h7yt8w34f56h7yg8fw45h67yg8bw4e7tgh6ywber67yh8g9nf235qv7ygn89354wqvy8mg93524q78yh9m345qv879hm345qv789hm

This commit is contained in:
sf.nadeko.net 2024-08-24 23:09:07 -04:00
parent 8ed2326fef
commit b9663af584
12 changed files with 340 additions and 83 deletions

View file

@ -13,7 +13,7 @@ server {
}
# QUIC
# include configs/http3.conf;
include configs/http3.conf;
listen 443 ssl;
http2 on;

View file

@ -0,0 +1,83 @@
location @upstream-i2p {
proxy_pass http://inv-i2p;
include configs/proxy.conf;
limit_rate 1000k;
# Disable buffering and cache so i don't kill my
# SSD and bandwidth usage
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
proxy_intercept_errors on;
proxy_connect_timeout 10s;
proxy_read_timeout 20s;
#error_page 502 = @fallback;
if ($request_method = OPTIONS) {
return 204;
}
}
location @http3-proxy {
# Woops! Sorry. I don't want to kill my SSD lol!
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
#proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_hide_header "alt-svc";
sendfile_max_chunk 512k;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_set_header Connection keep-alive;
#proxy_max_temp_file_size 32m;
proxy_pass http://http3-ytproxy;
add_header Cache-Control private always;
limit_rate 8000k;
}
location ~ (^/videoplayback/) {
try_files $uri @http3-proxy;
}
location ~ (^/vi/) {
try_files $uri @http3-proxy;
}
location ~ (^/vi) {
try_files $uri @upstream-i2p;
}
location / {
try_files $uri @upstream-i2p;
}
location /search {
try_files $uri @upstream-i2p;
}
location /watch {
try_files $uri @upstream-i2p;
}
location /api/v1 {
try_files $uri @upstream-i2p;
}
location /api/v1/storyboards {
try_files $uri @upstream-i2p;
}
location /api/v1/captions {
try_files $uri @upstream-i2p;
}
location /api/v1/comments {
try_files $uri @upstream-i2p;
}
location ~ ^/api/v1/channels/(.+)/shorts {
try_files $uri @upstream-i2p;
}

View file

@ -1,4 +1,4 @@
location @upstream {
location @upstream-tor {
proxy_pass http://inv-tor;
include configs/proxy.conf;
limit_rate 1000k;
@ -17,7 +17,7 @@ location @upstream {
}
}
location ~ (^/videoplayback) {
location @http3-proxy {
# Woops! Sorry. I don't want to kill my SSD lol!
proxy_buffering off;
proxy_request_buffering off;
@ -37,55 +37,50 @@ location ~ (^/videoplayback) {
limit_rate 8000k;
}
location ~ (^/videoplayback/) {
try_files $uri @http3-proxy;
}
location ~ (^/vi/) {
# Woops! Sorry. I don't want to kill my SSD lol!
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
#proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_hide_header "alt-svc";
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_set_header Connection keep-alive;
#proxy_max_temp_file_size 32m;
proxy_pass http://http3-ytproxy;
add_header Cache-Control private always;
limit_rate 800k;
try_files $uri @http3-proxy;
}
location ~ (^/vi) {
try_files $uri @upstream-tor;
}
location / {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
location /search {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
location /watch {
try_files $uri @upstream;
try_files $uri @upstream-tor;
#limit_req zone=invidious-watchrl nodelay burst=5;
}
location /api/v1 {
try_files $uri @upstream;
try_files $uri @upstream-tor;
#limit_req zone=invidious-apirl nodelay burst=10;
}
location /api/v1/storyboards {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
location /api/v1/captions {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
location /api/v1/comments {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
location ~ ^/api/v1/channels/(.+)/shorts {
try_files $uri @upstream;
try_files $uri @upstream-tor;
}
#location @fallback {

