update configuration :3

2025-03-31 15:50:32 -03:00 · 2025-03-31 15:50:32 -03:00 · 4edef5863b
commit 4edef5863b
parent 16bfd9de75
11 changed files with 138 additions and 44 deletions
--- a/configs/proxy.conf
+++ b/configs/proxy.conf
@ -19,6 +19,6 @@ proxy_set_header X-Forwarded-Port  $server_port;
 proxy_set_header Host $host;

 # Proxy timeouts
-#proxy_connect_timeout              60s;
-#proxy_send_timeout                 60s;
-#proxy_read_timeout                 60s;
+proxy_connect_timeout              30s;
+proxy_send_timeout                 60s;
+proxy_read_timeout                 60s;
--- a/configs/upstreams.conf
+++ b/configs/upstreams.conf
@ -5,11 +5,11 @@ upstream php-fpm-8.3 {
 lua_shared_dict servers 12k;
 upstream inv {
  server 127.0.0.1:11101;
-  server 127.0.0.1:11102;
-  server 127.0.0.1:11103;
-  server 127.0.0.1:11104;
-  server 127.0.0.1:11105;
-  balancer_by_lua_file "conf/lua/invidious-balancer.lua";
+  # server 127.0.0.1:11102;
+  # server 127.0.0.1:11103;
+  # server 127.0.0.1:11104;
+  # server 127.0.0.1:11105;
+  # balancer_by_lua_file "conf/lua/invidious-balancer.lua";
 }

 upstream invidious-1 {
@ -42,6 +42,16 @@ upstream inv-feed-receiver {
  server 127.0.0.1:20090;
 }

+upstream http3-ytproxy-backend1 {
+  keepalive 512;
+  server 127.0.0.1:10081;
+}
+
+upstream invidious-companion-backend1 {
+  keepalive 128;
+  server 127.0.0.1:10080;
+}
+
 upstream http3-ytproxy {
  keepalive 128;
  server unix:/tmp/http3-ytproxy.sock;
--- a/http.d/git.conf
+++ b/http.d/git.conf
@ -8,11 +8,11 @@ server {
  include configs/robots.conf;

  location / {
-    if ($blocked_agent = 1) {
-      return 200 "
-        1. The Industrial Revolution and its consequences have been a disaster for the human race. They have greatly increased the life-expectancy of those of us who live in “advanced” countries, but they have destabilized society, have made life unfulfilling, have subjected human beings to indignities, have led to widespread psychological suffering (in the Third World to physical suffering as well) and have inflicted severe damage on the natural world. The continued development of technology will worsen the situation. It will certainly subject human beings to greater indignities and inflict greater damage on the natural world, it will probably lead to greater social disruption and psychological suffering, and it may lead to increased physical suffering even in “advanced” countries.
-        ";
-    }
+    # if ($blocked_agent = 1) {
+    #   return 200 "
+    #     1. The Industrial Revolution and its consequences have been a disaster for the human race. They have greatly increased the life-expectancy of those of us who live in “advanced” countries, but they have destabilized society, have made life unfulfilling, have subjected human beings to indignities, have led to widespread psychological suffering (in the Third World to physical suffering as well) and have inflicted severe damage on the natural world. The continued development of technology will worsen the situation. It will certainly subject human beings to greater indignities and inflict greater damage on the natural world, it will probably lead to greater social disruption and psychological suffering, and it may lead to increased physical suffering even in “advanced” countries.
+    #     ";
+    # }
    proxy_pass http://forgejo;
    include configs/proxy.conf;
    client_max_body_size 1024M;
--- a/http.d/inv.conf
+++ b/http.d/inv.conf
@ -7,11 +7,11 @@ map $host $invidious_backend {
  inv5.nadeko.net   invidious-5;
 }

-map $invidious_backend $cache_case {
-  default           "";
-  inv               $cookie_INVIDIOUS_SERVER_ID;
-  invidious-*       $invidious_backend;
-}
+# map $invidious_backend $cache_case {
+#   default           "";
+#   inv               $cookie_INVIDIOUS_SERVER_ID;
+#   invidious-*       $invidious_backend;
+# }

 # CLEARNET TOR AND I2P
 # (Tor and I2P listens on 4080, defined on configs/listen.conf)
@ -23,23 +23,37 @@ server {
    inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion ~^inv([1-5])\.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd\.onion$;
  include configs/listen.conf;
  include configs/robotsNone.conf;
+  include configs/asn-ban.conf;
+  include configs/manual-ip-ban.conf;
  # MAINTENANCE MODE
  # include configs/maintenance-mode.conf;

