This repository has been archived by the owner on Feb 17, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add new piped (hopefully faster) instance
- Loading branch information
Showing
11 changed files
with
396 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: deploy-piped | ||
|
||
on: | ||
push: | ||
paths: | ||
- '.github/workflows/piped.yml' | ||
- 'piped/**' | ||
branches: [main] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: piped | ||
url: https://piped.aosus.link | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Tailscale | ||
uses: tailscale/github-action@ce41a99162202a647a4b24c30c558a567b926709 | ||
with: | ||
authkey: ${{ secrets.TAILSCALE_AUTHKEY }} | ||
hostname: Github-actions | ||
version: ${{ vars.TAILSCALE_VERSION }} | ||
|
||
- name: Add secrets to config files | ||
env: | ||
POSTGRES_PASSWORD: ${{ secrets.piped_postgres_password }} | ||
run: | | ||
sed -i "s/(piped_postgres_password)/$POSTGRES_PASSWORD/g" $GITHUB_WORKSPACE/piped/config.properties | ||
- name: Start Deployment | ||
uses: FarisZR/docker-compose-gitops-action@v1 | ||
env: | ||
POSTGRES_PASSWORD: ${{ secrets.piped_postgres_password }} | ||
with: | ||
remote_docker_host: ${{ secrets.server_address }} | ||
tailscale_ssh: true # no need for manual private and public keys | ||
upload_directory: true # upload docker directory | ||
docker_compose_directory: piped # directory to upload | ||
compose_file_path: piped/docker-compose.yml | ||
args: -p piped up -d --remove-orphans |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
(piped-global) { | ||
header { | ||
# disable FLoC tracking | ||
Permissions-Policy interest-cohort=() | ||
|
||
# enable HSTS | ||
Strict-Transport-Security max-age=31536000; | ||
|
||
# keep referrer data off | ||
Referrer-Policy no-referrer | ||
} | ||
} | ||
|
||
piped.aosus.link { | ||
# aosus settings | ||
respond /robots.txt 200 { | ||
body "User-agent: * | ||
Disallow: /" | ||
} | ||
header { | ||
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" | ||
X-XSS-Protection "1; mode=block" | ||
} | ||
# end aosus settings | ||
reverse_proxy pipedfrontend:80 | ||
import piped-global | ||
encode zstd gzip | ||
} | ||
|
||
api.piped.aosus.link { | ||
# aosus settings | ||
respond /robots.txt 200 { | ||
body "User-agent: * | ||
Disallow: /" | ||
} | ||
header { | ||
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" | ||
X-XSS-Protection "1; mode=block" | ||
} | ||
# end aosus settings | ||
reverse_proxy piped-nginx:80 | ||
import piped-global | ||
encode zstd gzip | ||
} | ||
|
||
proxy.piped.aosus.link { | ||
@ytproxy path /videoplayback* /api/v4/* /api/manifest/* | ||
import piped-global | ||
# aosus settings | ||
respond /robots.txt 200 { | ||
body "User-agent: * | ||
Disallow: /" | ||
} | ||
header { | ||
X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" | ||
X-XSS-Protection "1; mode=block" | ||
} | ||
# end aosus settings | ||
route { | ||
header @ytproxy { | ||
Cache-Control private always | ||
} | ||
|
||
header / { | ||
Cache-Control "public, max-age=604800" | ||
} | ||
|
||
reverse_proxy unix//var/run/ytproxy/actix.sock { | ||
header_up -CF-Connecting-IP | ||
header_up -X-Forwarded-For | ||
header_down -etag | ||
header_down -alt-svc | ||
} | ||
} | ||
encode zstd gzip | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# The port to Listen on. | ||
PORT: 8080 | ||
|
||
# The number of workers to use for the server | ||
HTTP_WORKERS: 8 | ||
|
||
# Proxy | ||
PROXY_PART: https://proxy.piped.aosus.link | ||
|
||
# Outgoing HTTP Proxy - eg: 127.0.0.1:8118 | ||
#HTTP_PROXY: 127.0.0.1:8118 | ||
|
||
# Captcha Parameters | ||
#CAPTCHA_BASE_URL: https://api.capmonster.cloud/ | ||
#CAPTCHA_API_KEY: INSERT_HERE | ||
|
||
# Public API URL | ||
API_URL: https://api.piped.aosus.link | ||
|
||