View file

@ -7,9 +7,9 @@ location @upstream {
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
proxy_intercept_errors on;
proxy_connect_timeout 10s;
proxy_read_timeout 20s;
#proxy_intercept_errors on;
#proxy_connect_timeout 10s;
#proxy_read_timeout 20s;
#error_page 502 = @fallback;
if ($request_method = OPTIONS) {
@ -18,15 +18,18 @@ location @upstream {
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin "https://materialious.nadeko.net" always;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
# TOR
add_header Onion-Location http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion$request_uri;
# QUIC
# add_header Alt-Svc 'h3=":443"; ma=86400';
}
location ~ (^/videoplayback) {
location @http3-proxy {
# Woops! Sorry. I don't want to kill my SSD lol!
proxy_buffering off;
proxy_request_buffering off;
@ -44,34 +47,93 @@ location ~ (^/videoplayback) {
proxy_pass http://http3-ytproxy;
add_header Cache-Control private always;
limit_rate 8000k;
limit_req zone=invidious-videoplaybackrl nodelay burst=10;
#limit_req zone=invidious-videoplaybackrl nodelay burst=10;
#limit_conn invgloballimit 64;
# proxy_hide_header Access-Control-Allow-Origin;
# add_header Access-Control-Allow-Credentials true;
# add_header Access-Control-Allow-Origin "*" always;
# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
# add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
# QUIC
# add_header Alt-Svc 'h3=":443"; ma=86400';
}
# location ~ (^/videoplayback/) {
# # Woops! Sorry. I don't want to kill my SSD lol!
# proxy_buffering off;
# proxy_request_buffering off;
# proxy_cache off;
# #proxy_buffers 1024 16k;
# proxy_set_header X-Forwarded-For "";
# proxy_hide_header "alt-svc";
# sendfile_max_chunk 512k;
# proxy_hide_header Cache-Control;
# proxy_hide_header etag;
# proxy_http_version 1.1;
# proxy_intercept_errors on;
# proxy_set_header Connection keep-alive;
# #proxy_max_temp_file_size 32m;
# proxy_pass http://http3-ytproxy;
# add_header Cache-Control private always;
# limit_rate 8000k;
# #limit_req zone=invidious-videoplaybackrl nodelay burst=10;
# #limit_conn invgloballimit 64;
#
# # proxy_hide_header Access-Control-Allow-Origin;
# # add_header Access-Control-Allow-Credentials true;
# # add_header Access-Control-Allow-Origin "*" always;
# # add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always;
# # add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always;
#
# # QUIC
# add_header Alt-Svc 'h3=":443"; ma=86400';
# }
#
# location ~ (^/vi/) {
# # Woops! Sorry. I don't want to kill my SSD lol!
# proxy_buffering off;
# proxy_request_buffering off;
# proxy_cache off;
# #proxy_buffers 1024 16k;
# proxy_set_header X-Forwarded-For "";
# proxy_hide_header "alt-svc";
# sendfile_max_chunk 512k;
# proxy_hide_header Cache-Control;
# proxy_hide_header etag;
# proxy_http_version 1.1;
# proxy_intercept_errors on;
# proxy_set_header Connection keep-alive;
# #proxy_max_temp_file_size 32m;
# proxy_pass http://http3-ytproxy;
# add_header Cache-Control private always;
# limit_rate 1000k;
#
# # QUIC
# add_header Alt-Svc 'h3=":443"; ma=86400';
#
# limit_conn invgloballimit 128;
# }
#
#
location ~ (^/videoplayback/) {
try_files $uri @http3-proxy;
}
location ~ (^/vi/) {
# Woops! Sorry. I don't want to kill my SSD lol!
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
#proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_hide_header "alt-svc";
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_intercept_errors on;
proxy_set_header Connection keep-alive;
#proxy_max_temp_file_size 32m;
proxy_pass http://http3-ytproxy;
add_header Cache-Control private always;
limit_rate 800k;
try_files $uri @http3-proxy;
}
location / {
try_files $uri @upstream;
limit_conn invgloballimit 256;
}
location /search {
try_files $uri @upstream;
limit_req zone=invidious-searchrl nodelay burst=5;
}
location /watch {

View file

@ -26,6 +26,9 @@ server {
add_header Access-Control-Allow-Origin *;
}
# QUIC
include configs/http3.conf;
listen 443 ssl;
http2 on;

