From 3645de32d2c7a1af9603092138d3b18a6b0156da Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sat, 22 Jul 2023 22:27:53 -0300 Subject: [PATCH 01/13] Made several improvements and changes to streamline install - unified the Nginx configuration into a single file - added SSL settings to Nginx - all hosts are configured using variables on the docker-compose file - changes on the main nginx.conf done by sed on a docker-entrypoint.d script - changes to the hardcoded URLs on the javascript done by a script in docker-entrypoint.d - nginx now exposes port 80 and 443, dispensing wit yet another proxy --- .gitignore | 2 - README.md | 6 +- {template => config}/config.properties | 16 ++-- config/piped.conf.template | 73 +++++++++++++++++++ config/piped.crt | 24 ++++++ config/piped.key | 28 +++++++ {template => config}/pipedapi.conf | 0 config/ssl.conf | 12 +++ {template => config}/ytproxy.conf | 21 +++--- ...er-compose.caddy.yml => docker-compose.yml | 55 +++++++------- entrypoint.d/host_replace.envsh | 4 + template/Caddyfile | 47 ------------ template/docker-compose.nginx.yml | 66 ----------------- template/nginx.conf | 33 --------- template/pipedfrontend.conf | 12 --- template/pipedproxy.conf | 14 ---- 16 files changed, 194 insertions(+), 219 deletions(-) rename {template => config}/config.properties (70%) create mode 100644 config/piped.conf.template create mode 100644 config/piped.crt create mode 100644 config/piped.key rename {template => config}/pipedapi.conf (100%) create mode 100644 config/ssl.conf rename {template => config}/ytproxy.conf (88%) rename template/docker-compose.caddy.yml => docker-compose.yml (56%) create mode 100755 entrypoint.d/host_replace.envsh delete mode 100644 template/Caddyfile delete mode 100644 template/docker-compose.nginx.yml delete mode 100644 template/nginx.conf delete mode 100644 template/pipedfrontend.conf delete mode 100644 template/pipedproxy.conf diff --git a/.gitignore b/.gitignore index f169fd9..8fce603 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ -config/ data/ -/docker-compose.yml diff --git a/README.md b/README.md index c5649a0..d70ef2c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ # Piped-Docker -See https://piped-docs.kavin.rocks/docs/self-hosting/#docker-compose-caddy-aio-script +### Creating Self-signed certificate + +https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs#generating-ssl-certificates + + diff --git a/template/config.properties b/config/config.properties similarity index 70% rename from template/config.properties rename to config/config.properties index ef1686f..776faee 100644 --- a/template/config.properties +++ b/config/config.properties @@ -4,8 +4,14 @@ PORT: 8080 # The number of workers to use for the server HTTP_WORKERS: 2 -# Proxy -PROXY_PART: https://PROXY_HOSTNAME +# Public Frontend URL - You should set this on the docker-compose file +# FRONTEND_URL: https://FRONTEND_HOSTNAME + +# Public API URL - You should set this on the docker-compose file +# API_URL: https://BACKEND_HOSTNAME + +# Proxy - You should set this on the docker-compose file +# PROXY_PART: https://PROXY_HOSTNAME # Outgoing HTTP Proxy - eg: 127.0.0.1:8118 #HTTP_PROXY: 127.0.0.1:8118 @@ -14,12 +20,6 @@ PROXY_PART: https://PROXY_HOSTNAME CAPTCHA_BASE_URL: https://api.capmonster.cloud/ CAPTCHA_API_KEY: INSERT_HERE -# Public API URL -API_URL: https://BACKEND_HOSTNAME - -# Public Frontend URL -FRONTEND_URL: https://FRONTEND_HOSTNAME - # Enable haveibeenpwned compromised password API COMPROMISED_PASSWORD_CHECK: true diff --git a/config/piped.conf.template b/config/piped.conf.template new file mode 100644 index 0000000..2eabcd4 --- /dev/null +++ b/config/piped.conf.template @@ -0,0 +1,73 @@ +server { + listen *:80; + listen [::]:80; + server_name ${FRONTEND_HOSTNAME} ${BACKEND_HOSTNAME} ${PROXY_HOSTNAME}; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header 'Referrer-Policy' 'no-referrer'; + # enforce https + + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + + listen *:443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${FRONTEND_HOSTNAME}; + + include snippets/ssl.conf; + + # Path to the root of your installation + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Connection "keep-alive"; + proxy_pass http://piped-frontend; + } +} + +proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off; + +server { + + listen *:443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${BACKEND_HOSTNAME}; + + include snippets/ssl.conf; + + # Path to the root of your installation + location / { + proxy_cache pipedapi; + proxy_pass http://piped-backend:8080; + proxy_http_version 1.1; + proxy_set_header Connection "keep-alive"; + } +} + +server { + listen *:443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${PROXY_HOSTNAME}; + + include snippets/ssl.conf; + + location ~ (/videoplayback|/api/v4/|/api/manifest/) { + include snippets/ytproxy.conf; + + add_header Cache-Control private always; + proxy_pass http://unix:/var/run/ytproxy/actix.sock; + } + + location / { + include snippets/ytproxy.conf; + + add_header Cache-Control "public, max-age=604800"; + proxy_pass http://unix:/var/run/ytproxy/actix.sock; + } +} diff --git a/config/piped.crt b/config/piped.crt new file mode 100644 index 0000000..7bebc3e --- /dev/null +++ b/config/piped.