Made several improvements and changes to streamline install
- unified the Nginx configuration into a single file - added SSL settings to Nginx - all hosts are configured using variables on the docker-compose file - changes on the main nginx.conf done by sed on a docker-entrypoint.d script - changes to the hardcoded URLs on the javascript done by a script in docker-entrypoint.d - nginx now exposes port 80 and 443, dispensing wit yet another proxy
This commit is contained in:
parent
90e6b80c7c
commit
3645de32d2
|
@ -1,3 +1 @@
|
|||
config/
|
||||
data/
|
||||
/docker-compose.yml
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
# Piped-Docker
|
||||
|
||||
See https://piped-docs.kavin.rocks/docs/self-hosting/#docker-compose-caddy-aio-script
|
||||
### Creating Self-signed certificate
|
||||
|
||||
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs#generating-ssl-certificates
|
||||
|
||||
|
||||
|
|
|
@ -4,8 +4,14 @@ PORT: 8080
|
|||
# The number of workers to use for the server
|
||||
HTTP_WORKERS: 2
|
||||
|
||||
# Proxy
|
||||
PROXY_PART: https://PROXY_HOSTNAME
|
||||
# Public Frontend URL - You should set this on the docker-compose file
|
||||
# FRONTEND_URL: https://FRONTEND_HOSTNAME
|
||||
|
||||
# Public API URL - You should set this on the docker-compose file
|
||||
# API_URL: https://BACKEND_HOSTNAME
|
||||
|
||||
# Proxy - You should set this on the docker-compose file
|
||||
# PROXY_PART: https://PROXY_HOSTNAME
|
||||
|
||||
# Outgoing HTTP Proxy - eg: 127.0.0.1:8118
|
||||
#HTTP_PROXY: 127.0.0.1:8118
|
||||
|
@ -14,12 +20,6 @@ PROXY_PART: https://PROXY_HOSTNAME
|
|||
CAPTCHA_BASE_URL: https://api.capmonster.cloud/
|
||||
CAPTCHA_API_KEY: INSERT_HERE
|
||||
|
||||
# Public API URL
|
||||
API_URL: https://BACKEND_HOSTNAME
|
||||
|
||||
# Public Frontend URL
|
||||
FRONTEND_URL: https://FRONTEND_HOSTNAME
|
||||
|
||||
# Enable haveibeenpwned compromised password API
|
||||
COMPROMISED_PASSWORD_CHECK: true
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
server {
|
||||
listen *:80;
|
||||
listen [::]:80;
|
||||
server_name ${FRONTEND_HOSTNAME} ${BACKEND_HOSTNAME} ${PROXY_HOSTNAME};
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header 'Referrer-Policy' 'no-referrer';
|
||||
# enforce https
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
listen *:443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${FRONTEND_HOSTNAME};
|
||||
|
||||
include snippets/ssl.conf;
|
||||
|
||||
# Path to the root of your installation
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
proxy_pass http://piped-frontend;
|
||||
}
|
||||
}
|
||||
|
||||
proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off;
|
||||
|
||||
server {
|
||||
|
||||
listen *:443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${BACKEND_HOSTNAME};
|
||||
|
||||
include snippets/ssl.conf;
|
||||
|
||||
# Path to the root of your installation
|
||||
location / {
|
||||
proxy_cache pipedapi;
|
||||
