Add support for nginx without a TLS reverse proxy.

configure-instance.sh

@@ -7,7 +7,11 @@ read backend
 echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):"
 read proxy
 
+echo "Enter the reverse proxy you would like to use (either caddy or nginx):"
+read reverseproxy
+
 rm -rf config/
+rm -f docker-compose.yml
 
 cp -r template/ config/
 
@@ -15,4 +19,4 @@ sed -i "s/FRONTEND_HOSTNAME/$frontend/g" config/*
 sed -i "s/BACKEND_HOSTNAME/$backend/g" config/*
 sed -i "s/PROXY_HOSTNAME/$proxy/g" config/*
 
-mv config/docker-compose.yml docker-compose.yml
+mv config/docker-compose.$reverseproxy.yml docker-compose.yml

template/Caddyfile

@@ -1,88 +1,86 @@
 {
-    servers :443 {
+	servers :443 {
-        protocol {
+		protocol {
-            experimental_http3
+			experimental_http3
-        }
+		}
-    }
+	}
 }
 
 FRONTEND_HOSTNAME {
-    reverse_proxy pipedfrontend:80
+	reverse_proxy pipedfrontend:80
-    header {
+	header {
-        # disable FLoC tracking
+		# disable FLoC tracking
-        Permissions-Policy interest-cohort=()
+		Permissions-Policy interest-cohort=()
 
-        # enable HSTS
+		# enable HSTS
-        Strict-Transport-Security max-age=31536000;
+		Strict-Transport-Security max-age=31536000;
 
-        # keep referrer data off
+		# keep referrer data off
-        Referrer-Policy no-referrer
+		Referrer-Policy no-referrer
 
-        # prevent for appearing in search engine for private instances (option)
+		# prevent for appearing in search engine for private instances (option)
-        #X-Robots-Tag noindex
+		#X-Robots-Tag noindex
-    }
+	}
 }
 
 BACKEND_HOSTNAME {
-    reverse_proxy varnish:80
+	reverse_proxy varnish:80
-    header {
+	header {
-        # disable FLoC tracking
+		# disable FLoC tracking
-        Permissions-Policy interest-cohort=()
+		Permissions-Policy interest-cohort=()
 
-        # enable HSTS
+		# enable HSTS
-        Strict-Transport-Security max-age=31536000;
+		Strict-Transport-Security max-age=31536000;
 
-        # keep referrer data off
+		# keep referrer data off
-        Referrer-Policy no-referrer
+		Referrer-Policy no-referrer
 
-        # prevent for appearing in search engine for private instances (option)
+		# prevent for appearing in search engine for private instances (option)
-        #X-Robots-Tag noindex
+		#X-Robots-Tag noindex
-    }
+	}
 }
 
 PROXY_HOSTNAME {
+	@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
 
-    @ytproxy path /videoplayback* /api/v4/* /api/manifest/*
+	@optionscall {
+		method OPTIONS
+	}
 
-    @optionscall {
+	header {
-        method OPTIONS
+		Access-Control-Allow-Origin *
-    }
+		Access-Control-Allow-Headers *
 
-    header {
+		# disable FLoC tracking
-        Access-Control-Allow-Origin *
+		Permissions-Policy interest-cohort=()
-        Access-Control-Allow-Headers *
-  
-        # disable FLoC tracking
-        Permissions-Policy interest-cohort=()
 
-        # enable HSTS
+		# enable HSTS
-        Strict-Transport-Security max-age=31536000;
+		Strict-Transport-Security max-age=31536000;
 
-        # keep referrer data off
+		# keep referrer data off
-        Referrer-Policy no-referrer
+		Referrer-Policy no-referrer
 
-        # prevent for appearing in search engine for private instances (option)
+		# prevent for appearing in search engine for private instances (option)
-        #X-Robots-Tag noindex
+		#X-Robots-Tag noindex
-    }
+	}
 
-    route {
+	route {
+		header @ytproxy {
+			Cache-Control private always
+		}
 
-        header @ytproxy {
+		header / {
-            Cache-Control private always
+			Cache-Control "public, max-age=604800"
-        }
+		}
 
-        header / {
+		respond @optionscall 200
-            Cache-Control "public, max-age=604800"
-        }
 