  # The messed up invidious configuration
  include http.d/locations/inv.conf;

-  if ($http_user_agent = "") {
+  if ($blocked_agent = 1) {
+    return 403 "
+      Hi! You got blocked by network security!!!
+      Nah, just kidding, your IP range is blocked from
+      accessing this server/service.
+
+      If you think this is an error, contact me at:
+      https://nadeko.net/contact
+      ";
+  }
+
+  if ($ssl_cipher = "ECDHE-ECDSA-CHACHA20-POLY1305") {
    return 444;
  }
-  if ($request_method = OPTIONS) {
-    return 204;
-  }
+  #
+  # if ($http_user_agent = "") {
+  #   return 444;
+  # }

  error_page 502 /502.html;
  error_page 503 /503.html;

-  #rewrite_by_lua_file conf/lua/rewrite-invidious/init.lua;
+#rewrite_by_lua_file conf/lua/rewrite-invidious/init.lua;

  location = /503.html {
    content_by_lua_file conf/lua/503-invidious.lua;
@ -49,9 +63,9 @@ server {
    content_by_lua_file conf/lua/502-invidious.lua;
  }

-  location = /switchbackend {
-    content_by_lua_file conf/lua/switchbackend.lua;
-  }
+  # location = /switchbackend {
+  #   content_by_lua_file conf/lua/switchbackend.lua;
+  # }
 }

 # CLEARNET FEED
@ -62,18 +76,37 @@ server {
  include configs/listen.conf;
  include configs/robotsNone.conf;

-  # The messed up invidious configuration
+# The messed up invidious configuration
  include http.d/locations/inv-feed.conf;
 }

 # INVIDIOUS COMPANION
+server {
+  server_name inv-cl1-c.nadeko.net;
+  include configs/listen.conf;
+  include configs/robotsNone.conf;
+
+  location / {
+    proxy_pass http://invidious-companion-backend1;
+    include configs/proxy.conf;
+  }
+}
+
 server {
  server_name inv-cl1.nadeko.net;
  include configs/listen.conf;
  include configs/robotsNone.conf;

  location / {
-    proxy_pass http://127.0.0.1:10080;
+    limit_rate 4000k;
+    proxy_pass http://http3-ytproxy-backend1;
    include configs/proxy.conf;
+    sendfile_max_chunk 512k;
+    tcp_nopush on;
+    aio threads=default;
+    aio_write on;
+    directio 16m;
+    proxy_hide_header Cache-Control;
+    add_header Cache-Control private always;
  }
 }
--- a/http.d/locations/inv.conf
+++ b/http.d/locations/inv.conf
@ -7,16 +7,13 @@
 location @upstream {
  proxy_pass http://$invidious_backend;
  include configs/proxy.conf;
+  proxy_intercept_errors on;
  limit_rate 1000k;

  # To reduce the load in the main storage
  proxy_buffering off;
  proxy_request_buffering off;
  #proxy_cache off;
-
-  if ($request_method = OPTIONS) {
-    return 204;
-  }
 }

 location @http3-proxy {
@ -43,11 +40,12 @@ location /index.html {
 }

 location ~ (^/videoplayback) {
-  return 403 "
-    Videoplayback requests are not allowed in this endpoint.
-    Yes, this is an error. If you find it, please report it to
-    https://git.nadeko.net/Fijxu/invidious";
-  try_files $uri @http3-proxy;
+  # return 403 "
+  #   Videoplayback requests are not allowed in this endpoint.
+  #   Yes, this is an error. If you find it, please report it to
+  #   https://git.nadeko.net/Fijxu/invidious";
+  #try_files $uri @http3-proxy;
+  try_files $uri @upstream;
 }

 location / {
@ -59,8 +57,20 @@ location /search {
  limit_req zone=invidious-searchrl nodelay burst=3;
 }

-location /watch {
+location /watch_ajax {
  try_files $uri @upstream;
+}
+
+location /watch {
+  proxy_pass http://$invidious_backend;
+  include configs/proxy.conf;
+  limit_rate 1000k;
+
+  # To reduce the load in the main storage
+  proxy_buffering off;
+  proxy_request_buffering off;
+  # proxy_cache off;
+  # try_files $uri @upstream;
  limit_req zone=invidious-watchrl nodelay burst=3;
 }

