id.420129/companion-setup
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nginx improvements

Browse source
This commit is contained in:
Minecon724 2025-04-12 09:02:15 +02:00
commit 2dcc9111ad
Signed by untrusted user who does not match committer: m724
GPG key ID: A02E6E67AB961189
4 changed files with 29 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.env
View file

@ -1,3 +1,9 @@
# The subnet to rotate from. # The subnet to rotate from.
# Leave blank to disable IPv6 rotation. # Leave blank to disable IPv6 rotation.
IPV6_SUBNET=2001:db8::/32 IPV6_SUBNET=2001:db8::/32
# The addresses nginx listens on.
# To disable (effectively), set to something private.
# IPv6 brackets are not needed!
NGINX_IPV4=203.0.113.1
NGINX_IPV6=2001:db8::1

12
docker-compose.yml
View file

@ -30,12 +30,12 @@ services:
- ./html:/var/www/html:ro - ./html:/var/www/html:ro
- ssl-certs:/etc/ssl:ro - ssl-certs:/etc/ssl:ro
ports: # IPs that accept client (HTTP) connections ports: # IPs that accept client (HTTP) connections
- "203.0.113.1:80:80" - "${NGINX_IPV4}:80:80"
- "[2001:db8::1]:80:80" - "[${NGINX_IPV6}]:80:80"
- "203.0.113.1:443:443" - "${NGINX_IPV4}:443:443"
- "[2001:db8::1]:443:443" - "[${NGINX_IPV6}]:443:443"
- "203.0.113.1:443:443/udp" - "${NGINX_IPV4}:443:443/udp"
- "[2001:db8::1]:443:443/udp" - "[${NGINX_IPV6}]:443:443/udp"
# Uncomment to use gluetun # Uncomment to use gluetun
# gluetun: # gluetun:

19
nginx/conf.d/companion.conf
View file

@ -1,18 +1,25 @@
set $DOMAIN example.com # replace this of course
upstream cu {
# s/companion/gluetun if using gluetun
server http://companion:8282;
}
server { server {
listen 443 ssl; listen 443 ssl;
listen 443 quic; listen 443 quic;
listen [::]:443 ssl; listen [::]:443 ssl;
listen [::]:443 quic; listen [::]:443 quic;
server_name example.com; server_name $DOMAIN;
ssl_certificate /etc/ssl/example.com/fullchain.pem; ssl_certificate /etc/ssl/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/ssl/example.com/key.pem; ssl_certificate_key /etc/ssl/$DOMAIN/key.pem;
proxy_max_temp_file_size 0; proxy_max_temp_file_size 0;
location / { location / {
proxy_pass http://companion:8282; proxy_pass http://cu;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; proxy_http_version 1.1;
@ -21,10 +28,10 @@ server {
} }
location /youtubei/v1/player { location /youtubei/v1/player {
proxy_pass http://companion:8282; proxy_pass http://cu;
} }
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
root /var/www/html/example.com; root /var/www/html/$DOMAIN;
} }
} }

9
nginx/nginx.conf
View file

@ -12,15 +12,10 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
log_format main '$remote_user [$time_local] "$request" ' # Comment those to enable logging
'$status $body_bytes_sent bytes "$http_referer" ' access_log /dev/null main;
'"$http_x_forwarded_for"';
# While I removed PII from the above log format, still better not logging
access_log /dev/null main; # /var/log/nginx/access.log main;
error_log /dev/null; # most errors are insignificant error_log /dev/null; # most errors are insignificant
server_tokens off; server_tokens off;
sendfile on; sendfile on;