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/zCCAuegAwIBAgIUdqkJshly/62rDQeqUUqyQiU5yJ8wDQYJKoZIhvcNAQEL +BQAwgY4xCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTUDESMBAGA1UEBwwJU2FvIFBh +dWxvMRAwDgYDVQQKDAdleGFtcGxlMRQwEgYDVQQLDAtkZXZlbG9wbWVudDEWMBQG +A1UEAwwNKi5leGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPbWFpbC5leG1wbGUu +Y29tMB4XDTIzMDcyMjIxMzkzMloXDTI0MDcyMTIxMzkzMlowgY4xCzAJBgNVBAYT +AkJSMQswCQYDVQQIDAJTUDESMBAGA1UEBwwJU2FvIFBhdWxvMRAwDgYDVQQKDAdl +eGFtcGxlMRQwEgYDVQQLDAtkZXZlbG9wbWVudDEWMBQGA1UEAwwNKi5leGFtcGxl +LmNvbTEeMBwGCSqGSIb3DQEJARYPbWFpbC5leG1wbGUuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q4tR+qHr5wNuFvp18+B5rLSrZWrqb/9zZaE +65mTk70J7Wfa5kt+8wf7N7590ecazXcbuCnFmCBIMZGdZNE02C/0AQvgKKCmORhj +XDRlWupilguS6dMXhffgisZ/Dent9cQjZIFkOJ0ZNILbarPkQBvhdkFrn302Nujc +uF4cYrHvUa3WmtoUZspWqPKkl0AluOPTYm2QLGdT1M+nmr8AZs7JplYrBzT65fy/ +Nvtl+VxVcGqRrTVDmsWJIO8Gx/NW/7wfK6GQxWYeUotXNZmBrr5jOB0YttMQrgUn +QydSpK6qrVWEBr8IaR+jS+eXJmWrEi0QBn6npwvx0+g+Jt5jWQIDAQABo1MwUTAd +BgNVHQ4EFgQU7+AGX4fm74vjDt4+9nyB0ElAIkgwHwYDVR0jBBgwFoAU7+AGX4fm +74vjDt4+9nyB0ElAIkgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAI4k5IYFkqMvmw1Nd53umzhSIayT+T54VHBz59ty5OR0m+6FpoZaon5+FnWlq +5otCrOjGG6jzhku+PMsaU8iBcgfAJpZASicuCFXBcc6yAGveTvnHFAwlhEoI5oI/ +95tkh1hMy3hDZmMvYCOGnvS7vVY2JqPCFvgfRaMAaoe8gnlPOTx97fnnn/8+Aazi +puny/PYud3vaIfCzLWA/8Zo+r47sRlLkQQ9hrgcjrRW7oT+PHmY/31SWP+mFxwF7 +v6FVArSABFRObkhgiFL3APKLnx34hWEA/8TpRryuYQdz7BYkUzJHpxzzn91KeLdm +492KHQ71tVy6zV5iB1aev8nVYw== +-----END CERTIFICATE----- diff --git a/config/piped.key b/config/piped.key new file mode 100644 index 0000000..b872708 --- /dev/null +++ b/config/piped.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDVDi1H6oevnA24 +W+nXz4HmstKtlaupv/3NloTrmZOTvQntZ9rmS37zB/s3vn3R5xrNdxu4KcWYIEgx +kZ1k0TTYL/QBC+AooKY5GGNcNGVa6mKWC5Lp0xeF9+CKxn8N6e31xCNkgWQ4nRk0 +gttqs+RAG+F2QWuffTY26Ny4Xhxise9Rrdaa2hRmylao8qSXQCW449NibZAsZ1PU +z6eavwBmzsmmVisHNPrl/L82+2X5XFVwapGtNUOaxYkg7wbH81b/vB8roZDFZh5S +i1c1mYGuvmM4HRi20xCuBSdDJ1KkrqqtVYQGvwhpH6NL55cmZasSLRAGfqenC/HT +6D4m3mNZAgMBAAECggEAGaZVST0xDLFK7ZETPAodZ3rL5l4Ihq04jxG5+utIWxb9 +JPnF3sfkBrpFQlbKqwSZs3bNfYR553CrgFw5iLOvGv/a7m1RlVKR8HnBLI6aTTG+ +oLXQABqL0HMhM1PmY/Rv05DDegwh1rcDG9FNPTFfH2C76hLCNDdM2Zt7Ry79V9w/ +rfZPGJgQS1ji7whLEGmv+z8JFOpw4rxtgvMUG+M73v5bS9j6VWZ0FLMKoXChvQka +gTP4UtjW2sHPBHVPFVhba0UPzLPY87uvY2esvIqC11NhPLs0oXBv9EnlgDzi4/gF +zwY4TpByBJ+2LOEU3QC0ezW4wz3M/p5NQjDMu9I3IQKBgQD/2nUVynNccMlW7STH +zTihukg9paweCrElncSwluwf0jf3/0EizDbfCPRMBM5la5J8+mYEH/Lxa+XjpVhn +CSnfDCRa68iwr+1wyn6YA0hvTHARbSVw74P3UnUafVAdhDlF9WGqQ6HUnMDHArSD +u/x6q4J3daGegXn8EdLWUlB/JQKBgQDVLXCGtMjOkAUT+42uTavf+0PnogkX5KuY +VYXmwrF3MCDmefkfYnyJK2Luecag+nSoK9Sc553DkCAoGiyreDPNXKNIYLGxDPMo +d4hcrt6Ol9W7PTpzQoE3Lz8Bm2N3zuyblV0xRsGOOTQirMSz052CTD+nhlUkxvrl +EJnzVBoHJQKBgAMRianzPaL0L1X9jh1fVriJ1Wf33rKVij5bQAqmJLrU+Jre0tcp +/9Z48wUeYaNRwPYCwsp136IJmz45s2+46mmkaaM1hLipw31A0HfeQjYjgoyS9IoA +NWL3+DOTISzZcx5lrQAvw3cbUiyQ2b1iucp22B+6p2+ROfdN92tenVyJAoGANAqO +wOPbbcns427yrI2bmuddMWv2KlYRqfOe57G53y3pqjo2nfnOCzKDSVKDMgNSfUeN +9Ov6MKa7ou6Y3xdOFiE6X03zsxRFPCjKKk4qWMcqTzZoUYD3yIAJMpw7kSD71BOH +l6L9V3oRhzGEJ55OgmOY2o3JtVu6HjeKTcPHQt0CgYEAtpjb6sajZhM1sDlT2N/R +V9t+k+N9dRDy8acpGRxm5HGhqJMev6PTowGqCxex+F/meDioCoybNYa7JPAwwDvt +XzqUrgCIceQ2TLGETQLDgfu325aJo/WRQZrnrN0XY0Gc4wnI/GXUmz2VcVALLYfb +jmPy4nc4xejo/H+MyUc8Ksw= +-----END PRIVATE KEY----- diff --git a/template/pipedapi.conf b/config/pipedapi.conf similarity index 100% rename from template/pipedapi.conf rename to config/pipedapi.conf diff --git a/config/ssl.conf b/config/ssl.conf new file mode 100644 index 0000000..ac28bdb --- /dev/null +++ b/config/ssl.conf @@ -0,0 +1,12 @@ +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + +ssl_certificate /etc/nginx/ssl/piped.crt; +ssl_certificate_key /etc/nginx/ssl/piped.key; + +add_header 'Referrer-Policy' 'no-referrer'; +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; +add_header X-Download-Options noopen; +add_header X-Permitted-Cross-Domain-Policies none; diff --git a/template/ytproxy.conf b/config/ytproxy.conf similarity index 88% rename from template/ytproxy.conf rename to config/ytproxy.conf index 4fd36f1..04aebf7 100644 --- a/template/ytproxy.conf +++ b/config/ytproxy.conf @@ -1,18 +1,17 @@ -proxy_buffering on; -proxy_buffers 1024 16k; -proxy_set_header X-Forwarded-For ""; -proxy_set_header CF-Connecting-IP ""; -proxy_hide_header "alt-svc"; -sendfile on; -sendfile_max_chunk 512k; -tcp_nopush on; +access_log off; aio threads=default; aio_write on; directio 16m; +proxy_buffering on; +proxy_buffers 1024 16k; +proxy_hide_header "alt-svc"; proxy_hide_header Cache-Control; proxy_hide_header etag; proxy_http_version 1.1; -proxy_set_header Connection keep-alive; proxy_max_temp_file_size 32m; -access_log off; -proxy_pass http://unix:/var/run/ytproxy/actix.sock; +proxy_set_header CF-Connecting-IP ""; +proxy_set_header Connection keep-alive; +proxy_set_header X-Forwarded-For ""; +sendfile on; +sendfile_max_chunk 512k; +tcp_nopush on; diff --git a/template/docker-compose.caddy.yml b/docker-compose.yml similarity index 56% rename from template/docker-compose.caddy.yml rename to docker-compose.yml index ebb6637..4eec12c 100644 --- a/template/docker-compose.caddy.yml +++ b/docker-compose.yml @@ -1,50 +1,58 @@ version: "3" services: - pipedfrontend: + piped-frontend: image: 1337kavin/piped-frontend:latest + container_name: piped-frontend restart: unless-stopped depends_on: - - piped - container_name: piped-frontend - entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' + - piped-backend + environment: + - BACKEND_HOSTNAME=backend-host.example.com + volumes: + - ./entrypoint.d/host_replace.envsh:/docker-entrypoint.d/99-host_replace.envsh piped-proxy: image: 1337kavin/piped-proxy:latest + container_name: piped-proxy restart: unless-stopped environment: - UDS=1 volumes: - - piped-proxy:/app/socket - container_name: piped-proxy - piped: + - piped-proxy:/app/socket:z + piped-backend: image: 1337kavin/piped:latest + container_name: piped-backend restart: unless-stopped + environment: + - FRONTEND_URL=https://frontend-host.example.com + - API_URL=https://backend-host.example.com + - PROXY_PART=https://proxy-host.example.com volumes: - ./config/config.properties:/app/config.properties:ro depends_on: - postgres - container_name: piped-backend nginx: image: nginx:mainline-alpine - restart: unless-stopped - volumes: - - ./config/nginx.conf:/etc/nginx/nginx.conf:ro - - ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro container_name: nginx - depends_on: - - piped - caddy: - image: caddy:2-alpine restart: unless-stopped ports: - "80:80" - "443:443" - - "443:443/udp" + environment: + - FRONTEND_HOSTNAME=frontend-host.example.com + - BACKEND_HOSTNAME=backend-host.example.com + - PROXY_HOSTNAME=proxy-host.example.com volumes: - - ./config/Caddyfile:/etc/caddy/Caddyfile:ro - - caddy_data:/data - - piped-proxy:/var/run/ytproxy - container_name: caddy + - ./config/piped.conf.template:/etc/nginx/templates/piped.conf.template:ro + - ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro + - ./config/ssl.conf:/etc/nginx/snippets/ssl.conf + - ./config/piped.key:/etc/nginx/ssl/piped.key + - ./config/piped.crt:/etc/nginx/ssl/piped.crt + - piped-proxy:/var/run/ytproxy:z + depends_on: + - piped-backend + - piped-proxy + - piped-frontend postgres: image: postgres:15 restart: unless-stopped @@ -54,7 +62,6 @@ services: - POSTGRES_DB=piped - POSTGRES_USER=piped - POSTGRES_PASSWORD=changeme - container_name: postgres watchtower: image: containrrr/watchtower restart: always @@ -64,8 +71,6 @@ services: environment: - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_RESTARTING=true - container_name: watchtower - command: piped-frontend piped-backend piped-proxy nginx caddy postgres watchtower + command: piped-frontend piped-backend piped-proxy nginx postgres watchtower volumes: - caddy_data: null piped-proxy: null diff --git a/entrypoint.d/host_replace.envsh b/entrypoint.d/host_replace.envsh new file mode 100755 index 0000000..a22090c --- /dev/null +++ b/entrypoint.d/host_replace.envsh @@ -0,0 +1,4 @@ +#!/bin/sh + +sed -i 's/pipedapi.kavin.rocks/'$BACKEND_HOSTNAME'/g' /usr/share/nginx/html/assets/* +sed -i '/user/s/nginx/root' /etc/nginx/nginx.conf diff --git a/template/Caddyfile b/template/Caddyfile deleted file mode 100644 index b4c1ee1..0000000 --- a/template/Caddyfile +++ /dev/null @@ -1,47 +0,0 @@ -(global) { - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # keep referrer data off - Referrer-Policy no-referrer - - # prevent for appearing in search engine for private instances (option) - #X-Robots-Tag noindex - } -} - -FRONTEND_HOSTNAME { - reverse_proxy pipedfrontend:80 - import global -} - -BACKEND_HOSTNAME { - reverse_proxy nginx:80 - import global -} - -PROXY_HOSTNAME { - @ytproxy path /videoplayback* /api/v4/* /api/manifest/* - import global - - route { - header @ytproxy { - Cache-Control private always - } - - header / { - Cache-Control "public, max-age=604800" - } - - reverse_proxy unix//var/run/ytproxy/actix.sock { - header_up -CF-Connecting-IP - header_up -X-Forwarded-For - header_down -etag - header_down -alt-svc - } - } -} diff --git a/template/docker-compose.nginx.yml b/template/docker-compose.nginx.yml deleted file mode 100644 index a4be66b..0000000 --- a/template/docker-compose.nginx.yml +++ /dev/null @@ -1,66 +0,0 @@ -version: "3" - -services: - pipedfrontend: - image: 1337kavin/piped-frontend:latest - restart: unless-stopped - depends_on: - - piped - container_name: piped-frontend - entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/BACKEND_HOSTNAME/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' - piped-proxy: - image: 1337kavin/piped-proxy:latest - restart: unless-stopped - environment: - - UDS=1 - volumes: - - piped-proxy:/app/socket - container_name: piped-proxy - piped: - image: 1337kavin/piped:latest - restart: unless-stopped - volumes: - - ./config/config.properties:/app/config.properties:ro - depends_on: - - postgres - container_name: piped-backend - nginx: - image: nginx:mainline-alpine - restart: unless-stopped - ports: - - "8080:80" - volumes: - - ./config/nginx.conf:/etc/nginx/nginx.conf:ro - - ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro - - ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro - - ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro - - ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro - - piped-proxy:/var/run/ytproxy - container_name: nginx - depends_on: - - piped - - piped-proxy - - pipedfrontend - postgres: - image: postgres:15 - restart: unless-stopped - volumes: - - ./data/db:/var/lib/postgresql/data - environment: - - POSTGRES_DB=piped - - POSTGRES_USER=piped - - POSTGRES_PASSWORD=changeme - container_name: postgres - watchtower: - image: containrrr/watchtower - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /etc/timezone:/etc/timezone:ro - environment: - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_INCLUDE_RESTARTING=true - container_name: watchtower - command: piped-frontend piped-backend piped-proxy varnish nginx postgres watchtower -volumes: - piped-proxy: null diff --git a/template/nginx.conf b/template/nginx.conf deleted file mode 100644 index 2ba7091..0000000 --- a/template/nginx.conf +++ /dev/null @@ -1,33 +0,0 @@ -user root; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server_names_hash_bucket_size 128; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nodelay on; - - keepalive_timeout 65; - - resolver 127.0.0.11 ipv6=off valid=10s; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/template/pipedfrontend.conf b/template/pipedfrontend.conf deleted file mode 100644 index 50c7da2..0000000 --- a/template/pipedfrontend.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 80; - server_name FRONTEND_HOSTNAME; - - set $backend "http://pipedfrontend:80"; - - location / { - proxy_pass $backend; - proxy_http_version 1.1; - proxy_set_header Connection "keep-alive"; - } -} diff --git a/template/pipedproxy.conf b/template/pipedproxy.conf deleted file mode 100644 index 4b04294..0000000 --- a/template/pipedproxy.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 80; - server_name PROXY_HOSTNAME; - - location ~ (/videoplayback|/api/v4/|/api/manifest/) { - include snippets/ytproxy.conf; - add_header Cache-Control private always; - } - - location / { - include snippets/ytproxy.conf; - add_header Cache-Control "public, max-age=604800"; - } -} From 470524322fd02c56d016b5a35ab1bf530ea28517 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sat, 22 Jul 2023 23:49:55 -0300 Subject: [PATCH 02/13] missing closing / on sed --- entrypoint.d/host_replace.envsh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.d/host_replace.envsh b/entrypoint.d/host_replace.envsh index a22090c..8bcc01a 100755 --- a/entrypoint.d/host_replace.envsh +++ b/entrypoint.d/host_replace.envsh @@ -1,4 +1,4 @@ #!/bin/sh sed -i 's/pipedapi.kavin.rocks/'$BACKEND_HOSTNAME'/g' /usr/share/nginx/html/assets/* -sed -i '/user/s/nginx/root' /etc/nginx/nginx.conf +sed -i '/user/s/nginx/root/' /etc/nginx/nginx.conf From e165dd0805bade87a9f7ed40feea71866ee5b183 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 00:20:00 -0300 Subject: [PATCH 03/13] Added script with config fix to nginx container --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 4eec12c..bfb8234 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -49,6 +49,7 @@ services: - ./config/piped.key:/etc/nginx/ssl/piped.key - ./config/piped.crt:/etc/nginx/ssl/piped.crt - piped-proxy:/var/run/ytproxy:z + - ./entrypoint.d/host_replace.envsh:/docker-entrypoint.d/99-host_replace.envsh depends_on: - piped-backend - piped-proxy From 8e0413b1265f8c536b4b7c9993982d890aa557ca Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 00:23:45 -0300 Subject: [PATCH 04/13] Added If statements to entrypoint script --- entrypoint.d/host_replace.envsh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/entrypoint.d/host_replace.envsh b/entrypoint.d/host_replace.envsh index 8bcc01a..645b82f 100755 --- a/entrypoint.d/host_replace.envsh +++ b/entrypoint.d/host_replace.envsh @@ -1,4 +1,9 @@ #!/bin/sh -sed -i 's/pipedapi.kavin.rocks/'$BACKEND_HOSTNAME'/g' /usr/share/nginx/html/assets/* -sed -i '/user/s/nginx/root/' /etc/nginx/nginx.conf +if [ -d "/usr/share/nginx/html/assets" ]; then + sed -i 's/pipedapi.kavin.rocks/'$BACKEND_HOSTNAME'/g' /usr/share/nginx/html/assets/* +fi + +if [ -f "/etc/nginx/nginx.conf" ] ; then + sed -i '/user/s/nginx/root/' /etc/nginx/nginx.conf +fi From be894a4e8f4bd1896297606b0461f595874af579 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 11:55:06 -0300 Subject: [PATCH 05/13] Improved variable handling with a .env file --- configuration.env | 46 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 12 ++++++------ 2 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 configuration.env diff --git a/configuration.env b/configuration.env new file mode 100644 index 0000000..6b3e415 --- /dev/null +++ b/configuration.env @@ -0,0 +1,46 @@ +########################### +# Hostname settings # +########################### + +BACKEND_HOSTNAME=backend-host.example.com +FRONTEND_HOSTNAME=frontend-host.example.com +PROXY_HOSTNAME=proxy-host.example.com + +########################### +# API container settings # +########################### + +# Port the server will listen on. +PORT=8080 + +# The number of workers to use for the server +HTTP_WORKERS=2 + +# URLs for the services. These need to be configured +# on your DNS service +FRONTEND_URL=https://frontend-host.example.com +API_URL=https://backend-host.example.com +PROXY_PART=https://proxy-host.example.com + +# Outgoing HTTP Proxy - eg: 127.0.0.1:8118 +#HTTP_PROXY=127.0.0.1:8118 + +# Captcha