The configuration file is parsed during application start, which means that PeerTube has to be restarted for the changes to have effect.
You can find the configuration options documented in the default.yaml.
NODE_ENV: Specify server mode (
test) to choose the appropriate configuration
NODE_CONFIG_DIR: Specify PeerTube configuration directory
NODE_APP_INSTANCE: Specify application number. If set, PeerTube will use the chosen configuration app number (
PT_INITIAL_ROOT_PASSWORD: Set up an initial administrator password. It must be 6 characters or more
FFPROBE_PATH: Use custom FFmpeg/FFprobe binaries
HTTPS_PROXY: Use proxy for HTTP requests
YOUTUBE_DL_DOWNLOAD_BEARER_TOKEN: Token to send in
AuthorizationHTTP header when downloading latest youtube-dl binary
USE_VIEWERS_FEDERATION_V2: Federate views and viewers using the new federation protocol to improve performance (less messages are sent to followers). Introduced in PeerTube 6.1
Installing PeerTube following the production guide should be secure enough by default. We list here suggestions to tighten the security of some parts of PeerTube.
Set up a HTTP proxy
With ActivityPub federation and import features, PeerTube does many HTTP requests to the external world. To prevent private network/URL access, we encourage to use a HTTP proxy using
HTTPS_PROXY environment variables.
Systemd Unit with reduced privileges
A systemd unit template is provided at
support/systemd/peertube.service. Some directives can be changed to improve security!
PrivateDevices=true: sets up a new
/devmount for the Peertube process and only adds API pseudo devices like
/dev/randombut not physical devices. This won't work on Raspberry Pi. That's why we don't enable it by default
ProtectHome=true: sandboxes Peertube such that the service can not access the
/run/userfolders. If your local Peertube user has its home folder in one of the restricted places, either change the home directory of the user or set this option to
Here is some advice if you plan to manage a large PeerTube instance that may have many viewers or uploaders.
Many concurrent viewers
If you plan to have many concurrent viewers (~ 1000) on a PeerTube video: we recommend to and adapt some configuration keys:
- Use the recommended installation guide with nginx serving PeerTube public static files
- Have at least 4 CPU cores and 4GB of RAM
- Use the default PeerTube configuration (in your
warnlog level in PeerTube configuration (
log.level) to reduce log overhead or disable HTTP requests logging (
- Disable HTTP request duration metrics (
open_telemetry.metrics.http_request_duration.enabled) if you enabled OpenTelemetry metrics
- Use the V2 viewers federation protocol (
USE_VIEWERS_FEDERATION_V2=trueenvironment variable, introduced in PeerTube 6.1)
- Disable all PeerTube plugins
If you plan to have more concurrent viewers, consider in addition to:
- Disable client logs (
- Disable OpenTelemetry metrics (
- Help to distribute video static files using:
- Forbid access to
/api/v1/metrics/playbackin your reverse proxy so PeerTube does not handle these API calls (you'll loose views and viewers statistics)
To handle many videos uploaded/imported on your instance, we recommend to: