PeerTube with Apache reverse proxy and websocket

nginx has: ##
  # Websocket

  location @api_websocket {
    proxy_http_version 1.1;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host            $host;
    proxy_set_header   X-Real-IP       $remote_addr;
    proxy_set_header   Upgrade         $http_upgrade;
    proxy_set_header   Connection      "upgrade";

    proxy_pass http://backend;

  location / {
    try_files /dev/null @api_websocket;

  location /tracker/socket {
    # Peers send a message to the tracker every 15 minutes
    # Don't close the websocket before then
    proxy_read_timeout 15m; # default is 60s

    try_files /dev/null @api_websocket;

  # Plugin websocket routes
  location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
    try_files /dev/null @api_websocket;
<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName peertube.domain.tld

                ProxyPreserveHost On

                ProxyPass "/" ""
                ProxyPassReverse "/" ""

                RewriteEngine On
                RewriteCond %{HTTP:Upgrade} =websocket [NC]
                RewriteRule / ws:// [P,L]
                RewriteRule /tracker/socket ws:// [P,L]
                RewriteRule ^/plugins/[^/]+(/[^/]+)?/ws/ ws://{REQUEST_URI} [P,L]

                RequestHeader set X-Forwarded-Host %{HTTP_HOST}s
                RequestHeader set X-Real-IP %{REMOTE_ADDR}s
                RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
                RequestHeader set Upgrade %{HTTP:Upgrade}s
                RequestHeader set Connection "upgrade"

                ErrorLog /dev/null
                CustomLog /dev/null common

                SSLCertificateFile /etc/letsencrypt/live/peertube.domain.tld/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/peertube.domain.tld/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf

Leave a Reply

Your email address will not be published. Required fields are marked *