# Public Frontend URL | ||
FRONTEND_URL: https://piped.aosus.link | ||
|
||
# Enable haveibeenpwned compromised password API | ||
COMPROMISED_PASSWORD_CHECK: true | ||
|
||
# Disable Registration | ||
DISABLE_REGISTRATION: false | ||
|
||
# Feed Retention Time in Days | ||
FEED_RETENTION: 30 | ||
|
||
# Hibernate properties | ||
hibernate.connection.url: jdbc:postgresql://postgres:5432/piped | ||
hibernate.connection.driver_class: org.postgresql.Driver | ||
hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect | ||
hibernate.connection.username: piped | ||
hibernate.connection.password: (piped_postgres_password) | ||
|
||
# Frontend configuration | ||
frontend.statusPageUrl:https://status.aosus.org | ||
frontend.donationUrl:https://opencollective.com/aosus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
(global) { | ||
header { | ||
# disable FLoC tracking | ||
Permissions-Policy interest-cohort=() | ||
|
||
# enable HSTS | ||
Strict-Transport-Security max-age=31536000; | ||
|
||
# keep referrer data off | ||
Referrer-Policy no-referrer | ||
|
||
# prevent for appearing in search engine for private instances (option) | ||
#X-Robots-Tag noindex | ||
} | ||
} | ||
|
||
piped.aosus.org { | ||
reverse_proxy pipedfrontend:80 | ||
import global | ||
} | ||
|
||
api.piped.aosus.org { | ||
reverse_proxy nginx:80 | ||
import global | ||
} | ||
|
||
proxy.piped.aosus.org { | ||
@ytproxy path /videoplayback* /api/v4/* /api/manifest/* | ||
import global | ||
|
||
route { | ||
header @ytproxy { | ||
Cache-Control private always | ||
} | ||
|
||
header / { | ||
Cache-Control "public, max-age=604800" | ||
} | ||
|
||
reverse_proxy unix//var/run/ytproxy/actix.sock { | ||
header_up -CF-Connecting-IP | ||
header_up -X-Forwarded-For | ||
header_down -etag | ||
header_down -alt-svc | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
user root; | ||
worker_processes auto; | ||
|
||
error_log /var/log/nginx/error.log notice; | ||
pid /var/run/nginx.pid; | ||
|
||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
sendfile on; | ||
tcp_nodelay on; | ||
|
||
keepalive_timeout 65; | ||
|
||
resolver 127.0.0.11 ipv6=off valid=10s; | ||
|
||
include /etc/nginx/conf.d/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off; | ||
|
||
server { | ||
listen 80; | ||
server_name api.piped.aosus.link; | ||
|
||
set $backend "http://piped:8080"; | ||
|
||
location / { | ||
proxy_cache pipedapi; | ||
proxy_pass $backend; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "keep-alive"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
server { | ||
listen 80; | ||
server_name piped.aosus.link; | ||
|
||
set $backend "http://pipedfrontend:80"; | ||
|
||
location / { | ||
proxy_pass $backend; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection "keep-alive"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
server { | ||
listen 80; | ||
server_name proxy.piped.aosus.link; | ||
|
||
location ~ (/videoplayback|/api/v4/|/api/manifest/) { | ||
include snippets/ytproxy.conf; | ||
add_header Cache-Control private always; | ||
} | ||
|
||
location / { | ||
include snippets/ytproxy.conf; | ||
add_header Cache-Control "public, max-age=604800"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
proxy_buffering on; | ||
proxy_buffers 1024 16k; | ||
proxy_set_header X-Forwarded-For ""; | ||
proxy_set_header CF-Connecting-IP ""; | ||
proxy_hide_header "alt-svc"; | ||
sendfile on; | ||
sendfile_max_chunk 512k; | ||
tcp_nopush on; | ||
aio threads=default; | ||
aio_write on; | ||
directio 16m; | ||
proxy_hide_header Cache-Control; | ||
proxy_hide_header etag; | ||
proxy_http_version 1.1; | ||
proxy_set_header Connection keep-alive; | ||
proxy_max_temp_file_size 32m; | ||
access_log off; | ||
proxy_pass http://unix:/var/run/ytproxy/actix.sock; |
Oops, something went wrong.