Parameters +CAPTCHA_BASE_URL=https://api.capmonster.cloud/ +CAPTCHA_API_KEY=INSERT_HERE + +# Enable haveibeenpwned compromised password API +COMPROMISED_PASSWORD_CHECK=true + +# Disable Registration +DISABLE_REGISTRATION=false + +# Feed Retention Time in Days +FEED_RETENTION=30 + +# Database settings +hibernate.connection.url="jdbc:postgresql://postgres:5432/piped" +hibernate.connection.driver_class="org.postgresql.Driver" +hibernate.dialect="org.hibernate.dialect.PostgreSQLDialect" +hibernate.connection.username="piped" +hibernate.connection.password="changeme" diff --git a/docker-compose.yml b/docker-compose.yml index bfb8234..be87ddb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,8 +7,8 @@ services: restart: unless-stopped depends_on: - piped-backend - environment: - - BACKEND_HOSTNAME=backend-host.example.com + env_file: + - configuration.env volumes: - ./entrypoint.d/host_replace.envsh:/docker-entrypoint.d/99-host_replace.envsh piped-proxy: @@ -23,10 +23,8 @@ services: image: 1337kavin/piped:latest container_name: piped-backend restart: unless-stopped - environment: - - FRONTEND_URL=https://frontend-host.example.com - - API_URL=https://backend-host.example.com - - PROXY_PART=https://proxy-host.example.com + env_file: + - configuration.env volumes: - ./config/config.properties:/app/config.properties:ro depends_on: @@ -60,6 +58,8 @@ services: volumes: - ./data/db:/var/lib/postgresql/data environment: + # Database settings. Make sure to adjust these values + # on the configuration.env file too. - POSTGRES_DB=piped - POSTGRES_USER=piped - POSTGRES_PASSWORD=changeme From 9585a063fd2027140987a7356a3a1bc06d51a317 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 12:01:52 -0300 Subject: [PATCH 06/13] All environment settings moved to file --- configuration.env | 7 +++++++ docker-compose.yml | 15 ++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/configuration.env b/configuration.env index 6b3e415..da3266a 100644 --- a/configuration.env +++ b/configuration.env @@ -44,3 +44,10 @@ hibernate.connection.driver_class="org.postgresql.Driver" hibernate.dialect="org.hibernate.dialect.PostgreSQLDialect" hibernate.connection.username="piped" hibernate.connection.password="changeme" + +########################### +# Watchtower settings # +########################### + +WATCHTOWER_CLEANUP=true +WATCHTOWER_INCLUDE_RESTARTING=true diff --git a/docker-compose.yml b/docker-compose.yml index be87ddb..40c1ba7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,8 +25,8 @@ services: restart: unless-stopped env_file: - configuration.env - volumes: - - ./config/config.properties:/app/config.properties:ro +# volumes: +# - ./config/config.properties:/app/config.properties:ro depends_on: - postgres nginx: @@ -36,10 +36,8 @@ services: ports: - "80:80" - "443:443" - environment: - - FRONTEND_HOSTNAME=frontend-host.example.com - - BACKEND_HOSTNAME=backend-host.example.com - - PROXY_HOSTNAME=proxy-host.example.com + env_file: + - configuration.env volumes: - ./config/piped.conf.template:/etc/nginx/templates/piped.conf.template:ro - ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro @@ -69,9 +67,8 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/timezone:/etc/timezone:ro - environment: - - WATCHTOWER_CLEANUP=true - - WATCHTOWER_INCLUDE_RESTARTING=true + env_file: + - configuration.env command: piped-frontend piped-backend piped-proxy nginx postgres watchtower volumes: piped-proxy: null From fa32dfa43d91e599bf4ac829b7de423dcba3e20c Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 12:39:53 -0300 Subject: [PATCH 07/13] Using a script to set up the database properties file this will allow us to use a consistend environment file to set up everything --- docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 40c1ba7..50d3ce6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,8 +25,9 @@ services: restart: unless-stopped env_file: - configuration.env -# volumes: -# - ./config/config.properties:/app/config.properties:ro + volumes: + - ./entrypoint.d/backend-startup.sh:/app/backend-startup.sh:ro + command: /bin/sh /app/backend-startup.sh depends_on: - postgres nginx: From 2aff2aa49b51e4f95f0ef94754efcc37a2df9203 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 12:42:37 -0300 Subject: [PATCH 08/13] Replaced DB variables with env file --- configuration.env | 13 +++++++------ docker-compose.yml | 8 ++------ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/configuration.env b/configuration.env index da3266a..3edbc7a 100644 --- a/configuration.env +++ b/configuration.env @@ -38,12 +38,13 @@ DISABLE_REGISTRATION=false # Feed Retention Time in Days FEED_RETENTION=30 -# Database settings -hibernate.connection.url="jdbc:postgresql://postgres:5432/piped" -hibernate.connection.driver_class="org.postgresql.Driver" -hibernate.dialect="org.hibernate.dialect.PostgreSQLDialect" -hibernate.connection.username="piped" -hibernate.connection.password="changeme" +########################### +# database settings # +########################### + +POSTGRES_DB=piped +POSTGRES_USER=piped +POSTGRES_PASSWORD=changeme ########################### # Watchtower settings # diff --git a/docker-compose.yml b/docker-compose.yml index 50d3ce6..21c2097 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,14 +54,10 @@ services: postgres: image: postgres:15 restart: unless-stopped + env_file: + - configuration.env volumes: - ./data/db:/var/lib/postgresql/data - environment: - # Database settings. Make sure to adjust these values - # on the configuration.env file too. - - POSTGRES_DB=piped - - POSTGRES_USER=piped - - POSTGRES_PASSWORD=changeme watchtower: image: containrrr/watchtower restart: always From c8ef39e3cbdac36c118b34163a679c49f4e9f7a3 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 12:44:00 -0300 Subject: [PATCH 09/13] Added the script that set the database before starting the backend --- entrypoint.d/backend-startup.