Skip to content
This repository has been archived by the owner on Feb 17, 2024. It is now read-only.

Commit

Permalink
add new piped (hopefully faster) instance
Browse files Browse the repository at this point in the history
  • Loading branch information
FarisZR committed Apr 17, 2023
1 parent 82bff5b commit 5c23358
Show file tree
Hide file tree
Showing 11 changed files with 396 additions and 1 deletion.
46 changes: 46 additions & 0 deletions .github/workflows/piped.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: deploy-piped

on:
push:
paths:
- '.github/workflows/piped.yml'
- 'piped/**'
branches: [main]
workflow_dispatch:

jobs:
deploy:
runs-on: ubuntu-latest
environment:
name: piped
url: https://piped.aosus.link
steps:
- name: checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Tailscale
uses: tailscale/github-action@ce41a99162202a647a4b24c30c558a567b926709
with:
authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
hostname: Github-actions
version: ${{ vars.TAILSCALE_VERSION }}

- name: Add secrets to config files
env:
POSTGRES_PASSWORD: ${{ secrets.piped_postgres_password }}
run: |
sed -i "s/(piped_postgres_password)/$POSTGRES_PASSWORD/g" $GITHUB_WORKSPACE/piped/config.properties
- name: Start Deployment
uses: FarisZR/docker-compose-gitops-action@v1
env:
POSTGRES_PASSWORD: ${{ secrets.piped_postgres_password }}
with:
remote_docker_host: ${{ secrets.server_address }}
tailscale_ssh: true # no need for manual private and public keys
upload_directory: true # upload docker directory
docker_compose_directory: piped # directory to upload
compose_file_path: piped/docker-compose.yml
args: -p piped up -d --remove-orphans
76 changes: 76 additions & 0 deletions caddy/configs/piped.caddy
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
(piped-global) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()

# enable HSTS
Strict-Transport-Security max-age=31536000;

# keep referrer data off
Referrer-Policy no-referrer
}
}

piped.aosus.link {
# aosus settings
respond /robots.txt 200 {
body "User-agent: *
Disallow: /"
}
header {
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet"
X-XSS-Protection "1; mode=block"
}
# end aosus settings
reverse_proxy pipedfrontend:80
import piped-global
encode zstd gzip
}

api.piped.aosus.link {
# aosus settings
respond /robots.txt 200 {
body "User-agent: *
Disallow: /"
}
header {
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet"
X-XSS-Protection "1; mode=block"
}
# end aosus settings
reverse_proxy piped-nginx:80
import piped-global
encode zstd gzip
}

proxy.piped.aosus.link {
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
import piped-global
# aosus settings
respond /robots.txt 200 {
body "User-agent: *
Disallow: /"
}
header {
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet"
X-XSS-Protection "1; mode=block"
}
# end aosus settings
route {
header @ytproxy {
Cache-Control private always
}

header / {
Cache-Control "public, max-age=604800"
}

reverse_proxy unix//var/run/ytproxy/actix.sock {
header_up -CF-Connecting-IP
header_up -X-Forwarded-For
header_down -etag
header_down -alt-svc
}
}
encode zstd gzip
}
6 changes: 5 additions & 1 deletion caddy/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ services:
- /home/aosus/caddy/configs:/etc/caddy/configs:ro
- data:/data
- config:/config
- piped-proxy:/var/run/ytproxy
networks:
web:
discourse:
Expand All @@ -33,4 +34,7 @@ configs:

volumes:
data:
config:
config:
piped-proxy:
external:
name: piped_piped-proxy
41 changes: 41 additions & 0 deletions piped/config.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# The port to Listen on.
PORT: 8080

# The number of workers to use for the server
HTTP_WORKERS: 8

# Proxy
PROXY_PART: https://proxy.piped.aosus.link

# Outgoing HTTP Proxy - eg: 127.0.0.1:8118
#HTTP_PROXY: 127.0.0.1:8118

# Captcha Parameters
#CAPTCHA_BASE_URL: https://api.capmonster.cloud/
#CAPTCHA_API_KEY: INSERT_HERE

# Public API URL
API_URL: https://api.piped.aosus.link

# Public Frontend URL
FRONTEND_URL: https://piped.aosus.link

# Enable haveibeenpwned compromised password API
COMPROMISED_PASSWORD_CHECK: true

# Disable Registration
DISABLE_REGISTRATION: false

# Feed Retention Time in Days
FEED_RETENTION: 30

# Hibernate properties
hibernate.connection.url: jdbc:postgresql://postgres:5432/piped
hibernate.connection.driver_class: org.postgresql.Driver
hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username: piped
hibernate.connection.password: (piped_postgres_password)

# Frontend configuration
frontend.statusPageUrl:https://status.aosus.org
frontend.donationUrl:https://opencollective.com/aosus
47 changes: 47 additions & 0 deletions piped/config/Caddyfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
(global) {
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()

# enable HSTS
Strict-Transport-Security max-age=31536000;

# keep referrer data off
Referrer-Policy no-referrer

# prevent for appearing in search engine for private instances (option)
#X-Robots-Tag noindex
}
}

piped.aosus.org {
reverse_proxy pipedfrontend:80
import global
}

api.piped.aosus.org {
reverse_proxy nginx:80
import global
}

proxy.piped.aosus.org {
@ytproxy path /videoplayback* /api/v4/* /api/manifest/*
import global

route {
header @ytproxy {
Cache-Control private always
}

header / {
Cache-Control "public, max-age=604800"
}

reverse_proxy unix//var/run/ytproxy/actix.sock {
header_up -CF-Connecting-IP
header_up -X-Forwarded-For
header_down -etag
header_down -alt-svc
}
}
}
31 changes: 31 additions & 0 deletions piped/config/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
user root;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nodelay on;

keepalive_timeout 65;

resolver 127.0.0.11 ipv6=off valid=10s;

include /etc/nginx/conf.d/*.conf;
}
15 changes: 15 additions & 0 deletions piped/config/pipedapi.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off;

server {
listen 80;
server_name api.piped.aosus.link;

set $backend "http://piped:8080";

location / {
proxy_cache pipedapi;
proxy_pass $backend;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}
12 changes: 12 additions & 0 deletions piped/config/pipedfrontend.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
server {
listen 80;
server_name piped.aosus.link;

set $backend "http://pipedfrontend:80";

location / {
proxy_pass $backend;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}
14 changes: 14 additions & 0 deletions piped/config/pipedproxy.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
server {
listen 80;
server_name proxy.piped.aosus.link;

location ~ (/videoplayback|/api/v4/|/api/manifest/) {
include snippets/ytproxy.conf;
add_header Cache-Control private always;
}

location / {
include snippets/ytproxy.conf;
add_header Cache-Control "public, max-age=604800";
}
}
18 changes: 18 additions & 0 deletions piped/config/ytproxy.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
proxy_buffering on;
proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_set_header CF-Connecting-IP "";
proxy_hide_header "alt-svc";
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
aio threads=default;
aio_write on;
directio 16m;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
proxy_max_temp_file_size 32m;
access_log off;
proxy_pass http://unix:/var/run/ytproxy/actix.sock;
Loading

0 comments on commit 5c23358

Please sign in to comment.