Nginx improvements
This commit is contained in:
parent
dbbf6dbe57
commit
2dcc9111ad
GPG key ID:
A02E6E67AB961189
4 changed files with 29 additions and 21 deletions
6
.env
6
.env
|
|
@ -1,3 +1,9 @@
|
|||
# The subnet to rotate from.
|
||||
# Leave blank to disable IPv6 rotation.
|
||||
IPV6_SUBNET=2001:db8::/32
|
||||
|
||||
# The addresses nginx listens on.
|
||||
# To disable (effectively), set to something private.
|
||||
# IPv6 brackets are not needed!
|
||||
NGINX_IPV4=203.0.113.1
|
||||
NGINX_IPV6=2001:db8::1
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@ services:
|
|||
- ./html:/var/www/html:ro
|
||||
- ssl-certs:/etc/ssl:ro
|
||||
ports: # IPs that accept client (HTTP) connections
|
||||
- "203.0.113.1:80:80"
|
||||
- "[2001:db8::1]:80:80"
|
||||
- "203.0.113.1:443:443"
|
||||
- "[2001:db8::1]:443:443"
|
||||
- "203.0.113.1:443:443/udp"
|
||||
- "[2001:db8::1]:443:443/udp"
|
||||
- "${NGINX_IPV4}:80:80"
|
||||
- "[${NGINX_IPV6}]:80:80"
|
||||
- "${NGINX_IPV4}:443:443"
|
||||
- "[${NGINX_IPV6}]:443:443"
|
||||
- "${NGINX_IPV4}:443:443/udp"
|
||||
- "[${NGINX_IPV6}]:443:443/udp"
|
||||
|
||||
# Uncomment to use gluetun
|
||||
# gluetun:
|
||||
|
|
|
|||
|
|
@ -1,19 +1,26 @@
|
|||
set $DOMAIN example.com # replace this of course
|
||||
|
||||
upstream cu {
|
||||
# s/companion/gluetun if using gluetun
|
||||
server http://companion:8282;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 443 quic;
|
||||
listen [::]:443 ssl;
|
||||
listen [::]:443 quic;
|
||||
|
||||
server_name example.com;
|
||||
server_name $DOMAIN;
|
||||
|
||||
ssl_certificate /etc/ssl/example.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/ssl/example.com/key.pem;
|
||||
ssl_certificate /etc/ssl/$DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /etc/ssl/$DOMAIN/key.pem;
|
||||
|
||||
proxy_max_temp_file_size 0;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
location / {
|
||||
proxy_pass http://companion:8282;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_pass http://cu;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host; # so Invidious knows domain
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
|
|
@ -21,10 +28,10 @@ server {
|
|||
}
|
||||
|
||||
location /youtubei/v1/player {
|
||||
proxy_pass http://companion:8282;
|
||||
proxy_pass http://cu;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/html/example.com;
|
||||
root /var/www/html/$DOMAIN;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,15 +12,10 @@ http {
|
|||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent bytes "$http_referer" '
|
||||
'"$http_x_forwarded_for"';
|
||||
|
||||
# While I removed PII from the above log format, still better not logging
|
||||
access_log /dev/null main; # /var/log/nginx/access.log main;
|
||||
# Comment those to enable logging
|
||||
access_log /dev/null main;
|
||||
error_log /dev/null; # most errors are insignificant
|
||||
|
||||
|
||||
server_tokens off;
|
||||
|
||||
sendfile on;
|
||||
|
|
|
|||
Reference in a new issue