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100755 entrypoint.d/backend-startup.sh diff --git a/entrypoint.d/backend-startup.sh b/entrypoint.d/backend-startup.sh new file mode 100755 index 0000000..267ef06 --- /dev/null +++ b/entrypoint.d/backend-startup.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "hibernate.connection.url: jdbc:postgresql://${POSTGRES_DB}:5432/piped" > /app/config.properties +echo "hibernate.connection.username: ${POSTGRES_USER}" >> /app/config.properties +echo "hibernate.connection.password: ${POSTGRES_PASSWORD}" >> /app/config.properties +echo "hibernate.connection.driver_class: org.postgresql.Driver" >> /app/config.properties +echo "hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect" >> /app/config.properties + +exec java -server -Xmx1G -XX:+UnlockExperimentalVMOptions -XX:+OptimizeStringConcat -XX:+UseStringDeduplication -XX:+UseCompressedOops -XX:+UseNUMA -XX:+UseG1GC -Xshare:on -jar /app/piped.jar From 5cdf13e1bce84ae17197440055817519678e90e9 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 12:47:13 -0300 Subject: [PATCH 10/13] Fixed the variable for the database host --- configuration.env | 1 + entrypoint.d/backend-startup.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/configuration.env b/configuration.env index 3edbc7a..01a2919 100644 --- a/configuration.env +++ b/configuration.env @@ -43,6 +43,7 @@ FEED_RETENTION=30 ########################### POSTGRES_DB=piped +POSTGRES_HOST=postgres POSTGRES_USER=piped POSTGRES_PASSWORD=changeme diff --git a/entrypoint.d/backend-startup.sh b/entrypoint.d/backend-startup.sh index 267ef06..eb3a850 100755 --- a/entrypoint.d/backend-startup.sh +++ b/entrypoint.d/backend-startup.sh @@ -1,6 +1,6 @@ #!/bin/sh -echo "hibernate.connection.url: jdbc:postgresql://${POSTGRES_DB}:5432/piped" > /app/config.properties +echo "hibernate.connection.url: jdbc:postgresql://${POSTGRES_HOST}:5432/piped" > /app/config.properties echo "hibernate.connection.username: ${POSTGRES_USER}" >> /app/config.properties echo "hibernate.connection.password: ${POSTGRES_PASSWORD}" >> /app/config.properties echo "hibernate.connection.driver_class: org.postgresql.Driver" >> /app/config.properties From b94d0c1bba205af6a093be3d809f2a9b608e50c9 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 13:30:20 -0300 Subject: [PATCH 11/13] Disabled IPv6 in Nginx config --- config/piped.conf.template | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/piped.conf.template b/config/piped.conf.template index 2eabcd4..9507f54 100644 --- a/config/piped.conf.template +++ b/config/piped.conf.template @@ -1,6 +1,6 @@ server { listen *:80; - listen [::]:80; +# listen [::]:80; server_name ${FRONTEND_HOSTNAME} ${BACKEND_HOSTNAME} ${PROXY_HOSTNAME}; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header 'Referrer-Policy' 'no-referrer'; @@ -14,7 +14,7 @@ server { server { listen *:443 ssl http2; - listen [::]:443 ssl http2; +# listen [::]:443 ssl http2; server_name ${FRONTEND_HOSTNAME}; @@ -34,7 +34,7 @@ proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2 server { listen *:443 ssl http2; - listen [::]:443 ssl http2; +# listen [::]:443 ssl http2; server_name ${BACKEND_HOSTNAME}; @@ -51,7 +51,7 @@ server { server { listen *:443 ssl http2; - listen [::]:443 ssl http2; +# listen [::]:443 ssl http2; server_name ${PROXY_HOSTNAME}; From 718981b2ca28714b48a56e8024d62166ca4cf768 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 17:38:54 -0300 Subject: [PATCH 12/13] Started the documentation --- README.md | 10 ++++++++++ config/config.properties | 37 ------------------------------------- configuration.env | 2 +- configure-instance.sh | 16 ---------------- 4 files changed, 11 insertions(+), 54 deletions(-) delete mode 100644 config/config.properties delete mode 100755 configure-instance.sh diff --git a/README.md b/README.md index d70ef2c..4b47498 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,15 @@ # Piped-Docker +### Requirements + +To Self-host Piped you're going to need the following resources: + +- Three DNS entries, one for each of the three modules: Frontend, Backend (API) and Youtube Proxy. +- An SSL certificate for HTTPS. An exemple is supplied, but you should create your own or get one from Let's Encrypt +- A container manager - Docker or Podman - with the corresponding \*-composer. + +For an instance serving only a private network, you most likely going to use a self-signed certificate, since Let's Encrypt needs access to the server on port 80 to validate that you actually owns it. + ### Creating Self-signed certificate