proxy_pass http://piped-backend:8080;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen *:443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${PROXY_HOSTNAME};
|
||||
|
||||
include snippets/ssl.conf;
|
||||
|
||||
location ~ (/videoplayback|/api/v4/|/api/manifest/) {
|
||||
include snippets/ytproxy.conf;
|
||||
|
||||
add_header Cache-Control private always;
|
||||
proxy_pass http://unix:/var/run/ytproxy/actix.sock;
|
||||
}
|
||||
|
||||
location / {
|
||||
include snippets/ytproxy.conf;
|
||||
|
||||
add_header Cache-Control "public, max-age=604800";
|
||||
proxy_pass http://unix:/var/run/ytproxy/actix.sock;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID/zCCAuegAwIBAgIUdqkJshly/62rDQeqUUqyQiU5yJ8wDQYJKoZIhvcNAQEL
|
||||
BQAwgY4xCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDESMBAGA1UEBwwJU2FvIFBh
|
||||
dWxvMRAwDgYDVQQKDAdleGFtcGxlMRQwEgYDVQQLDAtkZXZlbG9wbWVudDEWMBQG
|
||||
A1UEAwwNKi5leGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPbWFpbC5leG1wbGUu
|
||||
Y29tMB4XDTIzMDcyMjIxMzkzMloXDTI0MDcyMTIxMzkzMlowgY4xCzAJBgNVBAYT
|
||||
AkJSMQswCQYDVQQIDAJTUDESMBAGA1UEBwwJU2FvIFBhdWxvMRAwDgYDVQQKDAdl
|
||||
eGFtcGxlMRQwEgYDVQQLDAtkZXZlbG9wbWVudDEWMBQGA1UEAwwNKi5leGFtcGxl
|
||||
LmNvbTEeMBwGCSqGSIb3DQEJARYPbWFpbC5leG1wbGUuY29tMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q4tR+qHr5wNuFvp18+B5rLSrZWrqb/9zZaE
|
||||
65mTk70J7Wfa5kt+8wf7N7590ecazXcbuCnFmCBIMZGdZNE02C/0AQvgKKCmORhj
|
||||
XDRlWupilguS6dMXhffgisZ/Dent9cQjZIFkOJ0ZNILbarPkQBvhdkFrn302Nujc
|
||||
uF4cYrHvUa3WmtoUZspWqPKkl0AluOPTYm2QLGdT1M+nmr8AZs7JplYrBzT65fy/
|
||||
Nvtl+VxVcGqRrTVDmsWJIO8Gx/NW/7wfK6GQxWYeUotXNZmBrr5jOB0YttMQrgUn
|
||||
QydSpK6qrVWEBr8IaR+jS+eXJmWrEi0QBn6npwvx0+g+Jt5jWQIDAQABo1MwUTAd
|
||||
BgNVHQ4EFgQU7+AGX4fm74vjDt4+9nyB0ElAIkgwHwYDVR0jBBgwFoAU7+AGX4fm
|
||||
74vjDt4+9nyB0ElAIkgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAI4k5IYFkqMvmw1Nd53umzhSIayT+T54VHBz59ty5OR0m+6FpoZaon5+FnWlq
|
||||
5otCrOjGG6jzhku+PMsaU8iBcgfAJpZASicuCFXBcc6yAGveTvnHFAwlhEoI5oI/
|
||||
95tkh1hMy3hDZmMvYCOGnvS7vVY2JqPCFvgfRaMAaoe8gnlPOTx97fnnn/8+Aazi
|
||||
puny/PYud3vaIfCzLWA/8Zo+r47sRlLkQQ9hrgcjrRW7oT+PHmY/31SWP+mFxwF7
|
||||
v6FVArSABFRObkhgiFL3APKLnx34hWEA/8TpRryuYQdz7BYkUzJHpxzzn91KeLdm
|
||||
492KHQ71tVy6zV5iB1aev8nVYw==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDVDi1H6oevnA24
|
||||
W+nXz4HmstKtlaupv/3NloTrmZOTvQntZ9rmS37zB/s3vn3R5xrNdxu4KcWYIEgx
|
||||
kZ1k0TTYL/QBC+AooKY5GGNcNGVa6mKWC5Lp0xeF9+CKxn8N6e31xCNkgWQ4nRk0
|
||||
gttqs+RAG+F2QWuffTY26Ny4Xhxise9Rrdaa2hRmylao8qSXQCW449NibZAsZ1PU
|
||||
z6eavwBmzsmmVisHNPrl/L82+2X5XFVwapGtNUOaxYkg7wbH81b/vB8roZDFZh5S
|
||||
i1c1mYGuvmM4HRi20xCuBSdDJ1KkrqqtVYQGvwhpH6NL55cmZasSLRAGfqenC/HT
|
||||
6D4m3mNZAgMBAAECggEAGaZVST0xDLFK7ZETPAodZ3rL5l4Ihq04jxG5+utIWxb9
|
||||
JPnF3sfkBrpFQlbKqwSZs3bNfYR553CrgFw5iLOvGv/a7m1RlVKR8HnBLI6aTTG+
|
||||
oLXQABqL0HMhM1PmY/Rv05DDegwh1rcDG9FNPTFfH2C76hLCNDdM2Zt7Ry79V9w/
|
||||
rfZPGJgQS1ji7whLEGmv+z8JFOpw4rxtgvMUG+M73v5bS9j6VWZ0FLMKoXChvQka
|
||||
