h7yt8w34f56h7yg8fw45h67yg8bw4e7tgh6ywber67yh8g9nf235qv7ygn89354wqvy8mg93524q78yh9m345qv879hm345qv789hm

nginx/conf.d/git.conf

@@ -13,7 +13,7 @@ server {
   }
 
   # QUIC
-  # include configs/http3.conf;
+  include configs/http3.conf;
 
   listen 443 ssl;
   http2 on;

nginx/conf.d/inv-i2p.conf.locations

@@ -0,0 +1,83 @@
+location @upstream-i2p {
+  proxy_pass http://inv-i2p;
+  include configs/proxy.conf;
+  limit_rate 1000k;
+  # Disable buffering and cache so i don't kill my
+  # SSD and bandwidth usage
+  proxy_buffering off;
+  proxy_request_buffering off;
+  proxy_cache off;
+  proxy_intercept_errors on;
+  proxy_connect_timeout 10s;
+  proxy_read_timeout 20s;
+  #error_page 502 = @fallback;
+
+  if ($request_method = OPTIONS) {
+    return 204;
+  }
+}
+
+location @http3-proxy {
+  # Woops! Sorry. I don't want to kill my SSD lol!
+  proxy_buffering off;
+  proxy_request_buffering off;
+  proxy_cache off;
+  #proxy_buffers 1024 16k;
+  proxy_set_header X-Forwarded-For "";
+  proxy_hide_header "alt-svc";
+  sendfile_max_chunk 512k;
+  proxy_hide_header Cache-Control;
+  proxy_hide_header etag;
+  proxy_http_version 1.1;
+  proxy_intercept_errors on;
+  proxy_set_header Connection keep-alive;
+  #proxy_max_temp_file_size 32m;
+  proxy_pass http://http3-ytproxy;
+  add_header Cache-Control private always;
+  limit_rate 8000k;
+}
+
+location ~ (^/videoplayback/) {
+  try_files $uri @http3-proxy;
+}
+
+location ~ (^/vi/) {
+  try_files $uri @http3-proxy;
+}
+
+location ~ (^/vi) {
+  try_files $uri @upstream-i2p;
+}
+
+location / {
+  try_files $uri @upstream-i2p;
+}
+
+location /search {
+  try_files $uri @upstream-i2p;
+}
+
+location /watch {
+  try_files $uri @upstream-i2p;
+}
+
+location /api/v1 {
+  try_files $uri @upstream-i2p;
+}
+
+location /api/v1/storyboards {
+  try_files $uri @upstream-i2p;
+}
+
+location /api/v1/captions {
+  try_files $uri @upstream-i2p;
+}
+
+location /api/v1/comments {
+  try_files $uri @upstream-i2p;
+}
+
+location ~ ^/api/v1/channels/(.+)/shorts {
+  try_files $uri @upstream-i2p;
+}
+

nginx/conf.d/inv-tor.conf.locations

@@ -1,4 +1,4 @@
-location @upstream {
+location @upstream-tor {
   proxy_pass http://inv-tor;
   include configs/proxy.conf;
   limit_rate 1000k;
@@ -17,7 +17,7 @@ location @upstream {
   }
 }
 
-location ~ (^/videoplayback) {
+location @http3-proxy {
   # Woops! Sorry. I don't want to kill my SSD lol!
   proxy_buffering off;
   proxy_request_buffering off;
@@ -37,55 +37,50 @@ location ~ (^/videoplayback) {
   limit_rate 8000k;
 }
 
+location ~ (^/videoplayback/) {
+  try_files $uri @http3-proxy;
+}
+
 location ~ (^/vi/) {
-  # Woops! Sorry. I don't want to kill my SSD lol!
+  try_files $uri @http3-proxy;
-  proxy_buffering off;  
+}
-  proxy_request_buffering off;
+
-  proxy_cache off;
+location ~ (^/vi) {
-  #proxy_buffers 1024 16k;
+  try_files $uri @upstream-tor;
-  proxy_set_header X-Forwarded-For "";
-  proxy_hide_header "alt-svc";
-  proxy_hide_header Cache-Control;
-  proxy_hide_header etag;
-  proxy_http_version 1.1;
-  proxy_intercept_errors on;
-  proxy_set_header Connection keep-alive;
-  #proxy_max_temp_file_size 32m;
-  proxy_pass http://http3-ytproxy;
-  add_header Cache-Control private always;
-  limit_rate 800k;
 }
 
