mirror of
https://github.com/TeamPiped/Piped-Docker.git
synced 2024-08-14 23:56:53 +00:00
Add support for nginx without a TLS reverse proxy.
This commit is contained in:
parent
5862e8354a
commit
eb62697497
9 changed files with 225 additions and 62 deletions
|
@ -7,7 +7,11 @@ read backend
|
|||
echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):"
|
||||
read proxy
|
||||
|
||||
echo "Enter the reverse proxy you would like to use (either caddy or nginx):"
|
||||
read reverseproxy
|
||||
|
||||
rm -rf config/
|
||||
rm -f docker-compose.yml
|
||||
|
||||
cp -r template/ config/
|
||||
|
||||
|
@ -15,4 +19,4 @@ sed -i "s/FRONTEND_HOSTNAME/$frontend/g" config/*
|
|||
sed -i "s/BACKEND_HOSTNAME/$backend/g" config/*
|
||||
sed -i "s/PROXY_HOSTNAME/$proxy/g" config/*
|
||||
|
||||
mv config/docker-compose.yml docker-compose.yml
|
||||
mv config/docker-compose.$reverseproxy.yml docker-compose.yml
|
||||
|
|
|
@ -1,88 +1,86 @@
|
|||
{
|
||||
servers :443 {
|
||||
protocol {
|
||||
experimental_http3
|
||||
}
|
||||
}
|
||||
servers :443 {
|
||||
protocol {
|
||||
experimental_http3
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
FRONTEND_HOSTNAME {
|
||||
reverse_proxy pipedfrontend:80
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
reverse_proxy pipedfrontend:80
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
}
|
||||
|
||||
BACKEND_HOSTNAME {
|
||||
reverse_proxy varnish:80
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
reverse_proxy varnish:80
|
||||
header {
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
}
|
||||
|
||||
PROXY_HOSTNAME {
|
||||
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
|
||||
|
||||
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
|
||||
@optionscall {
|
||||
method OPTIONS
|
||||
}
|
||||
|
||||
@optionscall {
|
||||
method OPTIONS
|
||||
}
|
||||
header {
|
||||
Access-Control-Allow-Origin *
|
||||
Access-Control-Allow-Headers *
|
||||
|
||||
header {
|
||||
Access-Control-Allow-Origin *
|
||||
Access-Control-Allow-Headers *
|
||||
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy interest-cohort=()
|
||||
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
# enable HSTS
|
||||
Strict-Transport-Security max-age=31536000;
|
||||
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
# keep referrer data off
|
||||
Referrer-Policy no-referrer
|
||||
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
# prevent for appearing in search engine for private instances (option)
|
||||
#X-Robots-Tag noindex
|
||||
}
|
||||
|
||||
route {
|
||||
route {
|
||||
header @ytproxy {
|
||||
Cache-Control private always
|
||||
}
|
||||
|
||||
header @ytproxy {
|
||||
Cache-Control private always
|
||||
}
|
||||
header / {
|
||||
Cache-Control "public, max-age=604800"
|
||||
}
|
||||
|
||||
header / {
|
||||
Cache-Control "public, max-age=604800"
|
||||
}
|
||||
respond @optionscall 200
|
||||
|
||||
respond @optionscall 200
|
||||
|
||||
reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
|
||||
header_up -CF-Connecting-IP
|
||||
header_up -X-Forwarded-For
|
||||
header_down -Access-Control-Allow-Origin
|
||||
header_down -etag
|
||||
header_down -alt-svc
|
||||
}
|
||||
}
|
||||
reverse_proxy unix//var/run/ytproxy/http-proxy.sock {
|
||||
header_up -CF-Connecting-IP
|
||||
header_up -X-Forwarded-For
|
||||
header_down -Access-Control-Allow-Origin
|
||||
header_down -etag
|
||||
header_down -alt-svc
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
71
template/docker-compose.nginx.yml
Normal file
71
template/docker-compose.nginx.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
services:
|
||||
pipedfrontend:
|
||||
image: 1337kavin/piped-frontend:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- piped
|
||||
container_name: piped-frontend
|
||||
entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/js/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
|
||||
ytproxy:
|
||||
