diff --git a/http.d/locations/inv.conf b/http.d/locations/inv.conf index 2cab5f2..c2ed548 100644 --- a/http.d/locations/inv.conf +++ b/http.d/locations/inv.conf @@ -1,100 +1,22 @@ +# Notes: +# Required headers that need to be passed to invidious: +# - Host (to be able to identify the domain from where it was accessed, handle numbered domains, alternative domains like .onion and .i2p) +# +# configs/proxy.conf contains the directive to pass the Host header to Invidious + location @upstream { proxy_pass http://$invidious_backend; + include configs/proxy.conf; limit_rate 1000k; + # To reduce the load in the main storage proxy_buffering off; proxy_request_buffering off; #proxy_cache off; - # To let invidious know the Host header, needed for alternative_domains. - # https://git.nadeko.net/Fijxu/invidious/commit/35f28b508ea049118cb6a0b3062b6c7ce2c4009f - proxy_set_header Host $host; - - proxy_pass_request_headers on; - proxy_intercept_errors on; - proxy_connect_timeout 10s; - - # To keep-alive - proxy_http_version 1.1; - proxy_set_header Connection ""; - if ($request_method = OPTIONS) { return 204; } - - proxy_hide_header Access-Control-Allow-Origin; - add_header Access-Control-Allow-Credentials true; - add_header Access-Control-Allow-Origin "https://materialious.nadeko.net" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always; - add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always; -} - -location @upstream-api { - proxy_pass http://inv; - limit_rate 1000k; - # To reduce the load in the main storage - proxy_buffering on; - proxy_request_buffering off; - #proxy_cache off; - - proxy_cache invidious-api-cache; - proxy_cache_valid 200 240m; - add_header X-Cache $upstream_cache_status; - proxy_cache_key "$host$request_uri$cache_case"; - - # To let invidious know the Host header, needed for alternative_domains. - # https://git.nadeko.net/Fijxu/invidious/commit/35f28b508ea049118cb6a0b3062b6c7ce2c4009f - proxy_set_header Host $host; - - proxy_pass_request_headers on; - proxy_intercept_errors on; - proxy_connect_timeout 10s; - - # To keep-alive - proxy_http_version 1.1; - proxy_set_header Connection ""; - - if ($request_method = OPTIONS) { - return 204; - } - - proxy_hide_header Access-Control-Allow-Origin; - add_header Access-Control-Allow-Credentials true; - add_header Access-Control-Allow-Origin "https://materialious.nadeko.net" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always; - add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always; -} - -location @upstream-latest_version { - proxy_pass http://inv; - limit_rate 1000k; - # To reduce the load in the main storage - proxy_buffering on; - proxy_request_buffering off; - #proxy_cache off; - - proxy_cache invidious-latest_version-cache; - proxy_cache_valid 302 240m; - add_header X-Cache $upstream_cache_status; - proxy_cache_key "$host$request_uri$cache_case"; - - # To let invidious know the Host header, needed for alternative_domains. - # https://git.nadeko.net/Fijxu/invidious/commit/35f28b508ea049118cb6a0b3062b6c7ce2c4009f - proxy_set_header Host $host; - - proxy_pass_request_headers on; - proxy_intercept_errors on; - proxy_connect_timeout 10s; - - # To keep-alive - proxy_http_version 1.1; - proxy_set_header Connection ""; - - proxy_hide_header Access-Control-Allow-Origin; - add_header Access-Control-Allow-Credentials true; - add_header Access-Control-Allow-Origin "https://materialious.nadeko.net" always; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD, PATCH, PUT, DELETE" always; - add_header Access-Control-Allow-Headers "User-Agent, Authorization, Content-Type" always; } location @http3-proxy { @@ -116,43 +38,18 @@ location @http3-proxy { proxy_http_version 1.1; } -location @xd { - proxy_pass http://http3-ytproxy; - limit_rate 600k; - # Proxy buffering needs to be on in order - # to make the cache work - proxy_buffering