diff --git a/README.md b/README.md index 10e8475..7844505 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,10 @@ -1. `./init.sh` -2. Fill in `.env` -3. Set the companion secret key in `config.toml` -4. How do you want to connect to YouTube? - - If you want to rotate IPv6, consult `.env` - - This rotates your ipv6 to bypass ratelimits. It's only effective with subnets larger than /64, the larger the better. - - If you want to use gluetun: - - uncomment everything below `gluetun:` and the two lines `network_mode` and `depends_on` - - Put `wg0.conf` in the root directory - - If something else, you should know what you're doing -5. `./reset.sh` -6. `./issue_cert.sh` -7. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \ +1. Fill in `.env` +2. If you want to use gluetun: + - in `docker-compose.yml`, uncomment everything under `gluetun:` and the two lines `network_mode` and `depends_on` + - Put `wg0.conf` in the root directory +3. Set up nameservers (records pointing to companion) and wait until it's live +4. `./install.sh` +5. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \ This restarts every hour:00. You can change it, if you want to. / If you have multiple companions, you should make them restart at different times. ``` diff --git a/init.sh b/install.sh similarity index 53% rename from init.sh rename to install.sh index f25b4c1..14976a2 100755 --- a/init.sh +++ b/install.sh @@ -1,5 +1,6 @@ #!/bin/bash cd "$(dirname "$0")" +. .env git submodule update --init @@ -11,3 +12,23 @@ apt install -y python3-pyroute2 if [ $? -ne 0 ]; then echo -e "\033[0;31mCouldn't install pyroute2. You must install it manually.\033[0m" fi + +echo "Issuing certificate..." + +CERT_DIR=/etc/ssl/$DOMAIN + +docker compose up -d acme + +docker compose exec acme mkdir $CERT_DIR +docker compose exec acme ln -s /etc/nginx/snakeoil.key $CERT_DIR/key.pem +docker compose exec acme ln -s /etc/nginx/snakeoil.pem $CERT_DIR/fullchain.pem + +docker compose up -d nginx + +./scripts/issue_cert.sh + +docker compose down + +echo "Setup done" + +./reset.sh diff --git a/issue_cert.sh b/issue_cert.sh deleted file mode 100755 index 74533fc..0000000 --- a/issue_cert.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -cd "$(dirname "$0")" -. .env - -if [ -z "$DOMAIN" ]; then - echo "DOMAIN not set" - exit 1 -fi - -if (( $(docker compose ps nginx | wc -l) < 2 )); then - echo "Nginx is not running. Did you ./reset.sh?" - exit 1 -fi - -if (( $(docker compose ps acme | wc -l) < 2 )); then - echo "acme.sh is not running. Did you ./reset.sh?" - exit 1 -fi - - -CERT_DIR=/etc/ssl/$DOMAIN - -docker compose exec acme mkdir $CERT_DIR - -docker compose exec acme openssl req -new -x509 -days 365 -noenc -out $CERT_DIR/fullchain.pem -keyout $CERT_DIR/key.pem -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd" -docker compose exec nginx nginx -s reload - -docker compose exec acme --issue --server letsencrypt -d $DOMAIN --webroot /var/www/html/$DOMAIN -docker compose exec acme --install-cert -d $DOMAIN --key-file $CERT_DIR/key.pem --fullchain-file $CERT_DIR/fullchain.pem -docker compose exec nginx nginx -s reload - -echo "Done, certificate installed" diff --git a/nginx/conf.d/a-vars.conf.tmpl b/nginx/conf.d/a-vars.conf.tmpl deleted file mode 100644 index 327308a..0000000 --- a/nginx/conf.d/a-vars.conf.tmpl +++ /dev/null @@ -1,7 +0,0 @@ -# Do not edit this file - -set $DOMAIN $PDOMAIN - -upstream cu { - server http://$UPST:8282; -} diff --git a/nginx/conf.d/companion.conf b/nginx/conf.d/companion.conf.tmpl similarity index 88% rename from nginx/conf.d/companion.conf rename to nginx/conf.d/companion.conf.tmpl index d2bb4a1..31f9673 100644 --- a/nginx/conf.d/companion.conf +++ b/nginx/conf.d/companion.conf.tmpl @@ -12,7 +12,7 @@ server { proxy_max_temp_file_size 0; location / { - proxy_pass http://cu; + proxy_pass http://$UPSTREAM:8282; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; # so Invidious knows domain proxy_http_version 1.1; @@ -21,7 +21,7 @@ server { } location /youtubei/v1/player { - proxy_pass http://cu; + proxy_pass http://$UPSTREAM:8282; } location /.well-known/acme-challenge { diff --git a/reset.sh b/reset.sh index 228b8ec..d127546 100755 --- a/reset.sh +++ b/reset.sh @@ -5,13 +5,14 @@ cd "$(dirname "$0")" echo "Updating config" if [ "$GLUETUN" = true ]; then - UPST=gluetun + export UPSTREAM=gluetun else - UPST=companion + export UPSTREAM=companion fi -PDOMAIN=$DOMAIN -envsubst '$PDOMAIN,$UPST' < nginx/conf.d/a-vars.conf.tmpl > nginx/conf.d/a-vars.conf +echo -e "# Don't edit this file. Edit the .tmpl file\n\n" > nginx/conf.d/companion.conf +DOMAIN=$DOMAIN envsubst '$DOMAIN,$UPSTREAM' < nginx/conf.d/companion.conf.tmpl >> nginx/conf.d/companion.conf + if [ -n "$IPV6_SUBNET" ]; then diff --git a/scripts/issue_cert.sh b/scripts/issue_cert.sh new file mode 100755 index 0000000..b0693a4 --- /dev/null +++ b/scripts/issue_cert.sh @@ -0,0 +1,11 @@ +#!/bin/bash +cd "$(dirname "$0")" +. ../.env + +CERT_DIR=/etc/ssl/$DOMAIN + +docker compose exec acme --issue --server letsencrypt -d $DOMAIN --webroot /var/www/html/$DOMAIN +docker compose exec acme --install-cert -d $DOMAIN --key-file $CERT_DIR/key.pem --fullchain-file $CERT_DIR/fullchain.pem +docker compose exec nginx nginx -s reload + +echo "Certificate installed"