88
nginx/conf.d/matrix.conf Normal file
View file

@ -0,0 +1,88 @@
# server {
# server_name matrix.zzls.xyz;
# include configs/general.conf;
# include configs/robotsNone.conf;
# include configs/security.conf;
#
# location /.well-known/matrix/server {
# return 200 '{ "m.server": "matrix.zzls.xyz:8448" }';
# }
#
# location /.well-known/matrix/client {
# default_type application/json;
# add_header Access-Control-Allow-Origin '*';
# return 200 '{ "m.homeserver": { "base_url": "https://matrix.zzls.xyz" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.zzls.xyz"}}';
# }
#
# #location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
# # proxy_pass http://127.0.0.1:40022;
# # proxy_set_header X-Forwarded-For $remote_addr;
# # proxy_set_header X-Forwarded-Proto $scheme;
# # proxy_set_header Host $host;
# #}
#
# location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
# proxy_pass http://matrix;
# include configs/proxy.conf;
# client_max_body_size 64M;
# }
#
# # QUIC
# include configs/http3.conf;
#
# listen 443 ssl;
# listen 8448 ssl;
# listen 8448 quic;
# http2 on;
# }
#
server {
server_name matrix.nadeko.net;
include configs/general.conf;
include configs/robotsNone.conf;
include configs/security.conf;
location /.well-known/matrix/support {
return 200 '{"contacts": [{"matrix_id": "@fijxu:nadeko.net","email_address": "fijxu@nadeko.net","role": "m.role.admin"},{"email_address": "fijxu@nadeko.net","role": "m.role.security"}],"support_page": "https://nadeko.net/contact" }';
}
location /.well-known/matrix/server {
return 200 '{ "m.server": "matrix.nadeko.net:8448" }';
}
location /.well-known/matrix/client {
default_type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{ "m.homeserver": { "base_url": "https://matrix.nadeko.net" }, "org.matrix.msc3575.proxy": {"url": "https://matrix.nadeko.net"}}';
}
location ~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync) {
proxy_pass http://127.0.0.1:10024;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics) {
proxy_pass http://127.0.0.1:10022;
include configs/proxy.conf;
client_max_body_size 64M;
}
location / {
proxy_pass http://127.0.0.1:10023;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 64M;
proxy_http_version 1.1;
}
# QUIC
include configs/http3.conf;
listen 443 ssl reuseport;
listen 8448 ssl default_server reuseport;
listen 8448 quic default_server reuseport;
http2 on;
}

View file

@ -8,7 +8,7 @@ server {
# HTTPS Redirector
server {
listen 80;
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

View file

@ -1,3 +1,14 @@
# ZSTD
# https://github.com/tokers/zstd-nginx-module
zstd on;
zstd_comp_level 1;
zstd_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# BROTLI
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# GZIP
gzip on;
gzip_vary on;
@ -5,12 +16,7 @@ gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# BROTLI
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# fuck bots .kill
if ($poop) {
return 444;
}
# if ($poop) {
# return 444;
# }

View file

@ -1,2 +1,2 @@
add_header Alt-Svc 'h3=":443"; ma=86400';
listen 443 quic;
add_header Alt-Svc 'h3=":8443"; ma=86400';
listen 8443 quic;

View file

@ -7,15 +7,23 @@ upstream php-fpm-8.1 {
}
upstream inv {
server 127.0.0.1:10011 max_fails=2 fail_timeout=2s;
server unix:/run/invidious-haproxy/invidious.sock;
server 127.0.0.1:10011 backup;
}
upstream inv-tor {
server 127.0.0.1:10099 max_fails=2 fail_timeout=2s;
server unix:/run/invidious-haproxy/invidious-tor.sock;
server 127.0.0.1:10098 backup;
}
upstream inv-i2p {
server unix:/run/invidious-haproxy/invidious-i2p.sock;
server 127.0.0.1:10099 backup;
}
upstream http3-ytproxy {
server 127.0.0.1:10012 max_fails=2 fail_timeout=5s;
server unix:/run/invidious-haproxy/http3-proxy.sock;
server 127.0.0.1:10012 backup;
}
upstream materialious {

View file

@ -4,8 +4,12 @@ worker_rlimit_nofile 65535;
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so; # for compressing responses on-the-fly
load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so; # for serving pre-compressed files
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; # ngx_lua
quic_bpf on;
events {
worker_connections 4096;
multi_accept off;
@ -60,10 +64,15 @@ http {
aio_write on;
directio 2m;
# QUIC settings
# https://nginx.org/en/docs/http/ngx_http_v3_module.html
quic_gso on;
# Maps
include /etc/nginx/snippets/maps.conf;
include /etc/nginx/snippets/poop.conf;
include /etc/nginx/configs/general.conf;
include /etc/nginx/configs/upstreams.conf;
include /etc/nginx/configs/limits.conf;
include /etc/nginx/conf.d/*.conf;

View file

@ -0,0 +1,3 @@
d /run/http3-proxy-nginx 0755 root root
d /run/invidious-nginx 0755 root root
d /run/invidious-haproxy 0777 root root