From 66001d93a9d95a042f46e4d50c3892186e7d73b6 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Sep 2024 15:44:34 -0300 Subject: [PATCH] Invidious fuckery... --- invidious/http3-proxy/docker-compose.yml | 10 +- invidious/inv_sig_helper/docker-compose.yml | 8 +- invidious/invidious-vpn/docker-compose.yml | 517 ++++++++++++++++++++ invidious/invidious-vpn/haproxy/haproxy.cfg | 134 +++++ invidious/invidious/docker-compose.yml | 158 +++--- invidious/invidious/haproxy/haproxy.cfg | 29 +- 6 files changed, 787 insertions(+), 69 deletions(-) create mode 100644 invidious/invidious-vpn/docker-compose.yml create mode 100644 invidious/invidious-vpn/haproxy/haproxy.cfg diff --git a/invidious/http3-proxy/docker-compose.yml b/invidious/http3-proxy/docker-compose.yml index 497f85c..85211aa 100644 --- a/invidious/http3-proxy/docker-compose.yml +++ b/invidious/http3-proxy/docker-compose.yml @@ -2,13 +2,17 @@ services: http3-proxy: image: git.nadeko.net/fijxu/http3-proxy:latest #container_name: invidious-http3-proxy + network_mode: "container:gluetun" restart: unless-stopped environment: DISABLE_WEBP: 1 #volumes: #- http3-socket:/app/socket:rw - deploy: - replicas: 2 + #deploy: + #replicas: 1 + # networks: + # gluetun_network: + # ipv4_address: 172.80.0.85 # http3-proxy-test: # image: git.nadeko.net/fijxu/http3-proxy:latest @@ -44,6 +48,8 @@ networks: default: name: invidious external: true + gluetun_network: + external: true volumes: http3-proxy-socket: diff --git a/invidious/inv_sig_helper/docker-compose.yml b/invidious/inv_sig_helper/docker-compose.yml index b29f11f..4ddf35e 100644 --- a/invidious/inv_sig_helper/docker-compose.yml +++ b/invidious/inv_sig_helper/docker-compose.yml @@ -1,16 +1,18 @@ services: inv_sig_helper: image: quay.io/invidious/inv-sig-helper - # container_name: invidious-signature-helper restart: unless-stopped init: true command: ["--tcp", "0.0.0.0:12999"] environment: - RUST_LOG=info deploy: - replicas: 4 - + replicas: 10 + networks: default: name: invidious external: true + +volumes: + inv_sig_helper_socket: diff --git a/invidious/invidious-vpn/docker-compose.yml b/invidious/invidious-vpn/docker-compose.yml new file mode 100644 index 0000000..5abc648 --- /dev/null +++ b/invidious/invidious-vpn/docker-compose.yml @@ -0,0 +1,517 @@ +# Docker compose file for ${DOMAIN} + +services: + valkey: + image: valkey/valkey:7.2-alpine + container_name: invidious-valkey-vpn + restart: unless-stopped + volumes: + - invidious-valkey-vpn:/data" + networks: + gluetun_network: + ipv4_address: 172.80.0.20 + + # INVIDIOUS CLEARNET + invidious: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + environment: + INVIDIOUS_CONFIG: | + feed_threads: 0 + log_level: Warn + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3000 + database_url: postgres://kemal:kemal@/invidious + redis_url: tcp://172.80.0.20:6379 + donation_url: "https://nadeko.net/donate" + contact_url: "https://nadeko.net/contact" + home_domain: "nadeko.net" + materialious_domain: "materialious.nadeko.net" + full_refresh: false + https_only: true + hmac_key: "${HMAC_KEY}" + domain: "${DOMAIN}" + use_pubsub_feeds: true + popular_enabled: true + captcha_enabled: true + login_enabled: true + registration_enabled: false + statistics_enabled: true + external_port: 443 + default_user_preferences: + annotations: true + disable_proxy: ["downloads"] + annotations_subscribed: true + autoplay: true + captions: ["English", "Spanish", "English (auto-generated)"] + comments: ["youtube", ""] + dark_mode: auto + latest_only: false + listen: false + locale: en-US + watch_history: true + max_results: 60 + notifications_only: false + banner: "${BANNER}" + player_style: invidious + quality: "${QUALITY}" + quality_dash: auto + default_home: Popular + feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"] + automatic_instance_redirect: true + region: CL + sort: published + extend_desc: true + save_player_pos: true + cache_annotations: true + hsts: true + enable_user_notifications: false + modified_source_code_url: "${MODIFIED_SOURCE_CODE}" + force_resolve: ipv4 + pool_size: "${POOL_SIZE}" + use_innertube_for_captions: true + jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + po_token: "${PO_TOKEN}" + visitor_data: "${VISITOR_DATA}" + signature_server: "172.80.0.30:12999" + depends_on: + - valkey + - inv_sig_helper + - gluetun + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + # INVIDIOUS CLEARNET + invidious-2: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + environment: + INVIDIOUS_CONFIG: | + feed_threads: 0 + log_level: Warn + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3001 + database_url: postgres://kemal:kemal@/invidious + redis_url: tcp://172.80.0.20:6379 + donation_url: "https://nadeko.net/donate" + contact_url: "https://nadeko.net/contact" + home_domain: "nadeko.net" + materialious_domain: "materialious.nadeko.net" + full_refresh: false + https_only: true + hmac_key: "${HMAC_KEY}" + domain: "${DOMAIN}" + use_pubsub_feeds: true + popular_enabled: true + captcha_enabled: true + login_enabled: true + registration_enabled: false + statistics_enabled: true + external_port: 443 + default_user_preferences: + annotations: true + disable_proxy: ["downloads"] + annotations_subscribed: true + autoplay: true + captions: ["English", "Spanish", "English (auto-generated)"] + comments: ["youtube", ""] + dark_mode: auto + latest_only: false + listen: false + locale: en-US + watch_history: true + max_results: 60 + notifications_only: false + banner: "${BANNER}" + player_style: invidious + quality: "${QUALITY}" + quality_dash: auto + default_home: Popular + feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"] + automatic_instance_redirect: true + region: CL + sort: published + extend_desc: true + save_player_pos: true + cache_annotations: true + hsts: true + enable_user_notifications: false + modified_source_code_url: "${MODIFIED_SOURCE_CODE}" + force_resolve: ipv4 + pool_size: "${POOL_SIZE}" + use_innertube_for_captions: true + jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + po_token: "${PO_TOKEN}" + visitor_data: "${VISITOR_DATA}" + signature_server: "172.80.0.30:12999" + depends_on: + - valkey + - inv_sig_helper + - gluetun + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + # INVIDIOUS CLEARNET + invidious-3: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + environment: + INVIDIOUS_CONFIG: | + feed_threads: 0 + log_level: Warn + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3002 + database_url: postgres://kemal:kemal@/invidious + redis_url: tcp://172.80.0.20:6379 + donation_url: "https://nadeko.net/donate" + contact_url: "https://nadeko.net/contact" + home_domain: "nadeko.net" + materialious_domain: "materialious.nadeko.net" + full_refresh: false + https_only: true + hmac_key: "${HMAC_KEY}" + domain: "${DOMAIN}" + use_pubsub_feeds: true + popular_enabled: true + captcha_enabled: true + login_enabled: true + registration_enabled: false + statistics_enabled: true + external_port: 443 + default_user_preferences: + annotations: true + disable_proxy: ["downloads"] + annotations_subscribed: true + autoplay: true + captions: ["English", "Spanish", "English (auto-generated)"] + comments: ["youtube", ""] + dark_mode: auto + latest_only: false + listen: false + locale: en-US + watch_history: true + max_results: 60 + notifications_only: false + banner: "${BANNER}" + player_style: invidious + quality: "${QUALITY}" + quality_dash: auto + default_home: Popular + feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"] + automatic_instance_redirect: true + region: CL + sort: published + extend_desc: true + save_player_pos: true + cache_annotations: true + hsts: true + enable_user_notifications: false + modified_source_code_url: "${MODIFIED_SOURCE_CODE}" + force_resolve: ipv4 + pool_size: "${POOL_SIZE}" + use_innertube_for_captions: true + jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + po_token: "${PO_TOKEN}" + visitor_data: "${VISITOR_DATA}" + signature_server: "172.80.0.30:12999" + depends_on: + - valkey + - inv_sig_helper + - gluetun + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + # INVIDIOUS CLEARNET + invidious-4: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + environment: + INVIDIOUS_CONFIG: | + feed_threads: 0 + log_level: Warn + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3003 + database_url: postgres://kemal:kemal@/invidious + redis_url: tcp://172.80.0.20:6379 + donation_url: "https://nadeko.net/donate" + contact_url: "https://nadeko.net/contact" + home_domain: "nadeko.net" + materialious_domain: "materialious.nadeko.net" + full_refresh: false + https_only: true + hmac_key: "${HMAC_KEY}" + domain: "${DOMAIN}" + use_pubsub_feeds: true + popular_enabled: true + captcha_enabled: true + login_enabled: true + registration_enabled: false + statistics_enabled: true + external_port: 443 + default_user_preferences: + annotations: true + disable_proxy: ["downloads"] + annotations_subscribed: true + autoplay: true + captions: ["English", "Spanish", "English (auto-generated)"] + comments: ["youtube", ""] + dark_mode: auto + latest_only: false + listen: false + locale: en-US + watch_history: true + max_results: 60 + notifications_only: false + banner: "${BANNER}" + player_style: invidious + quality: "${QUALITY}" + quality_dash: auto + default_home: Popular + feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"] + automatic_instance_redirect: true + region: CL + sort: published + extend_desc: true + save_player_pos: true + cache_annotations: true + hsts: true + enable_user_notifications: false + modified_source_code_url: "${MODIFIED_SOURCE_CODE}" + force_resolve: ipv4 + pool_size: "${POOL_SIZE}" + use_innertube_for_captions: true + jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + po_token: "${PO_TOKEN}" + visitor_data: "${VISITOR_DATA}" + signature_server: "172.80.0.30:12999" + depends_on: + - valkey + - inv_sig_helper + - gluetun + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + # INVIDIOUS CLEARNET + invidious-5: + env_file: + - .env + image: "git.nadeko.net/fijxu/invidious:${TAG}" + network_mode: "service:gluetun" + restart: unless-stopped + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + environment: + INVIDIOUS_CONFIG: | + feed_threads: 0 + log_level: Warn + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3004 + database_url: postgres://kemal:kemal@/invidious + redis_url: tcp://172.80.0.20:6379 + donation_url: "https://nadeko.net/donate" + contact_url: "https://nadeko.net/contact" + home_domain: "nadeko.net" + materialious_domain: "materialious.nadeko.net" + full_refresh: false + https_only: true + hmac_key: "${HMAC_KEY}" + domain: "${DOMAIN}" + use_pubsub_feeds: true + popular_enabled: true + captcha_enabled: true + login_enabled: true + registration_enabled: false + statistics_enabled: true + external_port: 443 + default_user_preferences: + annotations: true + disable_proxy: ["downloads"] + annotations_subscribed: true + autoplay: true + captions: ["English", "Spanish", "English (auto-generated)"] + comments: ["youtube", ""] + dark_mode: auto + latest_only: false + listen: false + locale: en-US + watch_history: true + max_results: 60 + notifications_only: false + banner: "${BANNER}" + player_style: invidious + quality: "${QUALITY}" + quality_dash: auto + default_home: Popular + feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"] + automatic_instance_redirect: true + region: CL + sort: published + extend_desc: true + save_player_pos: true + cache_annotations: true + hsts: true + enable_user_notifications: false + modified_source_code_url: "${MODIFIED_SOURCE_CODE}" + force_resolve: ipv4 + pool_size: "${POOL_SIZE}" + use_innertube_for_captions: true + jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + po_token: "${PO_TOKEN}" + visitor_data: "${VISITOR_DATA}" + signature_server: "172.80.0.30:12999" + depends_on: + - valkey + - inv_sig_helper + - gluetun + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 + interval: 30s + timeout: 5s + retries: 2 + + # SIGNATURE HELPER + inv_sig_helper: + image: quay.io/invidious/inv-sig-helper + restart: unless-stopped + init: true + command: ["--tcp", "0.0.0.0:12999"] + environment: + - RUST_LOG=info + networks: + gluetun_network: + ipv4_address: 172.80.0.30 + + http3-proxy: + image: git.nadeko.net/fijxu/http3-proxy:latest + restart: unless-stopped + network_mode: "service:gluetun" + environment: + DISABLE_WEBP: 1 + + # Without depends because haproxy is smart + haproxy: + image: haproxy:lts-alpine + container_name: invidious-haproxy-vpn + ports: + # Invidious + - "127.0.0.1:10055:8001" + # HTTP3-PROXY + - "127.0.0.1:10056:8004" + # STATS + - "127.0.0.1:8414:8404" + volumes: + - ./haproxy:/usr/local/etc/haproxy + - /run/invidious-haproxy:/tmp:rw + networks: + gluetun_network: + + gluetun: + image: qmcgaw/gluetun + env_file: + - .env + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ./gluetun:/gluetun + environment: + - VPN_SERVICE_PROVIDER=mullvad + - VPN_TYPE=wireguard + - WIREGUARD_PRIVATE_KEY="${WIREGUARD_KEY}" + - WIREGUARD_ADDRESSES="${WIREGUARD_ADDRESSES}" + - SERVER_HOSTNAMES="${SERVER_HOSTNAMES}" + networks: + gluetun_network: + + # gluetun-updater: + # image: qmcgaw/gluetun + # volumes: + # - ./gluetun:/gluetun + # command: update -enduser -providers mullvad + +networks: + default: + name: invidious-vpn + gluetun_network: + external: true + +volumes: + invidious-valkey-vpn: diff --git a/invidious/invidious-vpn/haproxy/haproxy.cfg b/invidious/invidious-vpn/haproxy/haproxy.cfg new file mode 100644 index 0000000..ae6ec78 --- /dev/null +++ b/invidious/invidious-vpn/haproxy/haproxy.cfg @@ -0,0 +1,134 @@ +global + # This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom + maxconn 32768 + # 777 perms for all sockets + unix-bind mode 777 + stats socket ipv4@0.0.0.0:8405 level admin + +resolvers docker + # To be able to use multiple replicas of invidious + # using domains + nameserver dns1 127.0.0.11:53 + +defaults + mode http + timeout client 10s + timeout connect 10s + timeout server 5s + timeout http-request 10s + +frontend prometheus + bind *:8404 + mode http + http-request use-service prometheus-exporter if { path /metrics } + no log + +frontend stats + mode http + bind *:8405 + stats enable + stats uri /stats + stats refresh 1s + stats admin if TRUE + +cache invidious-thumbnail-cache + # 96MB + total-max-size 96 + # 32kB + max-object-size 32768 + # 30min + max-age 1800 + process-vary on + +cache invidious-ggpht-cache + # 96MB + total-max-size 96 + # 32kB + max-object-size 32768 + # 30min + max-age 3600 + process-vary on + +# cache api-cache +# # 32MB +# total-max-size 32 +# # 4kB +# max-object-size 32000 +# # 5min +# max-age 300 +# process-vary on + +frontend invidious + http-request set-var(txn.ggpht) path + bind /tmp/invidious-vpn.sock + bind *:8001 + #filter cache invidious-api-cache + #http-request cache-use invidious-api-cache if { path_beg /api/v1 } + #http-response cache-store invidious-api-cache + default_backend invidious + +# frontend invidious-tor +# bind /tmp/invidious-tor.sock +# bind *:8002 +# default_backend invidious-tor +# +# frontend invidious-i2p +# bind /tmp/invidious-i2p.sock +# bind *:8003 +# default_backend invidious-i2p + +frontend http3-proxy + http-request set-var(txn.vipath) path + # acl vi path_beg /vi/ + bind /tmp/http3-proxy-vpn.sock + bind *:8004 + #http-response set-header Cache-Control public + #http-response set-header Expires -1 + #http-response set-header Pragma cache + # acl youtube_thumbnails path_beg /vi/ + # + default_backend http3-proxy + +backend invidious + balance leastconn + #http-request cache-use api-cache if { path_beg /api/v1/channels/ } + #http-response cache-store api-cache + # acl inv_api var(txn.api) -m beg /api/ + # http-response set-header X-Cache-Status HIT if !