 location / {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 location /search {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 location /watch {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
+  #limit_req zone=invidious-watchrl nodelay burst=5;
 }
 
 location /api/v1 {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
+  #limit_req zone=invidious-apirl nodelay burst=10;
 }
 
 location /api/v1/storyboards {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 location /api/v1/captions {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 location /api/v1/comments {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 location ~ ^/api/v1/channels/(.+)/shorts {
-  try_files $uri @upstream;
+  try_files $uri @upstream-tor;
 }
 
 #location @fallback {

nginx/conf.d/inv.conf.locations

@@ -7,9 +7,9 @@ location @upstream {
   proxy_buffering off;
   proxy_request_buffering off;
   proxy_cache off;
-  proxy_intercept_errors on;
+  #proxy_intercept_errors on;
-  proxy_connect_timeout 10s;
+  #proxy_connect_timeout 10s;
-  proxy_read_timeout 20s;
+  #proxy_read_timeout 20s;
   #error_page 502 = @fallback;
 
   if ($request_method = OPTIONS) {
@@ -18,15 +18,18 @@ location @upstream {
 
   proxy_hide_header Access-Control-Allow-Origin;
   add_header Access-Control-Allow-Credentials true;
-	add_header Access-Control-Allow-Origin "https://materialious.nadeko.net" always;
+  add_header Access-Control-Allow-Origin "*" always;
   add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
   add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
 
   # TOR
   add_header Onion-Location http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
+
+  # QUIC
+  # add_header Alt-Svc 'h3=":443"; ma=86400';
 }
 
-location ~ (^/videoplayback) {
+location @http3-proxy {
   # Woops! Sorry. I don't want to kill my SSD lol!
   proxy_buffering off;
   proxy_request_buffering off;
@@ -44,34 +47,93 @@ location ~ (^/videoplayback) {
   proxy_pass http://http3-ytproxy;
   add_header Cache-Control private always;
   limit_rate 8000k;
-  limit_req zone=invidious-videoplaybackrl nodelay burst=10;
+  #limit_req zone=invidious-videoplaybackrl nodelay burst=10;
+  #limit_conn invgloballimit 64;
+
+  # proxy_hide_header Access-Control-Allow-Origin;
+  # add_header Access-Control-Allow-Credentials true;
+  # add_header Access-Control-Allow-Origin "*" always;
+  # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
+  # add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
+
+  # QUIC
+  # add_header Alt-Svc 'h3=":443"; ma=86400';
+}
+
+# location ~ (^/videoplayback/) {
+# 	# Woops! Sorry. I don't want to kill my SSD lol!
+# 	proxy_buffering off;
+# 	proxy_request_buffering off;
+# 	proxy_cache off;
+# 	#proxy_buffers 1024 16k;
+# 	proxy_set_header X-Forwarded-For "";
+# 	proxy_hide_header "alt-svc";
+# 	sendfile_max_chunk 512k;
+# 	proxy_hide_header Cache-Control;
+# 	proxy_hide_header etag;
+# 	proxy_http_version 1.1;
+# 	proxy_intercept_errors on;
+# 	proxy_set_header Connection keep-alive;
+# 	#proxy_max_temp_file_size 32m;
+# 	proxy_pass http://http3-ytproxy;
+# 	add_header Cache-Control private always;
+# 	limit_rate 8000k;
+# 	#limit_req zone=invidious-videoplaybackrl nodelay burst=10;
+# 	#limit_conn invgloballimit 64;
+#
+# 	# proxy_hide_header Access-Control-Allow-Origin;
+# 	# add_header Access-Control-Allow-Credentials true;
+# 	# add_header Access-Control-Allow-Origin "*" always;
+# 	# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
+# 	# add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
+#
+# 	# QUIC
+# 	add_header Alt-Svc 'h3=":443"; ma=86400';
+# }
+#
+# location ~ (^/vi/) {
+# 	# Woops! Sorry. I don't want to kill my SSD lol!
+# 	proxy_buffering off;
+# 	proxy_request_buffering off;
+# 	proxy_cache off;
+# 	#proxy_buffers 1024 16k;
+# 	proxy_set_header X-Forwarded-For "";
+# 	proxy_hide_header "alt-svc";
+# 	sendfile_max_chunk 512k;
+# 	proxy_hide_header Cache-Control;
+# 	proxy_hide_header etag;
+# 	proxy_http_version 1.1;
+# 	proxy_intercept_errors on;
+# 	proxy_set_header Connection keep-alive;
+# 	#proxy_max_temp_file_size 32m;
+# 	proxy_pass http://http3-ytproxy;
+# 	add_header Cache-Control private always;
+# 	limit_rate 1000k;
+#
+# 	# QUIC
+# 	add_header Alt-Svc 'h3=":443"; ma=86400';
+#
+# 	limit_conn invgloballimit 128;
+# }
+#
+#
+
+location ~ (^/videoplayback/) {
+  try_files $uri @http3-proxy;
 }
 
