Fijxu/openresty-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update config

Browse source
This commit is contained in:
Fijxu 2025-02-12 00:52:48 -03:00
parent a85fbf5d1e
commit 4d14c2a574
Signed by: Fijxu
GPG key ID: 32C1DDF333EDA6A4
8 changed files with 98 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
configs/debug-upstreams.conf Normal file
View file

@ -0,0 +1,23 @@
# DEVELOPMENT
# upstream inv-debug {
# server 127.0.0.1:10060;
# server 127.0.0.1:10070;
# server 127.0.0.1:10080;
# server 127.0.0.1:20100;
# balancer_by_lua_block {
# local sticky = require "stickydebug"
# local servers = {
# { "127.0.0.1", 10060, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10070, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10080, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20100, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20200, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-debug", "clearnet");
# }
# }
# upstream http3-ytproxy-debug {
# server 127.0.0.1:10078;
# server 127.0.0.1:10080;
# }

5
configs/luaconfig.conf Normal file
View file

@ -0,0 +1,5 @@
lua_package_path '/etc/openresty/lua/plugins/crowdsec/?.lua;/etc/openresty/lua/?.lua;/etc/openresty/lua/?/?.lua;;';
lua_package_cpath '/usr/lib/lua/5.1/?.so;;';
lua_shared_dict crowdsec_cache 128m;
lua_socket_pool_size 1024;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

125
configs/upstreams.conf
View file

@ -3,36 +3,13 @@ upstream php-fpm-8.3 {
} }
lua_shared_dict servers 12k; lua_shared_dict servers 12k;
upstream inv { upstream inv {
# hash $remote_addr consistent;
# ip_hash;
#server unix:/run/invidious-haproxy/invidious.sock max_fails=1 fail_timeout=10s;
#server unix:/run/invidious-haproxy/invidious-vpn.sock max_fails=1 fail_timeout=10s;
# server 127.0.0.1:10060;
# server 127.0.0.1:10070;
# server 127.0.0.1:10080;
# balancer_by_lua_file "conf/lua/invidious-sticky.lua";
server 127.0.0.1:11101; server 127.0.0.1:11101;
server 127.0.0.1:11102; server 127.0.0.1:11102;
server 127.0.0.1:11103; server 127.0.0.1:11103;
server 127.0.0.1:11104; server 127.0.0.1:11104;
server 127.0.0.1:11105; server 127.0.0.1:11105;
balancer_by_lua_block { balancer_by_lua_file "conf/lua/invidious-balancer.lua";
local sticky = require "invidious-sticky"
local servers = {
{ "127.0.0.1", 11101, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11104, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11105, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
local s = ngx.shared.servers
s:set("inv-backends", #servers)
sticky.run(servers, "invidious", "clearnet");
}
} }
upstream invidious-1 { upstream invidious-1 {
@ -60,88 +37,16 @@ upstream invidious-5 {
server 127.0.0.1:11105; server 127.0.0.1:11105;
} }
# upstream invidious-5 {
# server 127.0.0.1:11105;
# keepalive 2;
# }
# upstream inv-t1 {
# server 127.0.0.1:20201;
# }
# upstream inv-tor {
# server 127.0.0.1:10062;
# server 127.0.0.1:10072;
# server 127.0.0.1:10082;
# server 127.0.0.1:20102;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "127.0.0.1", 10062, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10072, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10082, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-tor", "clearnet");
# }
# }
#
# upstream inv-i2p {
# server 127.0.0.1:10063;
# server 127.0.0.1:10073;
# server 127.0.0.1:10083;
# server 127.0.0.1:20103;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "127.0.0.1", 10063, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10073, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 10083, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# { "127.0.0.1", 20103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
# }
# sticky.run(servers, "invidious-i2p", "clearnet");
# }
# }
upstream inv-feed-receiver { upstream inv-feed-receiver {
keepalive 64;
server 127.0.0.1:20090; server 127.0.0.1:20090;
} }
upstream http3-ytproxy { upstream http3-ytproxy {
#hash $remote_addr consistent;
# ip_hash;
#server unix:/run/invidious-haproxy/http3-proxy.sock;
#server unix:/run/invidious-haproxy/http3-proxy-vpn.sock;
server unix:/tmp/http3-ytproxy.sock;
keepalive 128; keepalive 128;
# server 127.0.0.1:10061; server unix:/tmp/http3-ytproxy.sock;
# server 127.0.0.1:10071;
# server 127.0.0.1:10081;
# server 127.0.0.1:20101;
# balancer_by_lua_block {
# local sticky = require "invidious-sticky"
# local servers = {
# { "unix:/tmp/http3-ytproxy.sock", 10061, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 }
# }
# sticky.run(servers, "http3-ytproxy", "clearnet");
# }
} }
# upstream materialious {
# server 127.0.0.1:10013;
# }
#
# upstream materialious-tor {
# server 127.0.0.1:10070;
# }
#
# upstream syncious {
# server 127.0.0.1:10014;
# }
#
# upstream peerjs {
# server 127.0.0.1:10015;
# }
upstream rimgo { upstream rimgo {
keepalive 128; keepalive 128;
server 127.0.0.1:10001; server 127.0.0.1:10001;
@ -198,26 +103,4 @@ upstream forgejo {
server unix:/run/forgejo/forgejo.sock backup; server unix:/run/forgejo/forgejo.sock backup;
} }
# DEVELOPMENT include configs/debug-upstreams.conf;
upstream inv-debug {
server 127.0.0.1:10060;
server 127.0.0.1:10070;
server 127.0.0.1:10080;
server 127.0.0.1:20100;
balancer_by_lua_block {
local sticky = require "stickydebug"
local servers = {
{ "127.0.0.1", 10060, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 10070, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 10080, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 20100, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 20200, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
sticky.run(servers, "invidious-debug", "clearnet");
}
}
upstream http3-ytproxy-debug {
server 127.0.0.1:10078;
server 127.0.0.1:10080;
}