gTP4UtjW2sHPBHVPFVhba0UPzLPY87uvY2esvIqC11NhPLs0oXBv9EnlgDzi4/gF
|
||||
zwY4TpByBJ+2LOEU3QC0ezW4wz3M/p5NQjDMu9I3IQKBgQD/2nUVynNccMlW7STH
|
||||
zTihukg9paweCrElncSwluwf0jf3/0EizDbfCPRMBM5la5J8+mYEH/Lxa+XjpVhn
|
||||
CSnfDCRa68iwr+1wyn6YA0hvTHARbSVw74P3UnUafVAdhDlF9WGqQ6HUnMDHArSD
|
||||
u/x6q4J3daGegXn8EdLWUlB/JQKBgQDVLXCGtMjOkAUT+42uTavf+0PnogkX5KuY
|
||||
VYXmwrF3MCDmefkfYnyJK2Luecag+nSoK9Sc553DkCAoGiyreDPNXKNIYLGxDPMo
|
||||
d4hcrt6Ol9W7PTpzQoE3Lz8Bm2N3zuyblV0xRsGOOTQirMSz052CTD+nhlUkxvrl
|
||||
EJnzVBoHJQKBgAMRianzPaL0L1X9jh1fVriJ1Wf33rKVij5bQAqmJLrU+Jre0tcp
|
||||
/9Z48wUeYaNRwPYCwsp136IJmz45s2+46mmkaaM1hLipw31A0HfeQjYjgoyS9IoA
|
||||
NWL3+DOTISzZcx5lrQAvw3cbUiyQ2b1iucp22B+6p2+ROfdN92tenVyJAoGANAqO
|
||||
wOPbbcns427yrI2bmuddMWv2KlYRqfOe57G53y3pqjo2nfnOCzKDSVKDMgNSfUeN
|
||||
9Ov6MKa7ou6Y3xdOFiE6X03zsxRFPCjKKk4qWMcqTzZoUYD3yIAJMpw7kSD71BOH
|
||||
l6L9V3oRhzGEJ55OgmOY2o3JtVu6HjeKTcPHQt0CgYEAtpjb6sajZhM1sDlT2N/R
|
||||
V9t+k+N9dRDy8acpGRxm5HGhqJMev6PTowGqCxex+F/meDioCoybNYa7JPAwwDvt
|
||||
XzqUrgCIceQ2TLGETQLDgfu325aJo/WRQZrnrN0XY0Gc4wnI/GXUmz2VcVALLYfb
|
||||
jmPy4nc4xejo/H+MyUc8Ksw=
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,12 @@
|
|||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/piped.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/piped.key;
|
||||
|
||||
add_header 'Referrer-Policy' 'no-referrer';
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
|
@ -1,18 +1,17 @@
|
|||
proxy_buffering on;
|
||||
proxy_buffers 1024 16k;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_set_header CF-Connecting-IP "";
|
||||
proxy_hide_header "alt-svc";
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
tcp_nopush on;
|
||||
access_log off;
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 16m;
|
||||
proxy_buffering on;
|
||||
proxy_buffers 1024 16k;
|
||||
proxy_hide_header "alt-svc";
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_hide_header etag;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_max_temp_file_size 32m;
|
||||
access_log off;
|
||||
proxy_pass http://unix:/var/run/ytproxy/actix.sock;
|
||||
proxy_set_header CF-Connecting-IP "";
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
tcp_nopush on;
|
|
@ -1,50 +1,58 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
pipedfrontend:
|
||||
piped-frontend:
|
||||
image: 1337kavin/piped-frontend:latest
|
||||
container_name: piped-frontend
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- piped
|
||||
container_name: piped-frontend
|
||||
entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
|
||||
- piped-backend
|
||||
environment:
|
||||
- BACKEND_HOSTNAME=backend-host.example.com
|
||||
volumes:
|
||||
- ./entrypoint.d/host_replace.envsh:/docker-entrypoint.d/99-host_replace.envsh
|
||||
piped-proxy:
|
||||
image: 1337kavin/piped-proxy:latest
|
||||
container_name: piped-proxy
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- UDS=1
|
||||
volumes:
|
||||
- piped-proxy:/app/socket
|
||||
container_name: piped-proxy
|
||||
