From 099a59cf8ac2346954f4bf2c2b118a9acc15e9b8 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Thu, 19 May 2022 21:06:53 +0100 Subject: [PATCH 01/12] Add support for docker compose. --- configure-instance.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure-instance.sh b/configure-instance.sh index 04b4adc..7f96784 100755 --- a/configure-instance.sh +++ b/configure-instance.sh @@ -5,7 +5,7 @@ if [ -z "$(which docker-compose)" ]; then fi # Docker-Compose version check, to prevent "Unsupported configuration option" -COMPOSE_VERSION=$(docker-compose version --short) +COMPOSE_VERSION=$(docker-compose version --short 2>/dev/null || docker compose version --short 2>/dev/null) REQUIRED_COMPOSE_VERSION="1.28.0" if [[ $(printf '%s\n' "$REQUIRED_COMPOSE_VERSION" "$COMPOSE_VERSION" | sort -V | head -n1) != $REQUIRED_COMPOSE_VERSION ]]; then echo "Your docker-compose version of $COMPOSE_VERSION is too old. Please upgrade to $REQUIRED_COMPOSE_VERSION or higher." From aa3f174f5e171234243c6b1afad960ca865e064a Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Thu, 2 Jun 2022 04:38:55 +0100 Subject: [PATCH 02/12] Remove docker-compose version checks. --- configure-instance.sh | 9 --------- template/docker-compose.caddy.yml | 9 ++++----- template/docker-compose.nginx.yml | 9 ++++----- 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/configure-instance.sh b/configure-instance.sh index 7f96784..7811040 100755 --- a/configure-instance.sh +++ b/configure-instance.sh @@ -4,15 +4,6 @@ if [ -z "$(which docker-compose)" ]; then exit 1 fi -# Docker-Compose version check, to prevent "Unsupported configuration option" -COMPOSE_VERSION=$(docker-compose version --short 2>/dev/null || docker compose version --short 2>/dev/null) -REQUIRED_COMPOSE_VERSION="1.28.0" -if [[ $(printf '%s\n' "$REQUIRED_COMPOSE_VERSION" "$COMPOSE_VERSION" | sort -V | head -n1) != $REQUIRED_COMPOSE_VERSION ]]; then - echo "Your docker-compose version of $COMPOSE_VERSION is too old. Please upgrade to $REQUIRED_COMPOSE_VERSION or higher." - echo "See https://docs.docker.com/compose/install/#install-compose for installation instructions." - exit 1 -fi - echo "Enter a hostname for the Frontend (eg: piped.kavin.rocks):" && read -r frontend echo "Enter a hostname for the Backend (eg: pipedapi.kavin.rocks):" && read -r backend echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):" && read -r proxy diff --git a/template/docker-compose.caddy.yml b/template/docker-compose.caddy.yml index 761eb49..263019e 100644 --- a/template/docker-compose.caddy.yml +++ b/template/docker-compose.caddy.yml @@ -1,3 +1,5 @@ +version: "3" + services: pipedfrontend: image: 1337kavin/piped-frontend:latest @@ -5,9 +7,7 @@ services: depends_on: - piped container_name: piped-frontend - entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g - /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g - "daemon off;"' + entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' ytproxy: image: 1337kavin/ytproxy:latest restart: unless-stopped @@ -31,8 +31,7 @@ services: depends_on: - piped healthcheck: - test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || - (varnishreload && exit 1)" + test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || (varnishreload && exit 1)" interval: 10s timeout: 10s retries: 1 diff --git a/template/docker-compose.nginx.yml b/template/docker-compose.nginx.yml index 1de3039..474fd4c 100644 --- a/template/docker-compose.nginx.yml +++ b/template/docker-compose.nginx.yml @@ -1,3 +1,5 @@ +version: "3" + services: pipedfrontend: image: 1337kavin/piped-frontend:latest @@ -5,9 +7,7 @@ services: depends_on: - piped container_name: piped-frontend - entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g - /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g - "daemon off;"' + entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' ytproxy: image: 1337kavin/ytproxy:latest restart: unless-stopped @@ -31,8 +31,7 @@ services: depends_on: - piped healthcheck: - test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || - (varnishreload && exit 1)" + test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || (varnishreload && exit 1)" interval: 10s timeout: 10s retries: 1 From 6804354ab590eb275c323763f25c9eb8297f6370 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Thu, 2 Jun 2022 04:45:49 +0100 Subject: [PATCH 03/12] Use dynamic variable for varnish proxy_pass. --- template/pipedapi.