image: 1337kavin/ytproxy:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ytproxy:/app/socket
|
||||
container_name: ytproxy
|
||||
piped:
|
||||
image: 1337kavin/piped:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config/config.properties:/app/config.properties:ro
|
||||
depends_on:
|
||||
- postgres
|
||||
container_name: piped-backend
|
||||
varnish:
|
||||
image: varnish:7.0-alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./config/default.vcl:/etc/varnish/default.vcl:ro
|
||||
container_name: varnish
|
||||
depends_on:
|
||||
- piped
|
||||
nginx:
|
||||
image: nginx:mainline-alpine
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8080:80"
|
||||
volumes:
|
||||
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
|
||||
- ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
|
||||
- ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
|
||||
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
|
||||
- ytproxy:/var/run/ytproxy
|
||||
container_name: nginx
|
||||
depends_on:
|
||||
- piped
|
||||
- varnish
|
||||
- ytproxy
|
||||
- pipedfrontend
|
||||
postgres:
|
||||
image: postgres:13-alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./data/db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=piped
|
||||
- POSTGRES_USER=piped
|
||||
- POSTGRES_PASSWORD=changeme
|
||||
container_name: postgres
|
||||
watchtower:
|
||||
image: containrrr/watchtower
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
environment:
|
||||
- WATCHTOWER_CLEANUP=true
|
||||
- WATCHTOWER_INCLUDE_RESTARTING=true
|
||||
container_name: watchtower
|
||||
command: piped-frontend piped-backend ytproxy varnish nginx postgres watchtower
|
||||
volumes:
|
||||
ytproxy:
|
31
template/nginx.conf
Normal file
31
template/nginx.conf
Normal file
|
@ -0,0 +1,31 @@
|
|||
user root;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
gzip on;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
10
template/pipedapi.conf
Normal file
10
template/pipedapi.conf
Normal file
|
@ -0,0 +1,10 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name BACKEND_HOSTNAME;
|
||||
|
||||
location / {
|
||||
proxy_pass http://varnish:80;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
}
|
||||
}
|
10
template/pipedfrontend.conf
Normal file
10
template/pipedfrontend.conf
Normal file
|
@ -0,0 +1,10 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name FRONTEND_HOSTNAME;
|
||||
|
||||
location / {
|
||||
proxy_pass http://pipedfrontend:80;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "keep-alive";
|
||||
}
|
||||
}
|
16
template/pipedproxy.conf
Normal file
16
template/pipedproxy.conf
Normal file
|
@ -0,0 +1,16 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name PROXY_HOSTNAME;
|
||||
|
||||
location ~ (/videoplayback|/api/v4/|/api/manifest/) {
|
||||
include snippets/ytproxy.conf;
|
||||
add_header Cache-Control private always;
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
}
|
||||
|
||||
location / {
|
||||
include snippets/ytproxy.conf;
|
||||
add_header Cache-Control "public, max-age=604800";
|
||||
proxy_hide_header Access-Control-Allow-Origin;
|
||||
}
|
||||
}
|
23
template/ytproxy.conf
Normal file
23
template/ytproxy.conf
Normal file
|
@ -0,0 +1,23 @@
|
|||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Allow-Headers *;
|
||||
if ($request_method = OPTIONS ) {
|
||||
return 200;
|
||||
}
|
||||
proxy_buffering on;
|
||||
proxy_buffers 1024 16k;
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_set_header CF-Connecting-IP "";
|
||||
proxy_hide_header "alt-svc";
|
||||
sendfile on;
|
||||
sendfile_max_chunk 512k;
|
||||
tcp_nopush on;
|
||||
aio threads=default;
|
||||
aio_write on;
|
||||
directio 16m;
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_hide_header etag;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_max_temp_file_size 32m;
|
||||
access_log off;
|
||||
proxy_pass http://unix:/var/run/ytproxy/http-proxy.sock;
|
Loading…
Reference in a new issue