on; - proxy_request_buffering off; - - proxy_cache invidious-image-cache; - proxy_cache_valid 200 48h; - add_header X-Cache $upstream_cache_status; - - proxy_http_version 1.1; +location /index.html { + return 301 $scheme://$host/; } location ~ (^/videoplayback) { - return 403 ""; + return 403 " + Videoplayback requests are not allowed in this endpoint. + Yes, this is an error. If you find it, please report it to + https://git.nadeko.net/Fijxu/invidious"; try_files $uri @http3-proxy; } -location ~ (^/vi/) { - try_files $uri @xd; -} - -location ~ (^/ggpht/) { - try_files $uri @xd; -} - -location /latest_version { - try_files $uri @upstream-latest_version; - limit_req zone=invidious-latestversionrl nodelay burst=12; -} - -location /index.html { - return 301 $scheme://$host/; -} - location / { try_files $uri @upstream; } @@ -167,6 +64,13 @@ location /watch { limit_req zone=invidious-watchrl nodelay burst=3; } +location /feed/playlist { + limit_req zone=invidious-feedplaylist nodelay burst=24; + try_files $uri @upstream; +} + +# API # + location /api/v1 { limit_req zone=invidious-apirl nodelay burst=100; try_files $uri @upstream; @@ -176,11 +80,11 @@ location ~ ^/api/v1/(videos|channels|search|mixes|trending) { if ($http_user_agent !~ "Clipious/") { return 401 "API disabled"; } - try_files $uri @upstream-api; + try_files $uri @upstream; } location /api/v1/comments { - try_files $uri @upstream-api; + try_files $uri @upstream; } location /api/v1/auth/notifications { @@ -190,63 +94,3 @@ location /api/v1/auth/notifications { location /api/v1/auth/subscriptions { return 403 "Endpoint disabled"; } - -location /feed/playlist { - limit_req zone=invidious-feedplaylist nodelay burst=24; - try_files $uri @upstream; -} - -# location /api/v1/storyboards { -# try_files $uri @upstream; -# } -# -# location /api/v1/comments { -# try_files $uri @upstream; -# } - -# location ~ (^/api/v1/videos| { -# return 401 "API disabled"; -# } -# location /api/v1/channels { -# return 401 "API disabled"; -# } -# location /api/v1/search { -# return 401 "API disabled"; -# } -# location /api/v1/mixes { -# return 401 "API disabled"; -# } -# location /api/v1/trending { -# return 401 "API disabled"; -# } -# -# location /api/v1/videos { -# limit_req zone=invidious-apivideosrl nodelay burst=3; -# try_files $uri @upstream-api; -# if ($http_user_agent = "Mozilla/5.0") { -# return 444; -# } -# if ($http_user_agent ~* "python") { -# return 444; -# } -# } - -# location /api/v1/channels { -# limit_req zone=invidious-apichannelsrl nodelay burst=32; -# try_files $uri @upstream; -# } - -# -# location /api/v1/captions { -# try_files $uri @upstream; -# } -# - -#location ~ ^/api/v1/channels/(.+)/shorts { -# try_files $uri @upstream; -#} - -#location @fallback { -# root /etc/nginx/errors; -# try_files $uri /502.html = 502; -#} diff --git a/http.d/luna.conf b/http.d/luna.conf index 0e05f3b..182a18b 100644 --- a/http.d/luna.conf +++ b/http.d/luna.conf @@ -3,36 +3,12 @@ server { error_log /var/log/nginx/luna.error.log; server_name luna.nadeko.net; include configs/listen.conf; - # index index.php /_h5ai/public/index.php; - # root /mnt/960gb_ssd/luna; include configs/general.conf; include configs/security.conf; - # default_type "application/octet-stream"; - - # location / { - # proxy_pass http://127.0.0.1:20001; - # } - - # location /_h5ai/private { - # return 403; - # } - # - # location ~ [^/]\.php(/|$) { - # fastcgi_split_path_info ^(.+?\.php)(/.*)$; - # if (!-f $document_root$fastcgi_script_name) { - # return 404; - # } - # fastcgi_param HTTP_PROXY ""; - # fastcgi_pass php-fpm-8.1; - # fastcgi_index index.php; - # include fastcgi_params; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_param PATH_INFO $fastcgi_path_info; - # add_header Access-Control-Allow-Origin *; - # } location / { proxy_pass http://127.0.0.1:10008; include configs/proxy.conf; + limit_rate 8000k; } }