From 241c46754c5862931f86d97e924c76c49804db6b Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Sep 2024 16:41:21 -0300 Subject: [PATCH] Update docker configuration. --- .../inv_sig_helper_cluster/docker-compose.yml | 4 +- .../haproxy/haproxy.cfg | 11 ++- invidious/invidious-vpn-2/docker-compose.yml | 82 ++++++++++++++++--- invidious/invidious-vpn-2/haproxy/haproxy.cfg | 36 ++++++++ invidious/invidious-vpn/docker-compose.yml | 80 ++++++++++++++++-- invidious/invidious-vpn/haproxy/haproxy.cfg | 36 ++++++++ invidious/invidious/docker-compose.yml | 22 +++-- 7 files changed, 240 insertions(+), 31 deletions(-) diff --git a/invidious/inv_sig_helper_cluster/docker-compose.yml b/invidious/inv_sig_helper_cluster/docker-compose.yml index 0e6f23c..eb56a76 100644 --- a/invidious/inv_sig_helper_cluster/docker-compose.yml +++ b/invidious/inv_sig_helper_cluster/docker-compose.yml @@ -1,6 +1,6 @@ services: inv_sig_helper_cluster: - image: quay.io/invidious/inv-sig-helper + image: git.nadeko.net/fijxu/inv_sig_helper:master-4477ac8 restart: unless-stopped mem_limit: "512m" init: true @@ -8,7 +8,7 @@ services: environment: - RUST_LOG=info deploy: - replicas: 8 + replicas: 16 networks: - invidious - gluetun_network diff --git a/invidious/inv_sig_helper_cluster/haproxy/haproxy.cfg b/invidious/inv_sig_helper_cluster/haproxy/haproxy.cfg index c6c3936..e89a0a8 100644 --- a/invidious/inv_sig_helper_cluster/haproxy/haproxy.cfg +++ b/invidious/inv_sig_helper_cluster/haproxy/haproxy.cfg @@ -7,9 +7,15 @@ resolvers docker # using domains nameserver dns1 127.0.0.11:53 +defaults + timeout client 10s + timeout connect 10s + timeout server 10s + timeout queue 30s + # Prometheus for graphs frontend prometheus - bind *:8404 + bind *:8405 mode http http-request use-service prometheus-exporter if { path /metrics } no log @@ -22,4 +28,5 @@ frontend sighelper backend sighelper mode tcp balance leastconn - server-template inv_sig_helper 16 inv_sig_helper_cluster:12999 check resolvers docker init-addr libc,none + option redispatch + server-template inv_sig_helper 16 inv_sig_helper_cluster:12999 check resolvers docker init-addr libc,none inter 1s diff --git a/invidious/invidious-vpn-2/docker-compose.yml b/invidious/invidious-vpn-2/docker-compose.yml index 57ced25..382ee0f 100644 --- a/invidious/invidious-vpn-2/docker-compose.yml +++ b/invidious/invidious-vpn-2/docker-compose.yml @@ -20,8 +20,8 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -44,8 +44,8 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -68,22 +68,77 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s + timeout: 5s + retries: 2 + + # INVIDIOUS TOR + invidious-tor: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + mem_limit: "${INV_MEM_LIMIT}" + mem_reservation: "${INV_MEM_RESERVATION}" + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + - ./config.yml:/etc/invidious/config.yml:ro + environment: + INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" + INVIDIOUS_DOMAIN: "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion" + INVIDIOUS_PORT: "3010" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false + depends_on: + - inv_sig_helper + - haproxy + healthcheck: + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s + timeout: 5s + retries: 2 + + # INVIDIOUS I2P + invidious-i2p: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + mem_limit: "${INV_MEM_LIMIT}" + mem_reservation: "${INV_MEM_RESERVATION}" + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + - ./config.yml:/etc/invidious/config.yml:ro + environment: + INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" + INVIDIOUS_DOMAIN: "inv.zzls.i2p" + INVIDIOUS_PORT: "3011" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false + depends_on: + - inv_sig_helper + - haproxy + healthcheck: + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 # SIGNATURE HELPER inv_sig_helper: - image: git.nadeko.net/fijxu/inv_sig_helper:latest + image: quay.io/invidious/inv-sig-helper restart: unless-stopped + network_mode: "service:gluetun" mem_limit: "512m" init: true command: ["--tcp", "0.0.0.0:12999"] environment: - RUST_LOG=info - networks: - gluetun_network_2: + depends_on: + - gluetun http3-proxy: image: git.nadeko.net/fijxu/http3-proxy:latest @@ -91,6 +146,8 @@ services: network_mode: "service:gluetun" environment: DISABLE_WEBP: 1 + depends_on: + - gluetun # Without depends because haproxy is smart haproxy: @@ -104,7 +161,7 @@ services: # I2P - "127.0.0.1:10083:8003" # HTTP3-PROXY - - "127.0.0.1:10081:8004" + # - "127.0.0.1:10081:8004" # METRICS - "127.0.0.1:10084:8404" volumes: @@ -117,6 +174,11 @@ services: gluetun: image: qmcgaw/gluetun restart: unless-stopped + ports: + # THIS IS ACTUALLY THE PORT OF HTTP3-PROXY + # SINCE THE HTTP3-PTOXY SERVICE IS RUNNING + # UNDER GLUETUN NETWORK. + - "127.0.0.1:10081:8080" env_file: - .env cap_add: diff --git a/invidious/invidious-vpn-2/haproxy/haproxy.cfg b/invidious/invidious-vpn-2/haproxy/haproxy.cfg index af66c07..22179ed 100644 --- a/invidious/invidious-vpn-2/haproxy/haproxy.cfg +++ b/invidious/invidious-vpn-2/haproxy/haproxy.cfg @@ -69,6 +69,16 @@ frontend invidious bind *:8001 default_backend invidious +frontend invidious-tor + http-request set-var(txn.ipath) path + bind *:8002 + default_backend invidious-tor + +frontend invidious-i2p + http-request set-var(txn.ipath) path + bind *:8003 + default_backend invidious-i2p + frontend http3-proxy http-request set-var(txn.hpath) path bind *:8004 @@ -94,6 +104,32 @@ backend invidious server invidious-5-vpn gluetun:3004 check init-addr libc,none server invidious-6-vpn gluetun:3005 check init-addr libc,none +backend invidious-tor + # Caches video storyboards + http-request cache-use invidious-sb-cache if { path_beg /sb/ } + http-response cache-store invidious-sb-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl sb var(txn.ipath) -m beg /sb/ + + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } sb + http-response set-header X-Cache-Status MISS if { srv_id -m found } sb + + server invidious-tor-vpn gluetun:3010 check init-addr libc,none + +backend invidious-i2p + # Caches video storyboards + http-request cache-use invidious-sb-cache if { path_beg /sb/ } + http-response cache-store invidious-sb-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl sb var(txn.ipath) -m beg /sb/ + + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } sb + http-response set-header X-Cache-Status MISS if { srv_id -m found } sb + + server invidious-i2p-vpn gluetun:3011 check init-addr libc,none + backend http3-proxy # Caches video thumbnails, profile pictures and others http-request cache-use invidious-thumbnail-cache if { path_beg /vi/ } diff --git a/invidious/invidious-vpn/docker-compose.yml b/invidious/invidious-vpn/docker-compose.yml index c0d4e79..3e3793a 100644 --- a/invidious/invidious-vpn/docker-compose.yml +++ b/invidious/invidious-vpn/docker-compose.yml @@ -16,12 +16,13 @@ services: environment: INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" INVIDIOUS_PORT: "3000" + depends_on: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -44,8 +45,8 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -68,14 +69,68 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s + timeout: 5s + retries: 2 + + # INVIDIOUS TOR + invidious-tor: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + mem_limit: "${INV_MEM_LIMIT}" + mem_reservation: "${INV_MEM_RESERVATION}" + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + - ./config.yml:/etc/invidious/config.yml:ro + environment: + INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" + INVIDIOUS_DOMAIN: "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion" + INVIDIOUS_PORT: "3010" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false + depends_on: + - inv_sig_helper + - haproxy + healthcheck: + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s + timeout: 5s + retries: 2 + + # INVIDIOUS I2P + invidious-i2p: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + mem_limit: "${INV_MEM_LIMIT}" + mem_reservation: "${INV_MEM_RESERVATION}" + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + - ./config.yml:/etc/invidious/config.yml:ro + environment: + INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" + INVIDIOUS_DOMAIN: "inv.zzls.i2p" + INVIDIOUS_PORT: "3011" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false + depends_on: + - inv_sig_helper + - haproxy + healthcheck: + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 # SIGNATURE HELPER inv_sig_helper: - image: git.nadeko.net/fijxu/inv_sig_helper:latest + image: quay.io/invidious/inv-sig-helper restart: unless-stopped network_mode: "service:gluetun" mem_limit: "512m" @@ -83,6 +138,8 @@ services: command: ["--tcp", "0.0.0.0:12999"] environment: - RUST_LOG=info + depends_on: + - gluetun http3-proxy: image: git.nadeko.net/fijxu/http3-proxy:latest @@ -90,6 +147,8 @@ services: network_mode: "service:gluetun" environment: DISABLE_WEBP: 1 + depends_on: + - gluetun # Without depends because haproxy is smart haproxy: @@ -103,7 +162,7 @@ services: # I2P - "127.0.0.1:10073:8003" # HTTP3-PROXY - - "127.0.0.1:10071:8004" + # - "127.0.0.1:10071:8004" # METRICS - "127.0.0.1:10074:8404" volumes: @@ -116,6 +175,11 @@ services: gluetun: image: qmcgaw/gluetun restart: unless-stopped + ports: + # THIS IS ACTUALLY THE PORT OF HTTP3-PROXY + # SINCE THE HTTP3-PTOXY SERVICE IS RUNNING + # UNDER GLUETUN NETWORK. + - "127.0.0.1:10071:8080" env_file: - .env cap_add: diff --git a/invidious/invidious-vpn/haproxy/haproxy.cfg b/invidious/invidious-vpn/haproxy/haproxy.cfg index c4ab5cb..4cbb8a6 100644 --- a/invidious/invidious-vpn/haproxy/haproxy.cfg +++ b/invidious/invidious-vpn/haproxy/haproxy.cfg @@ -69,6 +69,16 @@ frontend invidious bind *:8001 default_backend invidious +frontend invidious-tor + http-request set-var(txn.ipath) path + bind *:8002 + default_backend invidious-tor + +frontend invidious-i2p + http-request set-var(txn.ipath) path + bind *:8003 + default_backend invidious-i2p + frontend http3-proxy http-request set-var(txn.hpath) path bind *:8004 @@ -94,6 +104,32 @@ backend invidious server invidious-5-vpn gluetun:3004 check init-addr libc,none server invidious-6-vpn gluetun:3005 check init-addr libc,none +backend invidious-tor + # Caches video storyboards + http-request cache-use invidious-sb-cache if { path_beg /sb/ } + http-response cache-store invidious-sb-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl sb var(txn.ipath) -m beg /sb/ + + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } sb + http-response set-header X-Cache-Status MISS if { srv_id -m found } sb + + server invidious-tor-vpn gluetun:3010 check init-addr libc,none + +backend invidious-i2p + # Caches video storyboards + http-request cache-use invidious-sb-cache if { path_beg /sb/ } + http-response cache-store invidious-sb-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl sb var(txn.ipath) -m beg /sb/ + + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } sb + http-response set-header X-Cache-Status MISS if { srv_id -m found } sb + + server invidious-i2p-vpn gluetun:3011 check init-addr libc,none + backend http3-proxy # Caches video thumbnails, profile pictures and others http-request cache-use invidious-thumbnail-cache if { path_beg /vi/ } diff --git a/invidious/invidious/docker-compose.yml b/invidious/invidious/docker-compose.yml index feb8139..6ba6a61 100644 --- a/invidious/invidious/docker-compose.yml +++ b/invidious/invidious/docker-compose.yml @@ -20,8 +20,8 @@ services: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -41,12 +41,14 @@ services: environment: INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" INVIDIOUS_DOMAIN: "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false depends_on: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -66,12 +68,14 @@ services: environment: INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" INVIDIOUS_DOMAIN: "inv.zzls.i2p" + INVIDIOUS_HTTPS_ONLY: false + INVIDIOUS_HSTS: false depends_on: - inv_sig_helper - haproxy healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 - interval: 30s + test: wget -nv --tries=1 --spider https://inv.nadeko.net/watch?v=mcYLzu_1cNc || exit 1 + interval: 300s timeout: 5s retries: 2 @@ -84,12 +88,12 @@ services: command: ["--tcp", "0.0.0.0:12999"] environment: - RUST_LOG=info - deploy: - replicas: 2 http3-proxy: image: git.nadeko.net/fijxu/http3-proxy:latest restart: unless-stopped + ports: + - "127.0.0.1:10061:8080" environment: DISABLE_WEBP: 1 @@ -105,7 +109,7 @@ services: # I2P - "127.0.0.1:10063:8003" # HTTP3-PROXY - - "127.0.0.1:10061:8004" + # - "127.0.0.1:10061:8004" # METRICS - "127.0.0.1:10064:8404" # STATS