From 66a31f562cefc6f3e5f8b7f8218f29c3f63d0ae7 Mon Sep 17 00:00:00 2001
From: Minecon724 <minecon724@noreply.git.m724.eu>
Date: Wed, 30 Apr 2025 13:36:20 +0200
Subject: [PATCH] Reintroduce nginx And general refactoring

---
 README.md           | 28 +++++++++++++++
 botPolicy.json      | 26 ++++++++++++++
 config-refresh.yaml |  2 +-
 config.yaml         |  2 +-
 docker-compose.yml  | 19 ++++++----
 hard-reset.sh       | 12 +++++++
 nginx.conf          | 85 +++++++++++++++++++++++++++++++++++++++++++++
 reset.sh            |  1 -
 8 files changed, 165 insertions(+), 10 deletions(-)
 create mode 100644 README.md
 create mode 100755 hard-reset.sh
 create mode 100644 nginx.conf
 mode change 100644 => 100755 reset.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..134feaf
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+Invidious, how I do it.
+
+1. Clone with submodules!!! (`--recursive`)
+2. Fill in placeholders
+3. Schedule:
+   - `reset.sh` restarts Invidious.
+   - `hard_reset.sh` updates and restarts everything. I suggest to schedule only this, daily.
+
+Placeholders:
+1. `192.168.81.2` in [docker-compose.yml]
+2. In both [config.yml] and [config-refresh.yml]:
+   - `hmac_key`
+   - `invidious_companion_key`
+   - companions
+   - (optional) `http_proxy`
+   - (optional) `modified_source_code_url`
+
+You can generate keys with:
+```
+openssl rand -hex 8
+```
+
+#### `config.yml` vs `config-refresh.yml`
+
+There are two Invidious instances (or, precisely, classes)
+
+One handles "background work," that is **refreshing** stuff, like user subscriptions. It's not exposed to users. \
+One (several, replicated) is exposed to users. \
diff --git a/botPolicy.json b/botPolicy.json
index 0adea44..d119094 100644
--- a/botPolicy.json
+++ b/botPolicy.json
@@ -20,6 +20,32 @@
       "path_regex": "^/api/v1/stats$",
       "action": "ALLOW"
     },
+    {
+      "name": "updown",
+      "action": "ALLOW",
+      "remote_addresses": [
+          "2001:19f0:6001:2c6::1/128",
+          "45.32.74.41/32",
+          "2001:19f0:9002:11a::1/128",
+          "104.238.136.194/32",
+          "2607:5300:60:4c2f::1/128",
+          "192.99.37.47/32",
+          "2001:41d0:2:85af::1/128",
+          "91.121.222.175/32",
+          "2001:19f0:6c01:145::1/128",
+          "104.238.159.87/32",
+          "2a01:4f9:c010:d5f9::1/128",
+          "135.181.102.135/32",
+          "2001:19f0:4400:402e::1/128",
+          "45.32.107.181/32",
+          "2001:19f0:7001:45a::1/128",
+          "45.76.104.117/32",
+          "2001:19f0:5801:1d8::1/128",
+          "45.63.29.207/32",
+          "2a01:4f8:141:441a::2/128",
+          "178.63.21.176/32"
+        ]
+    },
     { 
       "name": "generic-browser",
       "path_regex": ".*",
diff --git a/config-refresh.yaml b/config-refresh.yaml
index 67e0d29..96ee371 100644
--- a/config-refresh.yaml
+++ b/config-refresh.yaml
@@ -1,7 +1,7 @@
 db:
   user: kemal
   password: kemal
-  host: invidious-db
+  host: postgres
   port: 5432
   dbname: invidious
 
diff --git a/config.yaml b/config.yaml
index 89065ca..d7b3856 100644
--- a/config.yaml
+++ b/config.yaml
@@ -1,7 +1,7 @@
 db:
   user: kemal
   password: kemal
-  host: invidious-db
+  host: postgres
   port: 5432
   dbname: invidious
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 238688a..13b366a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,7 +12,7 @@ services:
       timeout: 5s            
       retries: 2
     depends_on:                              
-      - invidious-db                                                                              
+      - postgres
 
   invidious:    
     image: quay.io/invidious/invidious:master
@@ -29,9 +29,9 @@ services:
     deploy:
       replicas: 6
     depends_on:
-      - invidious-db
+      - postgres
 