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/template/pipedapi.conf b/template/pipedapi.conf index e039caf..da4447d 100644 --- a/template/pipedapi.conf +++ b/template/pipedapi.conf @@ -2,8 +2,10 @@ server { listen 80; server_name BACKEND_HOSTNAME; + set $backend "http://varnish:80"; + location / { - proxy_pass http://varnish:80; + proxy_pass $backend; proxy_http_version 1.1; proxy_set_header Connection "keep-alive"; } From 9b6ba05f4a3640ad67d197f98eed22e4f932c79e Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Mon, 6 Jun 2022 05:29:34 +0100 Subject: [PATCH 04/12] Set resolver for nginx. --- template/nginx.conf | 2 ++ template/pipedfrontend.conf | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/template/nginx.conf b/template/nginx.conf index 28d54bf..26fce04 100644 --- a/template/nginx.conf +++ b/template/nginx.conf @@ -27,5 +27,7 @@ http { gzip on; + resolver 127.0.0.11 ipv6=off valid=10s; + include /etc/nginx/conf.d/*.conf; } diff --git a/template/pipedfrontend.conf b/template/pipedfrontend.conf index 8e3d442..50c7da2 100644 --- a/template/pipedfrontend.conf +++ b/template/pipedfrontend.conf @@ -2,8 +2,10 @@ server { listen 80; server_name FRONTEND_HOSTNAME; + set $backend "http://pipedfrontend:80"; + location / { - proxy_pass http://pipedfrontend:80; + proxy_pass $backend; proxy_http_version 1.1; proxy_set_header Connection "keep-alive"; } From c4fe0c1ac4f0e93e536e14f16b70956275c9ea23 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Sun, 12 Jun 2022 18:57:34 +0100 Subject: [PATCH 05/12] Add some missing config properties. Ref: https://github.com/TeamPiped/Piped/issues/1123 --- template/config.properties | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/template/config.properties b/template/config.properties index fc1050a..6ca8ef1 100644 --- a/template/config.properties +++ b/template/config.properties @@ -20,6 +20,15 @@ API_URL: https://BACKEND_HOSTNAME # Public Frontend URL FRONTEND_URL: https://FRONTEND_HOSTNAME +# Enable haveibeenpwned compromised password API +COMPROMISED_PASSWORD_CHECK: true + +# Disable Registration +DISABLE_REGISTRATION: false + +# Feed Retention Time in Days +FEED_RETENTION: 30 + # Hibernate properties hibernate.connection.url: jdbc:postgresql://postgres:5432/piped hibernate.connection.driver_class: org.postgresql.Driver From 0db1302898280d1dcc0001e30d84021f1b9977e6 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Fri, 17 Jun 2022 16:55:05 +0100 Subject: [PATCH 06/12] Change postgres dialect. --- template/config.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/config.properties b/template/config.properties index 6ca8ef1..ef1686f 100644 --- a/template/config.properties +++ b/template/config.properties @@ -32,6 +32,6 @@ FEED_RETENTION: 30 # Hibernate properties hibernate.connection.url: jdbc:postgresql://postgres:5432/piped hibernate.connection.driver_class: org.postgresql.Driver -hibernate.dialect: org.hibernate.dialect.PostgreSQL10Dialect +hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect hibernate.connection.username: piped hibernate.connection.password: changeme From 0a6f6c557b8c363df6374ff688a2d2ac74c9e334 Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Tue, 19 Jul 2022 23:53:52 +0530 Subject: [PATCH 07/12] Remove docker-compose installed checks. Closes #23 --- configure-instance.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure-instance.sh b/configure-instance.sh index 7811040..9b83d1c 100755 --- a/configure-instance.sh +++ b/configure-instance.sh @@ -1,9 +1,3 @@ -# Check if Docker-Compose is not installed -if [ -z "$(which docker-compose)" ]; then - echo "Docker-Compose is not installed. Please install it first from https://docs.docker.com/compose/install/#install-compose." - exit 1 -fi - echo "Enter a hostname for the Frontend (eg: piped.kavin.rocks):" && read -r frontend echo "Enter a hostname for the Backend (eg: pipedapi.kavin.rocks):" && read -r backend echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):" && read -r proxy From 2480d0dffbe2be69c51faf023332f4b00c92fd7d Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Sun, 7 Aug 2022 06:59:23 +0530 Subject: [PATCH 08/12] Use nginx to cache responses. --- template/docker-compose.nginx.yml | 14 -------------- template/pipedapi.conf | 5 ++++- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/template/docker-compose.nginx.yml b/template/docker-compose.nginx.yml index 474fd4c..7d86576 100644 --- a/template/docker-compose.nginx.yml +++ b/template/docker-compose.nginx.yml @@ -22,19 +22,6 @@ services: depends_on: - postgres container_name: piped-backend - varnish: - image: varnish:7.0-alpine - restart: unless-stopped - volumes: - - ./config/default.vcl:/etc/varnish/default.vcl:ro - container_name: varnish - depends_on: - - piped - healthcheck: - test: ash -c "wget --no-verbose --tries=1 --spider 127.0.0.1:80/feed || (varnishreload && exit 1)" - interval: 10s - timeout: 10s - retries: 1 nginx: image: nginx:mainline-alpine restart: unless-stopped @@ -50,7 +37,6 @@ services: container_name: nginx depends_on: - piped - - varnish - ytproxy - pipedfrontend postgres: diff --git a/template/pipedapi.conf b/template/pipedapi.conf index da4447d..69db81f 100644 --- a/template/pipedapi.conf +++ b/template/pipedapi.conf @@ -1,10 +1,13 @@ +proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off; + server { listen 80; server_name BACKEND_HOSTNAME; - set $backend "http://varnish:80"; + set $backend "http://piped:8080"; location / { + proxy_cache pipedapi; proxy_pass $backend; proxy_http_version 1.1; proxy_set_header Connection "keep-alive"; From 6129c5dfbfdd80e499653f0c8bff37f2dbd08c1e Mon Sep 17 00:00:00 2001 From: Kavin <20838718+FireMasterK@users.noreply.github.com> Date: Sun, 7 Aug 2022 07:01:45 +0530 Subject: [PATCH 09/12] Remove gzip by default. Let the user setup gzip in their reverse proxy. Closes #18 --- template/nginx.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/template/nginx.conf b/template/nginx.conf index 26fce04..a4cfa4f 100644 --- a/template/nginx.conf +++ b/template/nginx.conf @@ -25,8 +25,6 @@ http { keepalive_timeout 65; - gzip on; - resolver 127.0.0.11 ipv6=off valid=10s; include /etc/nginx/conf.d/*.conf; From a492fdcabb32f89af2990bf1076f8ef35327a2e9 Mon Sep 17 00:00:00 2001 From: Oskar Roesler Date: Mon, 15 Aug 2022 15:31:34 +0200 Subject: [PATCH 10/12] Varnish config: replace hostname piped with hostname piped-backend to clearly use the appopriate hostname to avoid problems with the docker-magic and prevent confusion after hostname changes. (#19) --- template/default.vcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/default.vcl b/template/default.vcl index 2cb3b70..89f0fb7 100644 --- a/template/default.vcl +++ b/template/default.vcl @@ -1,5 +1,5 @@ vcl 4.0; backend default { - .host = "piped:8080"; + .host = "piped-backend:8080"; } From dcdc7a04600633e1baaa5ce8747ffbe015f2ed7e Mon Sep 17 00:00:00 2001 From: Jeidnx Date: Tue, 6 Sep 2022 11:27:32 +0200 Subject: [PATCH 11/12] Add Shebang --- configure-instance.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/configure-instance.sh b/configure-instance.sh index 9b83d1c..ffbbeee 100755 --- a/configure-instance.sh +++ b/configure-instance.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash echo "Enter a hostname for the Frontend (eg: piped.kavin.rocks):" && read -r frontend echo "Enter a hostname for the Backend (eg: pipedapi.kavin.rocks):" && read -r backend echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):" && read -r proxy From 78dc60527a4d61e817bf5201d028b17c92c59980 Mon Sep 17 00:00:00 2001 From: Soochaehwa Date: Thu, 22 Sep 2022 02:07:01 +0900 Subject: [PATCH 12/12] Update Caddyfile --- template/Caddyfile | 61 ++++++++++++---------------------------------- 1 file changed, 16 insertions(+), 45 deletions(-) diff --git a/template/Caddyfile b/template/Caddyfile index 79bad50..6d80991 100644 --- a/template/Caddyfile +++ b/template/Caddyfile @@ -1,61 +1,32 @@ -{ - servers :443 { - protocol { - experimental_http3 - } +(global) { + header { + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security max-age=31536000; + + # keep referrer data off + Referrer-Policy no-referrer + + # prevent for appearing in search engine for private instances (option) + #X-Robots-Tag noindex } } FRONTEND_HOSTNAME { reverse_proxy pipedfrontend:80 - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # keep referrer data off - Referrer-Policy no-referrer - - # prevent for appearing in search engine for private instances (option) - #X-Robots-Tag noindex - } + import global } BACKEND_HOSTNAME { reverse_proxy varnish:80 - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # keep referrer data off - Referrer-Policy no-referrer - - # prevent for appearing in search engine for private instances (option) - #X-Robots-Tag noindex - } + import global } PROXY_HOSTNAME { @ytproxy path /videoplayback* /api/v4/* /api/manifest/* - - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # keep referrer data off - Referrer-Policy no-referrer - - # prevent for appearing in search engine for private instances (option) - #X-Robots-Tag noindex - } + import global route { header @ytproxy {