Merge branch 'main' into fix_merge_conflict

configure-instance.sh

@@ -1,18 +1,4 @@
-# Check if Docker-Compose is not installed
-if [ -z "$(which docker-compose)" ]; then
-    echo "Docker-Compose is not installed. Please install it first from https://docs.docker.com/compose/install/#install-compose."
-    exit 1
-fi
-
-# Docker-Compose version check, to prevent "Unsupported configuration option"
-COMPOSE_VERSION=$(docker-compose version --short)
-REQUIRED_COMPOSE_VERSION="1.28.0"
-if [[ $(printf '%s\n' "$REQUIRED_COMPOSE_VERSION" "$COMPOSE_VERSION" | sort -V | head -n1) != $REQUIRED_COMPOSE_VERSION ]]; then
-    echo "Your docker-compose version of $COMPOSE_VERSION is too old. Please upgrade to $REQUIRED_COMPOSE_VERSION or higher."
-    echo "See https://docs.docker.com/compose/install/#install-compose for installation instructions."
-    exit 1
-fi
-
+#!/usr/bin/env bash
 echo "Enter a hostname for the Frontend (eg: piped.kavin.rocks):" && read -r frontend
 echo "Enter a hostname for the Backend (eg: pipedapi.kavin.rocks):" && read -r backend
 echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):" && read -r proxy

template/Caddyfile

@@ -1,61 +1,32 @@
-{
-	servers :443 {
-		protocol {
-			experimental_http3
-		}
+(global) {
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# keep referrer data off
+		Referrer-Policy no-referrer
+
+		# prevent for appearing in search engine for private instances (option)
+		#X-Robots-Tag noindex
 	}
 }
 
 FRONTEND_HOSTNAME {
 	reverse_proxy pipedfrontend:80
-	header {
-		# disable FLoC tracking
-		Permissions-Policy interest-cohort=()
-
-		# enable HSTS
-		Strict-Transport-Security max-age=31536000;
-
-		# keep referrer data off
-		Referrer-Policy no-referrer
-
-		# prevent for appearing in search engine for private instances (option)
-		#X-Robots-Tag noindex
-	}
+	import global
 }
 
 BACKEND_HOSTNAME {
 	reverse_proxy varnish:80
-	header {
-		# disable FLoC tracking
-		Permissions-Policy interest-cohort=()
-
-		# enable HSTS
-		Strict-Transport-Security max-age=31536000;
-
-		# keep referrer data off
-		Referrer-Policy no-referrer
-
-		# prevent for appearing in search engine for private instances (option)
-		#X-Robots-Tag noindex
-	}
+	import global
 }
 
 PROXY_HOSTNAME {
 	@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
-
-	header {
-		# disable FLoC tracking
-		Permissions-Policy interest-cohort=()
-
-		# enable HSTS
-		Strict-Transport-Security max-age=31536000;
-
-		# keep referrer data off
-		Referrer-Policy no-referrer
-
-		# prevent for appearing in search engine for private instances (option)
-		#X-Robots-Tag noindex
-	}
+	import global
 
 	route {
 		header @ytproxy {

template/config.properties

@@ -20,9 +20,18 @@ API_URL: https://BACKEND_HOSTNAME
 # Public Frontend URL
 FRONTEND_URL: https://FRONTEND_HOSTNAME
 
+# Enable haveibeenpwned compromised password API
+COMPROMISED_PASSWORD_CHECK: true
+
+# Disable Registration
+DISABLE_REGISTRATION: false
+
+# Feed Retention Time in Days
+FEED_RETENTION: 30
+
 # Hibernate properties
 hibernate.connection.url: jdbc:postgresql://postgres:5432/piped
 hibernate.connection.driver_class: org.postgresql.Driver
-hibernate.dialect: org.hibernate.dialect.PostgreSQL10Dialect
+hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
 hibernate.connection.username: piped
 hibernate.connection.password: changeme

template/default.vcl

@@ -1,5 +1,5 @@
 vcl 4.0;
 
 backend default {
-  .host = "piped:8080";
+  .host = "piped-backend:8080";
 }

template/docker-compose.caddy.yml

@@ -1,3 +1,5 @@
+version: "3"
+
 services:
     pipedfrontend:
         image: 1337kavin/piped-frontend:latest

template/docker-compose.nginx.yml

@@ -1,3 +1,5 @@
+version: "3"
+
 services:
     pipedfrontend:
         image: 1337kavin/piped-frontend:latest
@@ -26,21 +28,6 @@ services:
         container_name: piped-backend
         labels:
             com.centurylinklabs.watchtower.scope: piped
-    varnish:
-        image: varnish:7.0-alpine
-        restart: unless-stopped
-        volumes:
-            - ./config/default.vcl:/etc/varnish/default.vcl:ro
-        container_name: varnish
-        depends_on:
-            - piped
-        healthcheck:
-            test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || (varnishreload && exit 1)"
-            interval: 10s
-            timeout: 10s
-            retries: 1
-        labels:
-            com.centurylinklabs.watchtower.scope: piped
     nginx:
         image: nginx:mainline-alpine
         restart: unless-stopped
@@ -56,7 +43,6 @@ services:
         container_name: nginx
         depends_on:
             - piped
-            - varnish
             - ytproxy
             - pipedfrontend
         labels:

template/nginx.conf

@@ -25,7 +25,7 @@ http {
 
     keepalive_timeout 65;
 
-    gzip on;
+    resolver 127.0.0.11 ipv6=off valid=10s;
 
     include /etc/nginx/conf.d/*.conf;
 }

template/pipedapi.conf

@@ -1,9 +1,14 @@
+proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off;
+
 server {
     listen 80;
     server_name BACKEND_HOSTNAME;
 
+    set $backend "http://piped:8080";
+
     location / {
-        proxy_pass http://varnish:80;
+        proxy_cache pipedapi;
+        proxy_pass $backend;
         proxy_http_version 1.1;
         proxy_set_header Connection "keep-alive";
     }

template/pipedfrontend.conf

@@ -2,8 +2,10 @@ server {
     listen 80;
     server_name FRONTEND_HOSTNAME;
 
+    set $backend "http://pipedfrontend:80";
+
     location / {
-        proxy_pass http://pipedfrontend:80;
+        proxy_pass $backend;
         proxy_http_version 1.1;
         proxy_set_header Connection "keep-alive";
     }