--- a/http.d/matrix.conf
+++ b/http.d/matrix.conf
@ -38,6 +38,7 @@
 # }
 #
 server {
+  access_log /var/log/nginx/matrix.nadeko.net.access.log;
  server_name matrix.nadeko.net;
  include configs/listen.conf;
  include configs/general.conf;
@ -65,13 +66,25 @@ server {
  location ~ ^(/_matrix|/_synapse/client|/health|/_synapse/metrics|/_synapse/admin) {
    proxy_pass http://127.0.0.1:10022;
    include configs/proxy.conf;
-    client_max_body_size 32M;
+    client_max_body_size 64M;
  }

+  # location ~ ^(/_matrix/client|/matrix/federation|/_matrix/key/v2/query|/_synapse/client) {
+  #   proxy_pass http://127.0.0.1:10022;
+  #   include configs/proxy.conf;
+  #   client_max_body_size 64M;
+  # }
+  #
+  # location ~ ^(/_matrix/media|/_matrix/client/v1/media|/_matrix/federation/v1/media) {
+  #   proxy_pass http://127.0.0.1:10023;
+  #   include configs/proxy.conf;
+  #   client_max_body_size 64M;
+  # }
+
  location / {
-    proxy_pass http://127.0.0.1:10023;
+    proxy_pass http://127.0.0.1:10024;
    include configs/proxy.conf;
-    client_max_body_size 32M;
+    client_max_body_size 64M;
  }

  #listen 443 ssl reuseport;
--- a/http.d/pbin.conf
+++ b/http.d/pbin.conf
@ -7,6 +7,7 @@ server {
  include configs/general.conf;
  include configs/security.conf;
  include configs/robotsNone.conf;
+  include configs/asn-ban.conf;
  client_max_body_size 128M;

  location / {
--- a/http.d/redirector.conf
+++ b/http.d/redirector.conf
@ -0,0 +1,14 @@
+# https://stackoverflow.com/a/39563133
+server {
+    server_name ~^(?<name>\w+)\.zzls\.xyz$;
+    rewrite ^ https://$name.nadeko.net$request_uri? permanent;
+
+    listen 80;
+}
+
+# HTTPS Redirector
+server {
+    listen 80 default_server;
+    server_name _;
+    return 301 https://$host$request_uri;
+}
--- a/http.d/redlib.conf
+++ b/http.d/redlib.conf
@ -1,4 +1,5 @@
 server {
+  access_log /var/log/nginx/redlib.access.log;
  server_name
    redlib.nadeko.net
    redlib.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion;
@ -9,6 +10,11 @@ server {
  include configs/robotsNone.conf;

  location / {
+    # return 200 "
+    # Adding captcha, instance is being bombed with bots,
+    # with random IPs and random user agents.
+    # Why we can't have nice things anymore?
+    # ";
    if ($blocked_agent = 1) {
      return 200 "
        1. The Industrial Revolution and its consequences have been a disaster for the human race. They have greatly increased the life-expectancy of those of us who live in “advanced” countries, but they have destabilized society, have made life unfulfilling, have subjected human beings to indignities, have led to widespread psychological suffering (in the Third World to physical suffering as well) and have inflicted severe damage on the natural world. The continued development of technology will worsen the situation. It will certainly subject human beings to greater indignities and inflict greater damage on the natural world, it will probably lead to greater social disruption and psychological suffering, and it may lead to increased physical suffering even in “advanced” countries.
--- a/lua/503-invidious.lua
+++ b/lua/503-invidious.lua
@ -1,6 +1,5 @@
 ngx.header.content_type = 'text/html';
-- local backend_num = ngx.shared.servers:get("invidious-servers");
-local backend_num = 4;
+local backend_num = ngx.shared.servers:get("inv-backends");

 local function generate_backend_list()
  local html = ""
--- a/nginx.conf
+++ b/nginx.conf
@ -10,11 +10,19 @@ events {
 quic_bpf on;

 http {
+  map_hash_max_size 4096;
+  map_hash_bucket_size 128;
+
  map $server_addr $unix {
    default 0;
    "~unix:" 1;
  }

+
+  log_format detailed-debug '$remote_addr - $remote_user [$time_local] '
+    '"$request" $status $body_bytes_sent '
+    '"$http_referer" "$http_user_agent" "$ssl_cipher"';
+
  include configs/cache.conf;

  include configs/luaconfig.conf;