-  invidious-db:                                                                                                                                                                                      
+  postgres:
     image: docker.io/library/postgres:14
     restart: unless-stopped  
     volumes:              
@@ -45,17 +45,22 @@ services:
     healthcheck:       
       test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]                       
 
+  nginx:
+    image: nginx:alpine-slim
+    restart: unless-stopped
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    ports:
+      - "192.168.81.2:80:80"
+
   anubis:
     image: ghcr.io/minecon724/anubis:main
     environment:
       DIFFICULTY: "1"
       TARGET: "http://invidious:3000"
       POLICY_FNAME: "/data/cfg/botPolicy.json"
-      REVERSE_PROXY_TRUSTED_PROXIES: "192.168.81.0/24"
       OG_PASSTHROUGH: "true"
       WEBMASTER_EMAIL: "admin@example.com"
-    ports:
-      - "192.168.81.2:8923:8923"
     volumes:
       - ./botPolicy.json:/data/cfg/botPolicy.json:ro
 
@@ -70,4 +75,4 @@ networks:
     ipam:
       config:
         - subnet: 2001:0DB9::/112
-          gateway: 2001:0DB9::1
\ No newline at end of file
+          gateway: 2001:0DB9::1
diff --git a/hard-reset.sh b/hard-reset.sh
new file mode 100755
index 0000000..55fdf6d
--- /dev/null
+++ b/hard-reset.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+
+echo "Updating..."
+docker compose pull
+
+echo "Restarting..."
+docker compose down postgres invidious invidious-refresh
+docker compose up -d postgres invidious invidious-refresh
+
+docker compose down nginx anubis
+docker compose up -d nginx anubis
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..44da561
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,85 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    access_log  /dev/null;
+    error_log /dev/null;
+
+    tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  off;
+
+    resolver 127.0.0.11;
+
+    server {
+        listen 80;
+        listen [::]:80;
+
+        # It's still not a lot, so let's keep it that way
+
+        location = / {
+            proxy_pass http://anubis:8923;
+            proxy_http_version 1.1; # to keep alive
+            proxy_set_header Connection ""; # to keep alive
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $remote_addr;
+        }
+
+        location / {
+            proxy_pass http://invidious:3000;
+            proxy_http_version 1.1; # to keep alive
+            proxy_set_header Connection ""; # to keep alive
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $remote_addr;
+        }
+
+
+        location /.within.website/x {
+            proxy_pass http://anubis:8923;
+            proxy_http_version 1.1; # to keep alive
+            proxy_set_header Connection ""; # to keep alive
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $remote_addr;
+        }
+
+
+        location /watch {
+            proxy_pass http://anubis:8923;
+            proxy_http_version 1.1; # to keep alive
+            proxy_set_header Connection ""; # to keep alive
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $remote_addr;
+        }
+
+        location /about {
+            return 302 "https://git.m724.eu/id.420129/about/src/branch/master/README.md";
+        }
+
+        location /latest_version {
+            return 403;
+        }
+
+        location /api/manifest/dash/id/ {
+            return 403;
+        }
+
+        location /videoplayback {
+            return 403;
+        }
+
+        location /api/v1/videos {
+            return 403;
+        }
+    }
+}
+
diff --git a/reset.sh b/reset.sh
old mode 100644
new mode 100755
index 0583371..bfd93dc
--- a/reset.sh
+++ b/reset.sh
@@ -1,5 +1,4 @@
 #!/bin/bash
-cd /opt/invidious
 
 echo "Restarting..."
 docker compose restart invidious-refresh