Fijxu/openresty-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update config

Browse source
This commit is contained in:
Fijxu 2025-02-12 00:52:48 -03:00
parent a85fbf5d1e
commit 4d14c2a574
Signed by: Fijxu
GPG key ID: 32C1DDF333EDA6A4
8 changed files with 98 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
configs/debug-upstreams.conf Normal file
View file

@ -0,0 +1,23 @@
# DEVELOPMENT
# upstream inv-debug {
# server 127.0.0.1:10060;
# server 127.0.0.1:10070;
# server 127.0.0.1:10080;
# server 127.0.0.1:20100;
# balancer_by_lua_block {
# local sticky = require "stickydebug"
# local servers = {
# { "127.0.0.1", 10060, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10070, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10080, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20100, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20200, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-debug", "clearnet");
# }
# }
# upstream http3-ytproxy-debug {
# server 127.0.0.1:10078;
# server 127.0.0.1:10080;
# }

5
configs/luaconfig.conf Normal file
View file

@ -0,0 +1,5 @@
lua_package_path '/etc/openresty/lua/plugins/crowdsec/?.lua;/etc/openresty/lua/?.lua;/etc/openresty/lua/?/?.lua;;';
lua_package_cpath '/usr/lib/lua/5.1/?.so;;';
lua_shared_dict crowdsec_cache 128m;
lua_socket_pool_size 1024;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

125
configs/upstreams.conf
View file

@ -3,36 +3,13 @@ upstream php-fpm-8.3 {
}
lua_shared_dict servers 12k;
upstream inv {
# hash $remote_addr consistent;
# ip_hash;
#server unix:/run/invidious-haproxy/invidious.sock max_fails=1 fail_timeout=10s;
#server unix:/run/invidious-haproxy/invidious-vpn.sock max_fails=1 fail_timeout=10s;
# server 127.0.0.1:10060;
# server 127.0.0.1:10070;
# server 127.0.0.1:10080;
# balancer_by_lua_file "conf/lua/invidious-sticky.lua";
server 127.0.0.1:11101;
server 127.0.0.1:11102;
server 127.0.0.1:11103;
server 127.0.0.1:11104;
server 127.0.0.1:11105;
balancer_by_lua_block {
local sticky = require "invidious-sticky"
local servers = {
{ "127.0.0.1", 11101, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11104, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11105, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
local s = ngx.shared.servers
s:set("inv-backends", #servers)
sticky.run(servers, "invidious", "clearnet");
}
balancer_by_lua_file "conf/lua/invidious-balancer.lua";
}
upstream invidious-1 {
@ -60,88 +37,16 @@ upstream invidious-5 {
server 127.0.0.1:11105;
}
# upstream invidious-5 {
# server 127.0.0.1:11105;
# keepalive 2;
# }
# upstream inv-t1 {
# server 127.0.0.1:20201;
# }
# upstream inv-tor {
# server 127.0.0.1:10062;
# server 127.0.0.1:10072;
# server 127.0.0.1:10082;
# server 127.0.0.1:20102;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "127.0.0.1", 10062, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10072, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10082, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-tor", "clearnet");
# }
# }
#
# upstream inv-i2p {
# server 127.0.0.1:10063;
# server 127.0.0.1:10073;
# server 127.0.0.1:10083;
# server 127.0.0.1:20103;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "127.0.0.1", 10063, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10073, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10083, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-i2p", "clearnet");
# }
# }
upstream inv-feed-receiver {
keepalive 64;
server 127.0.0.1:20090;
}
upstream http3-ytproxy {
#hash $remote_addr consistent;
# ip_hash;
#server unix:/run/invidious-haproxy/http3-proxy.sock;
#server unix:/run/invidious-haproxy/http3-proxy-vpn.sock;
server unix:/tmp/http3-ytproxy.sock;
keepalive 128;
# server 127.0.0.1:10061;
# server 127.0.0.1:10071;
# server 127.0.0.1:10081;
# server 127.0.0.1:20101;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "unix:/tmp/http3-ytproxy.sock", 10061, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 }
# }
# sticky.run(servers, "http3-ytproxy", "clearnet");
# }
server unix:/tmp/http3-ytproxy.sock;
}
# upstream materialious {
# server 127.0.0.1:10013;
# }
#
# upstream materialious-tor {
# server 127.0.0.1:10070;
# }
#
# upstream syncious {
# server 127.0.0.1:10014;
# }
#
# upstream peerjs {
# server 127.0.0.1:10015;
# }
upstream rimgo {
keepalive 128;
server 127.0.0.1:10001;
@ -198,26 +103,4 @@ upstream forgejo {
server unix:/run/forgejo/forgejo.sock backup;
}
# DEVELOPMENT
upstream inv-debug {
server 127.0.0.1:10060;
server 127.0.0.1:10070;
server 127.0.0.1:10080;
server 127.0.0.1:20100;
balancer_by_lua_block {
local sticky = require "stickydebug"
local servers = {
{ "127.0.0.1", 10060, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 10070, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 10080, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 20100, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 20200, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
sticky.run(servers, "invidious-debug", "clearnet");
}
}
upstream http3-ytproxy-debug {
server 127.0.0.1:10078;
server 127.0.0.1:10080;
}
include configs/debug-upstreams.conf;

1
lua/502-invidious.lua
View file

@ -1,6 +1,5 @@
ngx.header.content_type = 'text/html';
local backend_num = ngx.shared.servers:get("inv-backends");
-- local backend_num = 4;
local function generate_backend_list()
local html = ""

11
lua/invidious-balancer.lua Normal file
View file

@ -0,0 +1,11 @@
local sticky = require "invidious-sticky"
local servers = {
{ "127.0.0.1", 11101, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11104, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11105, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
local s = ngx.shared.servers
s:set("inv-backends", #servers)
sticky.run(servers, "invidious", "clearnet");