 location ~ (^/vi/) {
-  # Woops! Sorry. I don't want to kill my SSD lol!
+  try_files $uri @http3-proxy;
-  proxy_buffering off;  
-  proxy_request_buffering off;
-  proxy_cache off;
-  #proxy_buffers 1024 16k;
-  proxy_set_header X-Forwarded-For "";
-  proxy_hide_header "alt-svc";
-  proxy_hide_header Cache-Control;
-  proxy_hide_header etag;
-  proxy_http_version 1.1;
-  proxy_intercept_errors on;
-  proxy_set_header Connection keep-alive;
-  #proxy_max_temp_file_size 32m;
-  proxy_pass http://http3-ytproxy;
-  add_header Cache-Control private always;
-  limit_rate 800k;
 }
 
 location / {
 	try_files $uri @upstream;
+	limit_conn invgloballimit 256;
 }
 
 location /search {
 	try_files $uri @upstream;
+	limit_req zone=invidious-searchrl nodelay burst=5;
 }
 
 location /watch {

nginx/conf.d/luna.conf

@@ -26,6 +26,9 @@ server {
     add_header Access-Control-Allow-Origin *;
   }
 
+  # QUIC
+  include configs/http3.conf;
+
   listen 443 ssl;
   http2 on;
 

nginx/conf.d/matrix.conf

@@ -0,0 +1,88 @@
+# server {
+# 	server_name matrix.zzls.xyz;
+# 	include configs/general.conf;
+# 	include configs/robotsNone.conf;
+# 	include configs/security.conf;
+#
+# 	location /.well-known/matrix/server {
+# 		return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
+# 	}
+#
+# 	location /.well-known/matrix/client {
+# 		default_type application/json;
+# 		add_header Access-Control-Allow-Origin '*';
+# 		return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
+# 	}
+#
+# 	#location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
+# 	#	proxy_pass http://127.0.0.1:40022;
+# 	#	proxy_set_header X-Forwarded-For $remote_addr;
+# 	#	proxy_set_header X-Forwarded-Proto $scheme;
+# 	#		proxy_set_header Host $host;
+# 	#}
+#
+# 	location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
+# 		proxy_pass http://matrix;
+# 		include configs/proxy.conf;
+# 		client_max_body_size 64M;
+# 	}
+#
+# 	# QUIC
+# 	include configs/http3.conf;
+#
+# 	listen 443 ssl;
+# 	listen 8448 ssl;
+# 	listen 8448 quic;
+# 	http2 on;
+# }
+#
+server {
+	server_name matrix.nadeko.net;
+	include configs/general.conf;
+	include configs/robotsNone.conf;
+	include configs/security.conf;
+
+	location /.well-known/matrix/support {
+		return 200 '{"contacts": [{"matrix_id": "@fijxu:nadeko.net","email_address": "fijxu@nadeko.net","role": "m.role.admin"},{"email_address": "fijxu@nadeko.net","role": "m.role.security"}],"support_page": "https://nadeko.net/contact" }';
+	}
+
+	location /.well-known/matrix/server {
+		return 200 '{ "m.server": "matrix.nadeko.net:8448" }';
+	}
+
+	location /.well-known/matrix/client {
+		default_type application/json;
+		add_header Access-Control-Allow-Origin '*';
+		return 200 '{ "m.homeserver": { "base_url": "https://matrix.nadeko.net" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.nadeko.net"}}';
+	}
+
+  location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
+    proxy_pass http://127.0.0.1:10024;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+  }
+
+	location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
+		proxy_pass http://127.0.0.1:10022;
+		include configs/proxy.conf;
+		client_max_body_size 64M;
+	}
+
+	location / {
+		proxy_pass http://127.0.0.1:10023;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Host $host;
+		client_max_body_size 64M;
+		proxy_http_version 1.1;
+	}
+
+	# QUIC
+	include configs/http3.conf;
+
+	listen 443 ssl reuseport;
+	listen 8448 ssl default_server reuseport;
+	listen 8448 quic default_server reuseport;
+	http2 on;
+}