piped:
|
||||
- piped-proxy:/app/socket:z
|
||||
piped-backend:
|
||||
image: 1337kavin/piped:latest
|
||||
container_name: piped-backend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- FRONTEND_URL=https://frontend-host.example.com
|
||||
- API_URL=https://backend-host.example.com
|
||||
- PROXY_PART=https://proxy-host.example.com
|
||||
volumes:
|
||||
- ./config/config.properties:/app/config.properties:ro
|
||||
depends_on:
|
||||
- postgres
|
||||
container_name: piped-backend
|
||||
nginx:
|
||||
image: nginx:mainline-alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
|
||||
container_name: nginx
|
||||
depends_on:
|
||||
- piped
|
||||
caddy:
|
||||
image: caddy:2-alpine
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
environment:
|
||||
- FRONTEND_HOSTNAME=frontend-host.example.com
|
||||
- BACKEND_HOSTNAME=backend-host.example.com
|
||||
- PROXY_HOSTNAME=proxy-host.example.com
|
||||
volumes:
|
||||
- ./config/Caddyfile:/etc/caddy/Caddyfile:ro
|
||||
- caddy_data:/data
|
||||
- piped-proxy:/var/run/ytproxy
|
||||
container_name: caddy
|
||||
- ./config/piped.conf.template:/etc/nginx/templates/piped.conf.template:ro
|
||||
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
|
||||
- ./config/ssl.conf:/etc/nginx/snippets/ssl.conf
|
||||
- ./config/piped.key:/etc/nginx/ssl/piped.key
|
||||
- ./config/piped.crt:/etc/nginx/ssl/piped.crt
|
||||
- piped-proxy:/var/run/ytproxy:z
|
||||
depends_on:
|
||||
- piped-backend
|
||||
- piped-proxy
|
||||
- piped-frontend
|
||||
postgres:
|
||||
image: postgres:15
|
||||
restart: unless-stopped
|
||||
|
@ -54,7 +62,6 @@ services:
|
|||
- POSTGRES_DB=piped
|
||||
- POSTGRES_USER=piped
|
||||
- POSTGRES_PASSWORD=changeme
|
||||
container_name: postgres
|
||||
watchtower:
|
||||
image: containrrr/watchtower
|
||||
restart: always
|
||||
|
@ -64,8 +71,6 @@ services:
|
|||
environment:
|
||||
- WATCHTOWER_CLEANUP=true
|
||||
- WATCHTOWER_INCLUDE_RESTARTING=true
|
||||
container_name: watchtower
|
||||
command: piped-frontend piped-backend piped-proxy nginx caddy postgres watchtower
|
||||
command: piped-frontend piped-backend piped-proxy nginx postgres watchtower
|
||||
volumes:
|
||||
caddy_data: null
|
||||
piped-proxy: null
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
sed -i 's/pipedapi.kavin.rocks/'$BACKEND_HOSTNAME'/g' /usr/share/nginx/html/assets/*
|
||||
sed -i '/user/s/nginx/root' /etc/nginx/nginx.conf
|
|
@ -1,47 +0,0 @@
|
|||
(global) {
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
}
|
||||
|
||||
FRONTEND_HOSTNAME {
|
||||
reverse_proxy pipedfrontend:80
|
||||
import global
|
||||
}
|
||||
|
||||
BACKEND_HOSTNAME {
|
||||
reverse_proxy nginx:80
|
||||
import global
|
||||
}
|
||||
|
||||
PROXY_HOSTNAME {
|
||||
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
|
||||
import global
|
||||
|
||||
route {
|
||||
header @ytproxy {
|
||||
Cache-Control private always
|
||||
}
|
||||
|
||||
header / {
|
||||
Cache-Control "public, max-age=604800"