78
lua/invidious-sticky.lua
View file

@ -8,6 +8,12 @@ local servers
local weighted_servers
local domain
local function set_headers()
-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#partitioned
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
end
-- Generate a weighted server list based on weights
local function generate_weighted_server_list(servers)
local weighted_servers = {}
@ -19,34 +25,48 @@ local function generate_weighted_server_list(servers)
return weighted_servers
end
-- Hash function to select server
local function hash(key, num_buckets)
local hash = ngx.crc32_long(key)
return (hash % num_buckets) + 1
end
-- Select server based on cookie or assign a new one
local function select_server()
local cookie = ngx.var["cookie_" .. cookie_name]
local server_index
math.randomseed(os.time())
if cookie then
server_index = tonumber(cookie)
ngx.header["X-Server-Id"] = server_index
else
server_index = math.random(#servers)
-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#partitioned
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
server_index = math.random(#servers)
set_headers()
end
local server = weighted_servers[server_index]
return server
end
local function check_args(args)
for key, server_index in pairs(args) do
if key == "backend" then
server_index = tonumber(server_index)
-- To redirect to another backend if user inputs a backend that doesn't exists
-- Ex: ?backend=4 will give you X-Server-Id=1 (Backend 1)
local val = val % #servers
if val == -1 then
val = #servers
end
ok, err = balancer.set_current_peer(servers[val][0], servers[val][2])
if not ok then
return ngx.exit(501)
end
set_headers()
end
end
end
function _M.run(upstreams)
domain = ".nadeko.net"
local host = ngx.req.get_headers()["Host"]
@ -56,42 +76,27 @@ function _M.run(upstreams)
domain = host
end
-- I2P Support
if string.match(host, ".i2p") then
domain = host
end
servers = upstreams
weighted_servers = generate_weighted_server_list(servers)
local ok, err
local args = ngx.req.get_uri_args()
if args then
for key, server_index in pairs(args) do
if key == "backend" then
server_index = tonumber(server_index)
-- To redirect to another backend if user inputs a backend that doesn't exists
-- Ex: ?backend=5 will give you X-Server-Id=1 (Backend 1)
val = val % #servers
if val == 0 then
val = #servers
end
ok, err = balancer.set_current_peer(servers[val][1], servers[val][2])
if not ok then
-- ngx.say("No peer available")
return ngx.exit(502)
end
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
end
end
check_args(args)
end
local server = select_server()
if not server then
-- ngx.say("No peer available")
ngx.log(ngx.ERR, "Failed to set the current peer: ", err)
return ngx.exit(502)
end
-- Unix socket support
if string.match(server[1], 'unix:') then
ok, err = balancer.set_current_peer(server[1])
else
@ -100,14 +105,13 @@ function _M.run(upstreams)
if not ok then
ngx.log(ngx.ERR, "Failed to set the current peer: ", err)
-- ngx.say("Failed to set the current peer")
return ngx.exit(500)
end
-- https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#enable_keepalive
ok, err = balancer.enable_keepalive(60, 1000)
if not ok then
ngx.log(ngx.ERR, "failed to set keepalive: ", err)
ngx.log(ngx.ERR, "Failed to set keepalive: ", err)
return
end
end

0
lua/sticky-http3.lua → lua/unused/sticky-http3.lua
View file

47
nginx.conf
View file

@ -1,52 +1,34 @@
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/openresty.pid;
error_log /var/log/nginx/error.log debug;
# include modules/*.conf;
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
#load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; # To add headers to any location without the nginx bullshit
#load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so; # for compressing responses on-the-fly
#load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so; # for serving pre-compressed files
#load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; # ngx_lua
#load_module /usr/lib/nginx/modules/ngx_http_lua_module.so
quic_bpf on;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
#resolver 127.0.0.1;
quic_bpf on;
http {
map $server_addr $unix {
default 0;
default 0;
"~unix:" 1;
}
include configs/cache.conf;
lua_package_path '/etc/openresty/lua/plugins/crowdsec/?.lua;/etc/openresty/lua/?.lua;/etc/openresty/lua/?/?.lua;;';
lua_package_cpath '/usr/lib/lua/5.1/?.so;;';
lua_shared_dict crowdsec_cache 128m;
lua_socket_pool_size 1024;
resolver 127.0.0.1 ipv6=off;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
include configs/luaconfig.conf;
init_by_lua_file "conf/lua/init.lua";
include configs/crowdsec.conf;
log_format limited '$remote_addr - $remote_user [$time_local] '
'"$request_method /bogus $server_protocol" $status $body_bytes_sent '
'"-" "Bogus/66.6" - "$http_host"';
resolver 127.0.0.1 ipv6=off;
# For OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
access_log off;
error_log /dev/null;
#error_log /var/log/nginx/error.log debug;
# Basic Settings
charset utf-8;
@ -79,15 +61,15 @@ http {
client_body_buffer_size 32k;
client_max_body_size 2m;
# open_file_cache max=1024 inactive=10s;
# open_file_cache_valid 60s;
# open_file_cache_min_uses 2;
# open_file_cache_errors on;
open_file_cache max=1024 inactive=10s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# PERFORMANCE / ASYNC I/O
#aio threads=default;
#aio_write on;
#directio 2m;
aio threads=default;
aio_write on;
directio 2m;
# QUIC settings
# https://nginx.org/en/docs/http/ngx_http_v3_module.html
@ -95,7 +77,6 @@ http {
# Maps
include snippets/maps.conf;
#include snippets/poop.conf;
include configs/general.conf;
include configs/upstreams.conf;