1
lua/502-invidious.lua
View file

@ -1,6 +1,5 @@
ngx.header.content_type = 'text/html'; ngx.header.content_type = 'text/html';
local backend_num = ngx.shared.servers:get("inv-backends"); local backend_num = ngx.shared.servers:get("inv-backends");
-- local backend_num = 4;
local function generate_backend_list() local function generate_backend_list()
local html = "" local html = ""

11
lua/invidious-balancer.lua Normal file
View file

@ -0,0 +1,11 @@
local sticky = require "invidious-sticky"
local servers = {
{ "127.0.0.1", 11101, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11102, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11103, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11104, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
{ "127.0.0.1", 11105, weight = 1, max_fails = 3, fail_timeout = 30, fail_count = 0, last_fail_time = 0 },
}
local s = ngx.shared.servers
s:set("inv-backends", #servers)
sticky.run(servers, "invidious", "clearnet");

78
lua/invidious-sticky.lua
View file

@ -8,6 +8,12 @@ local servers
local weighted_servers local weighted_servers
local domain local domain
local function set_headers()
-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#partitioned
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
end
-- Generate a weighted server list based on weights -- Generate a weighted server list based on weights
local function generate_weighted_server_list(servers) local function generate_weighted_server_list(servers)
local weighted_servers = {} local weighted_servers = {}
@ -19,34 +25,48 @@ local function generate_weighted_server_list(servers)
return weighted_servers return weighted_servers
end end
-- Hash function to select server
local function hash(key, num_buckets)
local hash = ngx.crc32_long(key)
return (hash % num_buckets) + 1
end
-- Select server based on cookie or assign a new one -- Select server based on cookie or assign a new one
local function select_server() local function select_server()
local cookie = ngx.var["cookie_" .. cookie_name] local cookie = ngx.var["cookie_" .. cookie_name]
local server_index local server_index
math.randomseed(os.time()) math.randomseed(os.time())
if cookie then if cookie then
server_index = tonumber(cookie) server_index = tonumber(cookie)
ngx.header["X-Server-Id"] = server_index ngx.header["X-Server-Id"] = server_index
else else
server_index = math.random(#servers) server_index = math.random(#servers)
-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#partitioned set_headers()
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
end end
local server = weighted_servers[server_index] local server = weighted_servers[server_index]
return server return server
end end
local function check_args(args)
for key, server_index in pairs(args) do
if key == "backend" then
server_index = tonumber(server_index)
-- To redirect to another backend if user inputs a backend that doesn't exists
-- Ex: ?backend=4 will give you X-Server-Id=1 (Backend 1)
local val = val % #servers
if val == -1 then
val = #servers
end
ok, err = balancer.set_current_peer(servers[val][0], servers[val][2])
if not ok then
return ngx.exit(501)
end
set_headers()
end
end
end
function _M.run(upstreams) function _M.run(upstreams)
domain = ".nadeko.net" domain = ".nadeko.net"
local host = ngx.req.get_headers()["Host"] local host = ngx.req.get_headers()["Host"]
@ -56,42 +76,27 @@ function _M.run(upstreams)
domain = host domain = host
end end
-- I2P Support
if string.match(host, ".i2p") then
domain = host
end
servers = upstreams servers = upstreams
weighted_servers = generate_weighted_server_list(servers) weighted_servers = generate_weighted_server_list(servers)
local ok, err local ok, err
local args = ngx.req.get_uri_args() local args = ngx.req.get_uri_args()
if args then if args then
for key, server_index in pairs(args) do check_args(args)
if key == "backend" then
server_index = tonumber(server_index)
-- To redirect to another backend if user inputs a backend that doesn't exists
-- Ex: ?backend=5 will give you X-Server-Id=1 (Backend 1)
val = val % #servers
if val == 0 then
val = #servers
end
ok, err = balancer.set_current_peer(servers[val][1], servers[val][2])
if not ok then
-- ngx.say("No peer available")
return ngx.exit(502)
end
ngx.header["Set-Cookie"] = cookie_name .. "=" .. server_index .. "; domain=" .. domain .. "; Path=/; HttpOnly; SameSite=None; Secure; Partitioned"
ngx.header["X-Server-Id"] = server_index
end
end
end end
local server = select_server() local server = select_server()
if not server then if not server then
-- ngx.say("No peer available") ngx.log(ngx.ERR, "Failed to set the current peer: ", err)
return ngx.exit(502) return ngx.exit(502)
end end
-- Unix socket support
if string.match(server[1], 'unix:') then if string.match(server[1], 'unix:') then
ok, err = balancer.set_current_peer(server[1]) ok, err = balancer.set_current_peer(server[1])
else else
@ -100,14 +105,13 @@ function _M.run(upstreams)
if not ok then if not ok then
ngx.log(ngx.ERR, "Failed to set the current peer: ", err) ngx.log(ngx.ERR, "Failed to set the current peer: ", err)
-- ngx.say("Failed to set the current peer")
return ngx.exit(500) return ngx.exit(500)
end end
-- https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#enable_keepalive -- https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#enable_keepalive
ok, err = balancer.enable_keepalive(60, 1000) ok, err = balancer.enable_keepalive(60, 1000)
if not ok then if not ok then
ngx.log(ngx.ERR, "failed to set keepalive: ", err) ngx.log(ngx.ERR, "Failed to set keepalive: ", err)
return return
end end
end end

