TeamPiped-mirror
/
Piped-Docker
mirror of https://github.com/TeamPiped/Piped-Docker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for nginx without a TLS reverse proxy.

This commit is contained in:
FireMasterK 2021-09-25 14:44:58 +01:00
parent 5862e8354a
commit eb62697497
No known key found for this signature in database
GPG Key ID: 49451E4482CC5BCD
9 changed files with 225 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configure-instance.sh
View File

@ -7,7 +7,11 @@ read backend
echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):"
read proxy
echo "Enter the reverse proxy you would like to use (either caddy or nginx):"
read reverseproxy
rm -rf config/
rm -f docker-compose.yml
cp -r template/ config/
@ -15,4 +19,4 @@ sed -i "s/FRONTEND_HOSTNAME/$frontend/g" config/*
sed -i "s/BACKEND_HOSTNAME/$backend/g" config/*
sed -i "s/PROXY_HOSTNAME/$proxy/g" config/*
mv config/docker-compose.yml docker-compose.yml
mv config/docker-compose.$reverseproxy.yml docker-compose.yml

120
template/Caddyfile
View File

@ -1,88 +1,86 @@
{
servers :443 {
protocol {
experimental_http3
}
}
servers :443 {
protocol {
experimental_http3
}
}
}
FRONTEND_HOSTNAME {
reverse_proxy pipedfrontend:80
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
reverse_proxy pipedfrontend:80
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# enable HSTS
Strict-Transport-Security max-age=31536000;
# keep referrer data off
Referrer-Policy no-referrer
# keep referrer data off
Referrer-Policy no-referrer
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
}
BACKEND_HOSTNAME {
reverse_proxy varnish:80
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
reverse_proxy varnish:80
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# enable HSTS
Strict-Transport-Security max-age=31536000;
# keep referrer data off
Referrer-Policy no-referrer
# keep referrer data off
Referrer-Policy no-referrer
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
}
PROXY_HOSTNAME {
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
@optionscall {
method OPTIONS
}
@optionscall {
method OPTIONS
}
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Headers *
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Headers *
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# enable HSTS
Strict-Transport-Security max-age=31536000;
# keep referrer data off
Referrer-Policy no-referrer
# keep referrer data off
Referrer-Policy no-referrer
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
route {
route {
header @ytproxy {
Cache-Control private always
}
header @ytproxy {
Cache-Control private always
}
header / {
Cache-Control "public, max-age=604800"
}
header / {
Cache-Control "public, max-age=604800"
}
respond @optionscall 200
respond @optionscall 200
reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
header_up -CF-Connecting-IP
header_up -X-Forwarded-For
header_down -Access-Control-Allow-Origin
header_down -etag
header_down -alt-svc
}
}
reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
header_up -CF-Connecting-IP
header_up -X-Forwarded-For
header_down -Access-Control-Allow-Origin
header_down -etag
header_down -alt-svc
}
}
}

0
template/docker-compose.yml → template/docker-compose.caddy.yml
View File

71
template/docker-compose.nginx.yml Normal file
View File

@ -0,0 +1,71 @@
services:
pipedfrontend:
image: 1337kavin/piped-frontend:latest
restart: unless-stopped
depends_on:
- piped
container_name: piped-frontend
entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/js/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
ytproxy:
image: 1337kavin/ytproxy:latest
restart: unless-stopped
volumes:
- ytproxy:/app/socket
container_name: ytproxy
piped:
image: 1337kavin/piped:latest
restart: unless-stopped
volumes:
- ./config/config.properties:/app/config.properties:ro
depends_on:
- postgres
container_name: piped-backend
varnish:
image: varnish:7.0-alpine
restart: unless-stopped
volumes:
- ./config/default.vcl:/etc/varnish/default.vcl:ro
container_name: varnish
depends_on:
- piped
nginx:
image: nginx:mainline-alpine
restart: unless-stopped
ports:
- "8080:80"
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
- ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
- ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
- ytproxy:/var/run/ytproxy
container_name: nginx
depends_on:
- piped
- varnish
- ytproxy
- pipedfrontend
postgres:
image: postgres:13-alpine
restart: unless-stopped
volumes:
- ./data/db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=piped
- POSTGRES_USER=piped
- POSTGRES_PASSWORD=changeme
container_name: postgres
watchtower:
image: containrrr/watchtower
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_RESTARTING=true
container_name: watchtower
command: piped-frontend piped-backend ytproxy varnish nginx postgres watchtower
volumes:
ytproxy:

31
template/nginx.conf Normal file
View File

@ -0,0 +1,31 @@
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}

10
template/pipedapi.conf Normal file
View File

@ -0,0 +1,10 @@
server {
listen 80;
server_name BACKEND_HOSTNAME;
location / {
proxy_pass http://varnish:80;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}

10
template/pipedfrontend.conf Normal file
View File

@ -0,0 +1,10 @@
server {
listen 80;
server_name FRONTEND_HOSTNAME;
location / {
proxy_pass http://pipedfrontend:80;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}

16
template/pipedproxy.conf Normal file
View File

@ -0,0 +1,16 @@
server {
listen 80;
server_name PROXY_HOSTNAME;
location ~ (/videoplayback|/api/v4/|/api/manifest/) {
include snippets/ytproxy.conf;
add_header Cache-Control private always;
proxy_hide_header Access-Control-Allow-Origin;
}
location / {
include snippets/ytproxy.conf;
add_header Cache-Control "public, max-age=604800";
proxy_hide_header Access-Control-Allow-Origin;
}
}

23
template/ytproxy.conf Normal file
View File

@ -0,0 +1,23 @@
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers *;
if ($request_method = OPTIONS ) {
return 200;
}
proxy_buffering on;
proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_set_header CF-Connecting-IP "";
proxy_hide_header "alt-svc";
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
aio threads=default;
aio_write on;
directio 16m;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
proxy_max_temp_file_size 32m;
access_log off;
proxy_pass http://unix:/var/run/ytproxy/http-proxy.sock;