https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs#generating-ssl-certificates diff --git a/config/config.properties b/config/config.properties deleted file mode 100644 index 776faee..0000000 --- a/config/config.properties +++ /dev/null @@ -1,37 +0,0 @@ -# The port to Listen on. -PORT: 8080 - -# The number of workers to use for the server -HTTP_WORKERS: 2 - -# Public Frontend URL - You should set this on the docker-compose file -# FRONTEND_URL: https://FRONTEND_HOSTNAME - -# Public API URL - You should set this on the docker-compose file -# API_URL: https://BACKEND_HOSTNAME - -# Proxy - You should set this on the docker-compose file -# PROXY_PART: https://PROXY_HOSTNAME - -# Outgoing HTTP Proxy - eg: 127.0.0.1:8118 -#HTTP_PROXY: 127.0.0.1:8118 - -# Captcha Parameters -CAPTCHA_BASE_URL: https://api.capmonster.cloud/ -CAPTCHA_API_KEY: INSERT_HERE - -# Enable haveibeenpwned compromised password API -COMPROMISED_PASSWORD_CHECK: true - -# Disable Registration -DISABLE_REGISTRATION: false - -# Feed Retention Time in Days -FEED_RETENTION: 30 - -# Hibernate properties -hibernate.connection.url: jdbc:postgresql://postgres:5432/piped -hibernate.connection.driver_class: org.postgresql.Driver -hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect -hibernate.connection.username: piped -hibernate.connection.password: changeme diff --git a/configuration.env b/configuration.env index 01a2919..96bfb38 100644 --- a/configuration.env +++ b/configuration.env @@ -10,7 +10,7 @@ PROXY_HOSTNAME=proxy-host.example.com # API container settings # ########################### -# Port the server will listen on. +# Port the API server will listen on. PORT=8080 # The number of workers to use for the server diff --git a/configure-instance.sh b/configure-instance.sh deleted file mode 100755 index 52e39d0..0000000 --- a/configure-instance.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -echo "Enter a hostname for the Frontend (eg: piped.kavin.rocks):" && read -r frontend -echo "Enter a hostname for the Backend (eg: pipedapi.kavin.rocks):" && read -r backend -echo "Enter a hostname for the Proxy (eg: pipedproxy.kavin.rocks):" && read -r proxy -echo "Enter the reverse proxy you would like to use (either caddy or nginx):" && read -r reverseproxy - -rm -rf config/ -rm -f docker-compose.yml - -cp -r template/ config/ - -sed -i "s/FRONTEND_HOSTNAME/$frontend/g" config/* -sed -i "s/BACKEND_HOSTNAME/$backend/g" config/* -sed -i "s/PROXY_HOSTNAME/$proxy/g" config/* - -mv config/docker-compose.$reverseproxy.yml docker-compose.yml From 03b347dfdaf5fa02fd7f9d1ec09d0836340019f0 Mon Sep 17 00:00:00 2001 From: Bento Silveira Date: Sun, 23 Jul 2023 19:56:18 -0300 Subject: [PATCH 13/13] Finished the Readme and a few tweaks Some adjustments on configuration and general comments --- README.md | 55 ++++++++++++++++++++++++++++++++- configuration.env | 10 +++++- docker-compose.yml | 12 ++++++- entrypoint.d/backend-startup.sh | 2 +- 4 files changed, 75 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4b47498..9ec27d1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Piped-Docker +## General notes + ### Requirements To Self-host Piped you're going to need the following resources: @@ -10,8 +12,59 @@ To Self-host Piped you're going to need the following resources: For an instance serving only a private network, you most likely going to use a self-signed certificate, since Let's Encrypt needs access to the server on port 80 to validate that you actually owns it. +### Note to selfhosters running Proxmox + +If you're going to selfhost Piped on an LXC container created by Proxmox, note that They're perfectly capable of running both Docker an Podman containers. This is called nesting, the act of running containers inside containers. + +There are one caveat, tho. It has to do with how services are started on LXC. Those containers normaly don't have a non-root user, so you login directly as root with SSH. Some people might be tempted to create a normal user and then use `sudo` to become root. This will cause you a lot of pain, because by doing that, you won't have a d-bus session running, d-bus is started as user unit by Systemd, but this doesn't run when you `sudo` to the user, only when you login directly as the user. I haven't tested this with Docker, but Podman breaks a little in this scenario, so if you're running Podman inside an LXC container, SSH as root from the beginning. + +WAIT!!! Can't I run Podman without being root ? Well, the Nginx reverse proxy the Piped uses to distribute requests to frontend, backend or ytproxy listens on ports 80 and 443, so you need to be root in order to open those. If you want to run rootless, you're gonna have to tinker a little, but you'll be on uncharted waters, sorry. + +## Configuration + ### Creating Self-signed certificate -https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs#generating-ssl-certificates +To create your own certificate, follow the instructions on this [DigitalOcean tutorial](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs#generating-ssl-certificates), placing the files on the `config/` directory, replacing `piped.key` and `piped.crt` with the ones you created. To save you some time, you can use this command: + + cd config/ + openssl req -newkey rsa:2048 -nodes -keyout piped.key -x509 -days 365 -out piped.crt + +Answer all the question with appropriate values, the **only important field** that you should pay attention to is "**Common Name (e.g. server FQDN or YOUR name) []**", this should be "*.yourdomain.tld", meaning this certificate will server for all three hosts needed for Piped. + +### Configuring Piped + +All configurations should preferably be done using environment variables. All of them are listed on the [[configuration.env]] file. + +The most important to set up are the FQDN (Fully Qualified Domain Names) of the three services. These names should be configured on the variables BACKEND_HOSTNAME, FRONTEND_HOSTNAME and PROXY_HOSTNAME **without** "https:\/\/", slashes or anything other than the FQDN. The URLs **with** "https:\/\/" should be configured in the variables FRONTEND_URL, API_URL and PROXY_PART. + +There are other settings that you can change in the file too, such as support for Captcha, registration, etc., just look for them on the config file. + +### Configuring Postgres + +Piped uses PostgreSQL. It is the only DB supported and it's included in the composer file. If you want to use an external Postgre instead, put the relevant information on the appropriate variables and comment the `postgres` service on the composer file. If you decide to use the included DB, these variables will be used both to create the database and to configure the Hibernate library used by the backend. + +## Running + +After you finish creating the certificate and setting up the environment variables, run the project with one of the following commands: + +- Docker + + docker-compose up -d + +- Podman + + podman-compose up -d + +Once all the containers finish starting, test if it's working by pointing your browser to https://frontend.yourdomain.tld and confirm that Piped loads the "Trending" page. + +## Debuging + +In case of problems, you can check the logs with \*-compose logs . For exemple: + docker-compose logs nginx # For docker users + + or + + podman-compose logs piped-backend # for Podman users +If you need really verbose logs from Nginx, it is possible to enable debug mode, but it requires forcing the container to run `nginx-debug` instead of plain `nging` and adding a `error_log ... debug;` statement to [[config/piped.conf.template]]. diff --git a/configuration.env b/configuration.env index 96bfb38..89ab566 100644 --- a/configuration.env +++ b/configuration.env @@ -2,6 +2,7 @@ # Hostname settings # ########################### +# Fully Qualified names of the services used by Piped BACKEND_HOSTNAME=backend-host.example.com FRONTEND_HOSTNAME=frontend-host.example.com PROXY_HOSTNAME=proxy-host.example.com @@ -11,12 +12,18 @@ PROXY_HOSTNAME=proxy-host.example.com ########################### # Port the API server will listen on. +# this is used by other containers in this compose project and will +# listen only on the docker/podman network. +# If you need the API listening publicly, publish it using +# port: +# - : +# on the piped-backend service. PORT=8080 # The number of workers to use for the server HTTP_WORKERS=2 -# URLs for the services. These need to be configured +# iFull URLs for the services. These need to be configured # on your DNS service FRONTEND_URL=https://frontend-host.example.com API_URL=https://backend-host.example.com @@ -42,6 +49,7 @@ FEED_RETENTION=30 # database settings # ########################### +# Settings for the Postgres database POSTGRES_DB=piped POSTGRES_HOST=postgres POSTGRES_USER=piped diff --git a/docker-compose.yml b/docker-compose.yml index 21c2097..fa9df00 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -58,6 +58,16 @@ services: - configuration.env volumes: - ./data/db:/var/lib/postgresql/data + + + # Podman users, be aware that watchtower relies on a Docker socket to work + # look at the logs after startup with `podman-compose logs watchtower` + # If you see errors, make sure the podman service is enabled and the + # socket /var/run/docker.sock exists. + # If errors persist, comment this entire section. + # Watchtower is used to update the images automaticaly. Fortunately, + # Podman offers a way to do that using Dystemd, you could use that + # for auto-updates instead. watchtower: image: containrrr/watchtower restart: always @@ -66,6 +76,6 @@ services: - /etc/timezone:/etc/timezone:ro env_file: - configuration.env - command: piped-frontend piped-backend piped-proxy nginx postgres watchtower + command: piped-frontend piped-proxy piped-backend nginx postgres watchtower volumes: piped-proxy: null diff --git a/entrypoint.d/backend-startup.sh b/entrypoint.d/backend-startup.sh index eb3a850..cba55a3 100755 --- a/entrypoint.d/backend-startup.sh +++ b/entrypoint.d/backend-startup.sh @@ -1,6 +1,6 @@ #!/bin/sh -echo "hibernate.connection.url: jdbc:postgresql://${POSTGRES_HOST}:5432/piped" > /app/config.properties +echo "hibernate.connection.url: jdbc:postgresql://${POSTGRES_HOST}:5432/${POSTGRES_DB}" > /app/config.properties echo "hibernate.connection.username: ${POSTGRES_USER}" >> /app/config.properties echo "hibernate.connection.password: ${POSTGRES_PASSWORD}" >> /app/config.properties echo "hibernate.connection.driver_class: org.postgresql.Driver" >> /app/config.properties