0
lua/sticky-http3.lua → lua/unused/sticky-http3.lua
View file

47
nginx.conf
View file

@ -1,52 +1,34 @@
worker_processes auto; worker_processes auto;
worker_rlimit_nofile 65535; worker_rlimit_nofile 65535;
pid /run/openresty.pid; pid /run/openresty.pid;
error_log /var/log/nginx/error.log debug;
# include modules/*.conf;
#load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
#load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
#load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; # To add headers to any location without the nginx bullshit
#load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so; # for compressing responses on-the-fly
#load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so; # for serving pre-compressed files
#load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; # ngx_lua
#load_module /usr/lib/nginx/modules/ngx_http_lua_module.so
quic_bpf on;
events { events {
worker_connections 4096; worker_connections 4096;
multi_accept on; multi_accept on;
use epoll; use epoll;
} }
#resolver 127.0.0.1; quic_bpf on;
http { http {
map $server_addr $unix { map $server_addr $unix {
default 0; default 0;
"~unix:" 1; "~unix:" 1;
} }
include configs/cache.conf; include configs/cache.conf;
lua_package_path '/etc/openresty/lua/plugins/crowdsec/?.lua;/etc/openresty/lua/?.lua;/etc/openresty/lua/?/?.lua;;'; include configs/luaconfig.conf;
lua_package_cpath '/usr/lib/lua/5.1/?.so;;';
lua_shared_dict crowdsec_cache 128m;
lua_socket_pool_size 1024;
resolver 127.0.0.1 ipv6=off;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
init_by_lua_file "conf/lua/init.lua"; init_by_lua_file "conf/lua/init.lua";
include configs/crowdsec.conf; include configs/crowdsec.conf;
log_format limited '$remote_addr - $remote_user [$time_local] ' resolver 127.0.0.1 ipv6=off;
'"$request_method /bogus $server_protocol" $status $body_bytes_sent ' # For OCSP Stapling
'"-" "Bogus/66.6" - "$http_host"'; ssl_stapling on;
ssl_stapling_verify on;
access_log off; access_log off;
error_log /dev/null; error_log /dev/null;
#error_log /var/log/nginx/error.log debug;
# Basic Settings # Basic Settings
charset utf-8; charset utf-8;
@ -79,15 +61,15 @@ http {
client_body_buffer_size 32k; client_body_buffer_size 32k;
client_max_body_size 2m; client_max_body_size 2m;
# open_file_cache max=1024 inactive=10s; open_file_cache max=1024 inactive=10s;
# open_file_cache_valid 60s; open_file_cache_valid 60s;
# open_file_cache_min_uses 2; open_file_cache_min_uses 2;
# open_file_cache_errors on; open_file_cache_errors on;
# PERFORMANCE / ASYNC I/O # PERFORMANCE / ASYNC I/O
#aio threads=default; aio threads=default;
#aio_write on; aio_write on;
#directio 2m; directio 2m;
# QUIC settings # QUIC settings
# https://nginx.org/en/docs/http/ngx_http_v3_module.html # https://nginx.org/en/docs/http/ngx_http_v3_module.html
@ -95,7 +77,6 @@ http {
# Maps # Maps
include snippets/maps.conf; include snippets/maps.conf;
#include snippets/poop.conf;
include configs/general.conf; include configs/general.conf;
include configs/upstreams.conf; include configs/upstreams.conf;