-file upload_file=streamplace-default-http-$(VERSION)-linux-arm64.deb \ 916 901 && $(MAKE) ci-upload-file upload_file=streamplace-$(VERSION)-linux-arm64.deb 917 902 918 903 .PHONY: ci-upload-node-darwin-arm64

+20 -13

js/docs/src/content/docs/guides/installing/downloading-streamplace.md

reviewed

··· 13 13 14 14 ## Linux 15 15 16 16 - We distribute two Linux packages for Streamplace: 17 17 - 18 18 - - `streamplace`, which is the main Streamplace binary. 19 19 - - `streamplace-default-http`, which includes some additional systemd 20 20 - configuration to make Streamplace your default HTTP server on ports 80 21 21 - and 443. 22 22 - 23 23 - If you're looking to set up a Streamplace node on a server that isn't hosting 24 24 - any other services, we'd recommend e.g. 25 25 - `apt install streamplace streamplace-default-http`. If your server is hosting 26 26 - other HTTP servers and you'll handle the proxying yourself, you can simply 27 27 - `apt install streamplace`. 28 28 - 29 16 ### Debian/Ubuntu 30 17 31 18 ```shell ··· 35 22 | sudo tee /etc/apt/sources.list.d/streamplace.list 36 23 sudo apt update 37 24 sudo apt install streamplace 25 25 + ``` 26 26 + 27 27 + This will install the `streamplace` systemd service. To configure it, you will 28 28 + want to edit the environment variables at `/etc/streamplace/streamplace.env`. An 29 29 + example production env file might look something like this: 30 30 + 31 31 + ```ini 32 32 + # Handle default HTTP and HTTPS traffic for the server 33 33 + SP_HTTP_ADDR=:80 34 34 + SP_HTTPS_ADDR=:443 35 35 + SP_SECURE=true 36 36 + 37 37 + # Necessary to advertise a public Streamplace broadcaster 38 38 + SP_BROADCASTER_HOST=example.com 39 39 + # If you have a multi-node cluster, they'll each need different public DNS names: 40 40 + SP_SERVER_HOST=prod-nyc0.example.com 41 41 + 42 42 + # Useful if your TLS cert and key aren't in the default 43 43 + SP_TLS_CERT=/tls/tls.crt 44 44 + SP_TLS_KEY=/tls/tls.key 38 45 ``` 39 46 40 47 ## Download a binary

+19 -2

util/systemd/after-install.sh

reviewed

··· 18 18 19 19 # Create default environment file if it doesn't exist 20 20 if [ ! -f /etc/streamplace/streamplace.env ]; then 21 21 - echo "# Configure your Streamplace instance by creating lines such as:" > /etc/streamplace/streamplace.env 22 22 - echo "# SP_PUBLIC_HOST=example.com" >> /etc/streamplace/streamplace.env 21 21 + cat <<EOF > /etc/streamplace/streamplace.env 22 22 + # Configure your Streamplace instance by creating lines such as: 23 23 + # 24 24 + # SP_BROADCASTER_HOST=example.com 25 25 + # 26 26 + # If you have a multi-node cluster, they'll each need different public DNS names: 27 27 + # 28 28 + # SP_SERVER_HOST=prod-nyc0.example.com 29 29 + # 30 30 + # If you want your Streamplace node handle default HTTP and HTTPS traffic for the server, uncomment these: 31 31 + # 32 32 + # SP_HTTP_ADDR=:80 33 33 + # SP_HTTPS_ADDR=:443 34 34 + # SP_SECURE=true 35 35 + # Useful if your TLS cert and key aren't in the default: 36 36 + # 37 37 + # SP_TLS_CERT=/tls/tls.crt 38 38 + # SP_TLS_KEY=/tls/tls.key 39 39 + EOF 23 40 fi

-10

util/systemd/streamplace-http.socket

reviewed

··· 1 1 - [Unit] 2 2 - Description=streamplace http socket 3 3 - 4 4 - [Socket] 5 5 - ListenStream=80 6 6 - FileDescriptorName=http 7 7 - Service=streamplace.service 8 8 - 9 9 - [Install] 10 10 - WantedBy=sockets.target

-10

util/systemd/streamplace-https.socket

reviewed

··· 1 1 - [Unit] 2 2 - Description=streamplace https socket 3 3 - 4 4 - [Socket] 5 5 - ListenStream=443 6 6 - FileDescriptorName=https 7 7 - Service=streamplace.service 8 8 - 9 9 - [Install] 10 10 - WantedBy=sockets.target

+5 -7

util/systemd/streamplace.service

reviewed

··· 3 3 Documentation=https://stream.place/docs 4 4 After=network-online.target 5 5 Wants=network-online.target 6 6 - Wants=streamplace-http.socket streamplace-https.socket 7 6 Requires=network.target 8 7 9 8 [Service] ··· 23 22 # Additional environment file for user customization 24 23 EnvironmentFile=-/etc/streamplace/streamplace.env 25 24 25 25 + # Grant capability to bind to privileged ports 26 26 + AmbientCapabilities=CAP_NET_BIND_SERVICE 27 27 + CapabilityBoundingSet=CAP_NET_BIND_SERVICE 28 28 + 26 29 # Security hardening 27 30 NoNewPrivileges=yes 28 28 - ProtectSystem=strict 29 31 ProtectHome=yes 30 32 ProtectKernelTunables=yes 31 33 ProtectKernelModules=yes ··· 35 37 RemoveIPC=yes 36 38 PrivateTmp=yes 37 39 38 38 - # Allow access to necessary directories 39 39 - ReadWritePaths=/var/lib/streamplace 40 40 - ReadOnlyPaths=/etc/streamplace 41 41 - 42 40 # Resource limits 43 41 LimitNOFILE=65536 44 42 LimitNPROC=4096 ··· 52 50 WorkingDirectory=/var/lib/streamplace 53 51 54 52 [Install] 55 55 - WantedBy=multi-user.target 53 53 + WantedBy=multi-user.target