id.420129/invidious-setup
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reintroduce nginx

Browse source 
And general refactoring
This commit is contained in:
Minecon724 2025-04-30 13:36:20 +02:00
commit 66a31f562c
Signed by untrusted user who does not match committer: m724
GPG key ID: A02E6E67AB961189
8 changed files with 165 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

28
README.md Normal file
View file

@ -0,0 +1,28 @@
Invidious, how I do it.
1. Clone with submodules!!! (`--recursive`)
2. Fill in placeholders
3. Schedule:
- `reset.sh` restarts Invidious.
- `hard_reset.sh` updates and restarts everything. I suggest to schedule only this, daily.
Placeholders:
1. `192.168.81.2` in [docker-compose.yml]
2. In both [config.yml] and [config-refresh.yml]:
- `hmac_key`
- `invidious_companion_key`
- companions
- (optional) `http_proxy`
- (optional) `modified_source_code_url`
You can generate keys with:
```
openssl rand -hex 8
```
#### `config.yml` vs `config-refresh.yml`
There are two Invidious instances (or, precisely, classes)
One handles "background work," that is **refreshing** stuff, like user subscriptions. It's not exposed to users. \
One (several, replicated) is exposed to users. \

26
botPolicy.json
View file

@ -20,6 +20,32 @@
"path_regex": "^/api/v1/stats$", "path_regex": "^/api/v1/stats$",
"action": "ALLOW" "action": "ALLOW"
}, },
{
"name": "updown",
"action": "ALLOW",
"remote_addresses": [
"2001:19f0:6001:2c6::1/128",
"45.32.74.41/32",
"2001:19f0:9002:11a::1/128",
"104.238.136.194/32",
"2607:5300:60:4c2f::1/128",
"192.99.37.47/32",
"2001:41d0:2:85af::1/128",
"91.121.222.175/32",
"2001:19f0:6c01:145::1/128",
"104.238.159.87/32",
"2a01:4f9:c010:d5f9::1/128",
"135.181.102.135/32",
"2001:19f0:4400:402e::1/128",
"45.32.107.181/32",
"2001:19f0:7001:45a::1/128",
"45.76.104.117/32",
"2001:19f0:5801:1d8::1/128",
"45.63.29.207/32",
"2a01:4f8:141:441a::2/128",
"178.63.21.176/32"
]
},
{ {
"name": "generic-browser", "name": "generic-browser",
"path_regex": ".*", "path_regex": ".*",

2
config-refresh.yaml
View file

@ -1,7 +1,7 @@
db: db:
user: kemal user: kemal
password: kemal password: kemal
host: invidious-db host: postgres
port: 5432 port: 5432
dbname: invidious dbname: invidious

2
config.yaml
View file

@ -1,7 +1,7 @@
db: db:
user: kemal user: kemal
password: kemal password: kemal
host: invidious-db host: postgres
port: 5432 port: 5432
dbname: invidious dbname: invidious

17
docker-compose.yml
View file

@ -12,7 +12,7 @@ services:
timeout: 5s timeout: 5s
retries: 2 retries: 2
depends_on: depends_on:
- invidious-db - postgres
invidious: invidious:
image: quay.io/invidious/invidious:master image: quay.io/invidious/invidious:master
@ -29,9 +29,9 @@ services:
deploy: deploy:
replicas: 6 replicas: 6
depends_on: depends_on:
- invidious-db - postgres
invidious-db: postgres:
image: docker.io/library/postgres:14 image: docker.io/library/postgres:14
restart: unless-stopped restart: unless-stopped
volumes: volumes:
@ -45,17 +45,22 @@ services:
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
nginx:
image: nginx:alpine-slim
restart: unless-stopped
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
ports:
- "192.168.81.2:80:80"
anubis: anubis:
image: ghcr.io/minecon724/anubis:main image: ghcr.io/minecon724/anubis:main
environment: environment:
DIFFICULTY: "1" DIFFICULTY: "1"
TARGET: "http://invidious:3000" TARGET: "http://invidious:3000"
POLICY_FNAME: "/data/cfg/botPolicy.json" POLICY_FNAME: "/data/cfg/botPolicy.json"
REVERSE_PROXY_TRUSTED_PROXIES: "192.168.81.0/24"
OG_PASSTHROUGH: "true" OG_PASSTHROUGH: "true"
WEBMASTER_EMAIL: "admin@example.com" WEBMASTER_EMAIL: "admin@example.com"
ports:
- "192.168.81.2:8923:8923"
volumes: volumes:
- ./botPolicy.json:/data/cfg/botPolicy.json:ro - ./botPolicy.json:/data/cfg/botPolicy.json:ro

12
hard-reset.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
cd "$(dirname "$0")"
echo "Updating..."
docker compose pull
echo "Restarting..."
docker compose down postgres invidious invidious-refresh
docker compose up -d postgres invidious invidious-refresh
docker compose down nginx anubis
docker compose up -d nginx anubis

85
nginx.conf Normal file
View file

@ -0,0 +1,85 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
access_log /dev/null;
error_log /dev/null;
tcp_nopush on;
keepalive_timeout 65;
gzip off;
resolver 127.0.0.11;
server {
listen 80;
listen [::]:80;
# It's still not a lot, so let's keep it that way
location = / {
proxy_pass http://anubis:8923;
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location / {
proxy_pass http://invidious:3000;
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /.within.website/x {
proxy_pass http://anubis:8923;
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /watch {
proxy_pass http://anubis:8923;
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /about {
return 302 "https://git.m724.eu/id.420129/about/src/branch/master/README.md";
}
location /latest_version {
return 403;
}
location /api/manifest/dash/id/ {
return 403;
}
location /videoplayback {
return 403;
}
location /api/v1/videos {
return 403;
}
}
}

1
reset.sh Normal file → Executable file
View file

@ -1,5 +1,4 @@
#!/bin/bash #!/bin/bash
cd /opt/invidious
echo "Restarting..." echo "Restarting..."
docker compose restart invidious-refresh docker compose restart invidious-refresh