nginx/conf.d/redirector.conf

@@ -8,7 +8,7 @@ server {
 
 # HTTPS Redirector
 server {
-    listen 80;
+    listen 80 default_server;
-
+    server_name _;
     return 301 https://$host$request_uri;
 }

nginx/configs/general.conf

@@ -1,3 +1,14 @@
+# ZSTD
+# https://github.com/tokers/zstd-nginx-module
+zstd		on;
+zstd_comp_level 1;
+zstd_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# BROTLI
+brotli            on;
+brotli_comp_level 6;
+brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
 # GZIP
 gzip              on;
 gzip_vary         on;
@@ -5,12 +16,7 @@ gzip_proxied      any;
 gzip_comp_level   6;
 gzip_types        text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
 
-# BROTLI
-brotli            on;
-brotli_comp_level 6;
-brotli_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
-
 # fuck bots .kill
-if ($poop) {
+# if ($poop) {
-	return 444;
+# 	return 444;
-}
+# }

nginx/configs/http3.conf

@@ -1,2 +1,2 @@
-add_header Alt-Svc 'h3=":443"; ma=86400';
+add_header Alt-Svc 'h3=":8443"; ma=86400';
-listen 443 quic;
+listen 8443 quic;

nginx/configs/upstreams.conf

@@ -7,15 +7,23 @@ upstream php-fpm-8.1 {
 }
 
 upstream inv {
-	server 127.0.0.1:10011 max_fails=2 fail_timeout=2s;
+  server unix:/run/invidious-haproxy/invidious.sock;
+  server 127.0.0.1:10011 backup;
 }
 
 upstream inv-tor {
-	server 127.0.0.1:10099 max_fails=2 fail_timeout=2s;
+  server unix:/run/invidious-haproxy/invidious-tor.sock;
+  server 127.0.0.1:10098 backup;
+}
+
+upstream inv-i2p {
+  server unix:/run/invidious-haproxy/invidious-i2p.sock;
+  server 127.0.0.1:10099 backup;
 }
 
 upstream http3-ytproxy {
-	server 127.0.0.1:10012 max_fails=2 fail_timeout=5s;
+  server unix:/run/invidious-haproxy/http3-proxy.sock;
+  server 127.0.0.1:10012 backup;
 }
 
 upstream materialious {

nginx/nginx.conf

@@ -4,8 +4,12 @@ worker_rlimit_nofile 65535;
 include /etc/nginx/modules-enabled/*.conf;
 load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
 load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so; # for compressing responses on-the-fly
+load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so; # for serving pre-compressed files
 load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; # ngx_lua
 
+quic_bpf on;
+
 events {
 	worker_connections 4096;
 	multi_accept off;
@@ -60,10 +64,15 @@ http {
 	aio_write on;
 	directio 2m;
 
+	# QUIC settings
+	# https://nginx.org/en/docs/http/ngx_http_v3_module.html
+	quic_gso on;
+
 	# Maps
 	include /etc/nginx/snippets/maps.conf;
 	include /etc/nginx/snippets/poop.conf;
 
+	include /etc/nginx/configs/general.conf;
 	include /etc/nginx/configs/upstreams.conf;
 	include /etc/nginx/configs/limits.conf;
 	include /etc/nginx/conf.d/*.conf;

tmpfiles.d/docker-unix-socket-binds.conf

@@ -0,0 +1,3 @@
+d /run/http3-proxy-nginx 0755 root root
+d /run/invidious-nginx 0755 root root
+d /run/invidious-haproxy 0777 root root