{ srv_id -m found } inv_api + # http-response set-header X-Cache-Status MISS if { srv_id -m found } inv_api + # + # http-request cache-use invidious-ggpht-cache if { path_beg /ggpht/ } + # http-response cache-store invidious-ggpht-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + # acl youtube_ggpht var(txn.ggpht) -m beg /ggpht/ + # http-response set-header X-Cache-Status HIT if !{ srv_id -m found } youtube_ggpht + # http-response set-header X-Cache-Status MISS if { srv_id -m found } youtube_ggpht + server invidious-1-vpn gluetun:3000 check init-addr libc,none + server invidious-2-vpn gluetun:3001 check init-addr libc,none + server invidious-3-vpn gluetun:3002 check init-addr libc,none + server invidious-4-vpn gluetun:3003 check init-addr libc,none + server invidious-5-vpn gluetun:3004 check init-addr libc,none + server invidious-6-vpn gluetun:3005 check init-addr libc,none + # https://www.haproxy.com/documentation/haproxy-configuration-tutorials/service-reliability/retries/ + option redispatch + +# backend invidious-tor +# server-template invidious-tor 2 invidious-tor:3000 check resolvers docker init-addr libc,none +# +# backend invidious-i2p +# server-template invidious-i2p 2 invidious-i2p:3000 check resolvers docker init-addr libc,none + +backend http3-proxy + # Unix socket for http3-proxy for later + #server http3-proxy-unix-socket /http3-proxy/http-proxy.sock + # balance source + http-request cache-use invidious-thumbnail-cache if { path_beg /vi/ } + http-response cache-store invidious-thumbnail-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl youtube_thumbnails var(txn.vipath) -m beg /vi/ + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } youtube_thumbnails + http-response set-header X-Cache-Status MISS if { srv_id -m found } youtube_thumbnails + server http3-proxy-1-vpn gluetun:8080 check init-addr libc,none + diff --git a/invidious/invidious/docker-compose.yml b/invidious/invidious/docker-compose.yml index 6db032b..507efdb 100644 --- a/invidious/invidious/docker-compose.yml +++ b/invidious/invidious/docker-compose.yml @@ -19,7 +19,7 @@ services: INVIDIOUS_CONFIG_FILE: /etc/invidious/config.yml depends_on: - valkey - - invidious-pgbouncer + # - invidious-pgbouncer # INVIDIOUS CLEARNET invidious: @@ -36,12 +36,14 @@ services: INVIDIOUS_CONFIG: | feed_threads: 0 log_level: Warn - db: - dbname: "${PGSQL_DBNAME}" - user: "${PGSQL_USER}" - password: "${PGSQL_PASS}" - host: invidious-pgbouncer - port: 5432 + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: 172.80.0.22 + # port: 5432 + port: 3000 + database_url: postgres://kemal:kemal@/invidious redis_url: tcp://valkey:6379 donation_url: "https://nadeko.net/donate" contact_url: "https://nadeko.net/contact" @@ -55,7 +57,7 @@ services: popular_enabled: true captcha_enabled: true login_enabled: true - registration_enabled: true + registration_enabled: false statistics_enabled: true external_port: 443 default_user_preferences: @@ -88,7 +90,7 @@ services: enable_user_notifications: false modified_source_code_url: "${MODIFIED_SOURCE_CODE}" force_resolve: ipv4 - pool_size: 100 + pool_size: 512 use_innertube_for_captions: true jobs: refresh_channels: @@ -100,35 +102,36 @@ services: signature_server: "inv_sig_helper:12999" depends_on: - valkey - - invidious-pgbouncer + - inv_sig_helper healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 interval: 30s timeout: 5s retries: 2 + # INVIDIOUS TOR invidious-tor: env_file: - .env image: "git.nadeko.net/fijxu/invidious:${TAG}" - # container_name: invidious-tor restart: unless-stopped deploy: replicas: 2 - #volumes: - #- /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + volumes: + - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw environment: INVIDIOUS_CONFIG: | feed_threads: 0 log_level: Debug - db: - dbname: "${PGSQL_DBNAME}" - user: "${PGSQL_USER}" - password: "${PGSQL_PASS}" - host: invidious-pgbouncer - port: 5432 + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: invidious-pgbouncer + # port: 5432 redis_url: tcp://valkey:6379 + database_url: postgres://kemal:kemal@/invidious donation_url: "https://nadeko.net/donate" contact_url: "https://nadeko.net/contact" home_domain: "nadeko.net" @@ -141,7 +144,7 @@ services: popular_enabled: true captcha_enabled: true login_enabled: true - registration_enabled: true + registration_enabled: false statistics_enabled: true external_port: 443 default_user_preferences: @@ -188,7 +191,7 @@ services: signature_server: "inv_sig_helper:12999" depends_on: - valkey - - invidious-pgbouncer + - inv_sig_helper healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 interval: 30s @@ -200,7 +203,6 @@ services: env_file: - .env image: "git.nadeko.net/fijxu/invidious:${TAG}" - # container_name: invidious-i2p restart: unless-stopped deploy: replicas: 2 @@ -210,13 +212,15 @@ services: INVIDIOUS_CONFIG: | feed_threads: 0 log_level: "Off" - db: - dbname: "${PGSQL_DBNAME}" - user: "${PGSQL_USER}" - password: "${PGSQL_PASS}" - host: invidious-pgbouncer - port: 5432 + # db: + # dbname: "${PGSQL_DBNAME}" + # user: "${PGSQL_USER}" + # password: "${PGSQL_PASS}" + # host: invidious-pgbouncer + # port: 5432 redis_url: tcp://valkey:6379 + database_url: postgres://kemal:kemal@/invidious + donation_url: "https://nadeko.net/donate" donation_url: "https://nadeko.net/donate" contact_url: "https://nadeko.net/contact" home_domain: "nadeko.net" @@ -229,7 +233,7 @@ services: popular_enabled: true captcha_enabled: true login_enabled: true - registration_enabled: true + registration_enabled: false statistics_enabled: true external_port: 443 default_user_preferences: @@ -276,7 +280,7 @@ services: signature_server: "inv_sig_helper:12999" depends_on: - valkey - - invidious-pgbouncer + - inv_sig_helper healthcheck: test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 interval: 30s @@ -286,36 +290,48 @@ services: #https://github.com/Sommerwiesel/invidious-nerdvpn/blob/nerdvpn/docker-compose.yml#L438 # INVIDIOUS PBBOUNCER # Thanks nerdvpn - invidious-pgbouncer: - env_file: - - .env - image: edoburu/pgbouncer - container_name: invidious-pgbouncer - environment: - - DB_HOST=/var/run/postgresql - - DB_PORT=5432 - - DB_USER=$PGSQL_USER - - DB_PASSWORD=$PGSQL_PASS - - DB_NAME=$PGSQL_DBNAME - - ADMIN_USERS=pgbouncer - - POOL_MODE=transaction - # - DEFAULT_POOL_SIZE=80 - # - MIN_POOL_SIZE=20 - # - RESERVE_POOL_SIZE=80 - # - RESERVE_POOL_TIMEOUT=5 - # - MAX_DB_CONNECTIONS=160 - # - MAX_USER_CONNECTIONS=160 - - MAX_CLIENT_CONN=1000 - - AUTH_TYPE=scram-sha-256 - - IGNORE_STARTUP_PARAMETERS=extra_float_digits - volumes: - - ./pgbounceruserlist.txt:/etc/pgbouncer/userlist.txt:rw - - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw - healthcheck: - test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB -h /var/run/postgresql"] - interval: 5m - timeout: 15s - retries: 2 + # invidious-pgbouncer: + # env_file: + # - .env + # image: edoburu/pgbouncer + # container_name: invidious-pgbouncer + # environment: + # - DB_HOST=/var/run/postgresql + # - DB_PORT=5433 + # - DB_USER=$PGSQL_USER + # - DB_PASSWORD=$PGSQL_PASS + # - DB_NAME=$PGSQL_DBNAME + # - ADMIN_USERS=pgbouncer + # - POOL_MODE=transaction + # # - DEFAULT_POOL_SIZE=80 + # # - MIN_POOL_SIZE=20 + # # - RESERVE_POOL_SIZE=80 + # # - RESERVE_POOL_TIMEOUT=5 + # # - MAX_DB_CONNECTIONS=160 + # # - MAX_USER_CONNECTIONS=160 + # - MAX_CLIENT_CONN=1000 + # - AUTH_TYPE=scram-sha-256 + # - IGNORE_STARTUP_PARAMETERS=extra_float_digits + # volumes: + # - ./pgbounceruserlist.txt:/etc/pgbouncer/userlist.txt:rw + # - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw + # healthcheck: + # test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB -h /var/run/postgresql"] + # interval: 5m + # timeout: 15s + # retries: 2 + # networks: + # gluetun_network: + # ipv4_address: 172.80.0.22 + + # INVIDIOUS VALKEY METRICS + invidious-redis-exporter: + image: oliver006/redis_exporter + container_name: invidious-redis-exporter + restart: unless-stopped + ports: + - "127.0.0.1:9121:9121" + command: "--redis.addr=redis://valkey:6379" # MATERIALIOUS materialious: @@ -323,7 +339,7 @@ services: container_name: materialious restart: unless-stopped ports: - - 127.0.0.1:10013:80 + - "127.0.0.1:10013:80" environment: VITE_DEFAULT_DEARROW_THUMBNAIL_INSTANCE: "https://dearrow-thumb.ajay.app" #VITE_DEFAULT_SYNCIOUS_INSTANCE: "https://syncious.nadeko.net" @@ -380,6 +396,25 @@ services: ports: - 127.0.0.1:10015:9000 + # SIGNATURE HELPER + inv_sig_helper: + image: quay.io/invidious/inv-sig-helper + restart: unless-stopped + init: true + command: ["--tcp", "0.0.0.0:12999"] + environment: + - RUST_LOG=info + deploy: + replicas: 2 + + http3-proxy: + image: git.nadeko.net/fijxu/http3-proxy:latest + restart: unless-stopped + environment: + DISABLE_WEBP: 1 + deploy: + replicas: 2 + # Without depends because haproxy is smart haproxy: image: haproxy:lts-alpine @@ -400,7 +435,6 @@ services: volumes: - ./haproxy:/usr/local/etc/haproxy - /run/invidious-haproxy:/tmp:rw - #- http3-proxy-socket:/http3-socket:rw networks: default: diff --git a/invidious/invidious/haproxy/haproxy.cfg b/invidious/invidious/haproxy/haproxy.cfg index 8097996..71c1961 100644 --- a/invidious/invidious/haproxy/haproxy.cfg +++ b/invidious/invidious/haproxy/haproxy.cfg @@ -14,7 +14,7 @@ defaults mode http timeout client 10s timeout connect 10s - timeout server 15s + timeout server 5s timeout http-request 10s frontend prometheus @@ -40,6 +40,15 @@ cache invidious-thumbnail-cache max-age 1800 process-vary on +cache invidious-ggpht-cache + # 96MB + total-max-size 96 + # 32kB + max-object-size 32768 + # 30min + max-age 3600 + process-vary on + # cache api-cache # # 32MB # total-max-size 32 @@ -50,12 +59,13 @@ cache invidious-thumbnail-cache # process-vary on frontend invidious - # http-request set-var(txn.api) path + http-request set-var(txn.ggpht) path bind /tmp/invidious.sock bind *:8001 #filter cache invidious-api-cache #http-request cache-use invidious-api-cache if { path_beg /api/v1 } #http-response cache-store invidious-api-cache + # use_backend http3-proxy if { path_beg /videoplayback } default_backend invidious frontend invidious-tor @@ -87,7 +97,19 @@ backend invidious # acl inv_api var(txn.api) -m beg /api/ # http-response set-header X-Cache-Status HIT if !{ srv_id -m found } inv_api # http-response set-header X-Cache-Status MISS if { srv_id -m found } inv_api + # + http-request cache-use invidious-ggpht-cache if { path_beg /ggpht/ } + http-response cache-store invidious-ggpht-cache + + # https://discourse.haproxy.org/t/http-response-set-header-with-condition-not-working/3108 + acl youtube_ggpht var(txn.ggpht) -m beg /ggpht/ + http-response set-header X-Cache-Status HIT if !{ srv_id -m found } youtube_ggpht + http-response set-header X-Cache-Status MISS if { srv_id -m found } youtube_ggpht server-template invidious 8 invidious:3000 check resolvers docker init-addr libc,none + # https://www.haproxy.com/documentation/haproxy-configuration-tutorials/service-reliability/retries/ + option redispatch + # server invidious-1 gluetun:3000 check resolvers docker init-addr libc,none + # server invidious-2 gluetun:3001 check resolvers docker init-addr libc,none backend invidious-tor server-template invidious-tor 2 invidious-tor:3000 check resolvers docker init-addr libc,none @@ -106,6 +128,9 @@ backend http3-proxy acl youtube_thumbnails var(txn.vipath) -m beg /vi/ http-response set-header X-Cache-Status HIT if !{ srv_id -m found } youtube_thumbnails http-response set-header X-Cache-Status MISS if { srv_id -m found } youtube_thumbnails + #server http3-proxy-1 gluetun:8080 check resolvers docker init-addr libc,none server http3-proxy-1 http3-proxy:8080 check resolvers docker init-addr libc,none server http3-proxy-2 http3-proxy:8080 check resolvers docker init-addr libc,none + # https://www.haproxy.com/documentation/haproxy-configuration-tutorials/service-reliability/retries/ + option redispatch