-        respond @optionscall 200
+		reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
-
+			header_up -CF-Connecting-IP
-        reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
+			header_up -X-Forwarded-For
-            header_up -CF-Connecting-IP
+			header_down -Access-Control-Allow-Origin
-            header_up -X-Forwarded-For
+			header_down -etag
-            header_down -Access-Control-Allow-Origin
+			header_down -alt-svc
-            header_down -etag
+		}
-            header_down -alt-svc
+	}
-        }
-    }
 }

template/docker-compose.nginx.yml

@@ -0,0 +1,71 @@
+services:
+    pipedfrontend:
+        image: 1337kavin/piped-frontend:latest
+        restart: unless-stopped
+        depends_on:
+            - piped
+        container_name: piped-frontend
+        entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/js/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
+    ytproxy:
+        image: 1337kavin/ytproxy:latest
+        restart: unless-stopped
+        volumes:
+            - ytproxy:/app/socket
+        container_name: ytproxy
+    piped:
+        image: 1337kavin/piped:latest
+        restart: unless-stopped
+        volumes:
+            - ./config/config.properties:/app/config.properties:ro
+        depends_on:
+            - postgres
+        container_name: piped-backend
+    varnish:
+        image: varnish:7.0-alpine
+        restart: unless-stopped
+        volumes:
+            - ./config/default.vcl:/etc/varnish/default.vcl:ro
+        container_name: varnish
+        depends_on:
+            - piped
+    nginx:
+        image: nginx:mainline-alpine
+        restart: unless-stopped
+        ports:
+            - "8080:80"
+        volumes:
+            - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
+            - ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
+            - ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
+            - ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
+            - ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
+            - ytproxy:/var/run/ytproxy
+        container_name: nginx
+        depends_on:
+            - piped
+            - varnish
+            - ytproxy
+            - pipedfrontend
+    postgres:
+        image: postgres:13-alpine
+        restart: unless-stopped
+        volumes:
+            - ./data/db:/var/lib/postgresql/data
+        environment:
+            - POSTGRES_DB=piped
+            - POSTGRES_USER=piped
+            - POSTGRES_PASSWORD=changeme
+        container_name: postgres
+    watchtower:
+        image: containrrr/watchtower
+        restart: always
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /etc/timezone:/etc/timezone:ro
+        environment:
+            - WATCHTOWER_CLEANUP=true
+            - WATCHTOWER_INCLUDE_RESTARTING=true
+        container_name: watchtower
+        command: piped-frontend piped-backend ytproxy varnish nginx postgres watchtower
+volumes:
+    ytproxy:

template/nginx.conf

@@ -0,0 +1,31 @@
+user root;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+
+events {
+    worker_connections 1024;
+}
+
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nodelay on;
+
+    keepalive_timeout 65;
+
+    gzip on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

template/pipedapi.conf

@@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name BACKEND_HOSTNAME;
+
+    location / {
+        proxy_pass http://varnish:80;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "keep-alive";
+    }
+}

template/pipedfrontend.conf

@@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name FRONTEND_HOSTNAME;
+
+    location / {
+        proxy_pass http://pipedfrontend:80;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "keep-alive";
+    }
+}

template/pipedproxy.conf

@@ -0,0 +1,16 @@
+server {
+    listen 80;
+    server_name PROXY_HOSTNAME;
+
+    location ~ (/videoplayback|/api/v4/|/api/manifest/) {
+        include snippets/ytproxy.conf;
+        add_header Cache-Control private always;
+        proxy_hide_header Access-Control-Allow-Origin;
+    }
+
+    location / {
+        include snippets/ytproxy.conf;
+        add_header Cache-Control "public, max-age=604800";
+        proxy_hide_header Access-Control-Allow-Origin;
+    }
+}

template/ytproxy.conf

@@ -0,0 +1,23 @@
+add_header Access-Control-Allow-Origin *;
+add_header Access-Control-Allow-Headers *;
+if ($request_method = OPTIONS ) {
+    return 200;
+}
+proxy_buffering on;
+proxy_buffers 1024 16k;
+proxy_set_header X-Forwarded-For "";
+proxy_set_header CF-Connecting-IP "";
+proxy_hide_header "alt-svc";
+sendfile on;
+sendfile_max_chunk 512k;
+tcp_nopush on;
+aio threads=default;
+aio_write on;
+directio 16m;
+proxy_hide_header Cache-Control;
+proxy_hide_header etag;
+proxy_http_version 1.1;
+proxy_set_header Connection keep-alive;
+proxy_max_temp_file_size 32m;
+access_log off;
+proxy_pass http://unix:/var/run/ytproxy/http-proxy.sock;