|
||||
}
|
||||
|
||||
reverse_proxy unix//var/run/ytproxy/actix.sock {
|
||||
header_up -CF-Connecting-IP
|
||||
header_up -X-Forwarded-For
|
||||
header_down -etag
|
||||
header_down -alt-svc
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,66 +0,0 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
pipedfrontend:
|
||||
image: 1337kavin/piped-frontend:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- piped
|
||||
container_name: piped-frontend
|
||||
entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
|
||||
piped-proxy:
|
||||
image: 1337kavin/piped-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- UDS=1
|
||||
volumes:
|
||||
- piped-proxy:/app/socket
|
||||
container_name: piped-proxy
|
||||
piped:
|
||||
image: 1337kavin/piped:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config/config.properties:/app/config.properties:ro
|
||||
depends_on:
|
||||
- postgres
|
||||
container_name: piped-backend
|
||||
nginx:
|
||||
image: nginx:mainline-alpine
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8080:80"
|
||||
volumes:
|
||||
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
|
||||
- ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
|
||||
- ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
|
||||
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
|
||||
- piped-proxy:/var/run/ytproxy
|
||||
container_name: nginx
|
||||
depends_on:
|
||||
- piped
|
||||
- piped-proxy
|
||||
- pipedfrontend
|
||||
postgres:
|
||||
image: postgres:15
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./data/db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=piped
|
||||
- POSTGRES_USER=piped
|
||||
- POSTGRES_PASSWORD=changeme
|
||||
container_name: postgres
|
||||
watchtower:
|
||||
image: containrrr/watchtower
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
environment:
|
||||
- WATCHTOWER_CLEANUP=true
|
||||
- WATCHTOWER_INCLUDE_RESTARTING=true
|
||||
container_name: watchtower
|
||||
command: piped-frontend piped-backend piped-proxy varnish nginx postgres watchtower
|
||||
volumes:
|
||||
piped-proxy: null
|
|
@ -1,33 +0,0 @@
|
|||
user root;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
server_names_hash_bucket_size 128;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
resolver 127.0.0.11 ipv6=off valid=10s;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name FRONTEND_HOSTNAME;
|
||||
|
||||
set $backend "http://pipedfrontend:80";
|
||||
|
||||
location / {
|
||||
proxy_pass $backend;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
}
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name PROXY_HOSTNAME;
|
||||
|
||||
location ~ (/videoplayback|/api/v4/|/api/manifest/) {
|
||||
include snippets/ytproxy.conf;
|
||||
add_header Cache-Control private always;
|
||||
}
|
||||
|
||||
location / {
|
||||
include snippets/ytproxy.conf;
|
||||
add_header Cache-Control "public, max-age=604800";
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue