Last active
September 24, 2024 22:41
-
-
Save nonsleepr/cf6c65837fec534ad6302ea06b7d37fa to your computer and use it in GitHub Desktop.
Piped on Tailscale
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| piped-frontend: | |
| image: 1337kavin/piped-frontend:latest | |
| restart: unless-stopped | |
| depends_on: | |
| - piped-backend | |
| container_name: piped-frontend | |
| entrypoint: "" | |
| command: | |
| - /bin/sh | |
| - "-c" | |
| - 'sed -i "s|https://pipedapi.kavin.rocks|${BASE_URL}/api|g" /usr/share/nginx/html/assets/* && nginx -g "daemon off;"' | |
| piped-proxy: | |
| image: 1337kavin/piped-proxy:latest | |
| restart: unless-stopped | |
| environment: | |
| - UDS=0 # Bind on :8080 | |
| container_name: piped-proxy | |
| piped-backend: | |
| image: 1337kavin/piped:latest | |
| restart: unless-stopped | |
| depends_on: | |
| - postgres | |
| container_name: piped-backend | |
| environment: | |
| PROXY_PART: ${BASE_URL}/proxy | |
| API_URL: ${BASE_URL}/api | |
| FRONTEND_URL: ${BASE_URL} | |
| HIBERNATE_CONNECTION_URL: jdbc:postgresql://postgres:5432/piped | |
| HIBERNATE_CONNECTION_USERNAME: piped | |
| HIBERNATE_CONNECTION_PASSWORD: changeme | |
| # See other properties in https://github.com/TeamPiped/Piped-Backend/blob/master/src/main/java/me/kavin/piped/consts/Constants.java | |
| entrypoint: "" | |
| command: | |
| - /bin/sh | |
| - "-c" | |
| - 'env|sed -E "/^HIBERNATE_/!d; s/^HIBERNATE_([A-Z_]+)=(.*)/hibernate.\L\1\E: \2/; s/_/./g" > /app/config.properties && /hotspot-entrypoint.sh' | |
| postgres: | |
| image: pgautoupgrade/pgautoupgrade:16-alpine | |
| restart: unless-stopped | |
| #volumes: | |
| # - ./data/db:/var/lib/postgresql/data | |
| environment: | |
| - POSTGRES_DB=piped | |
| - POSTGRES_USER=piped | |
| - POSTGRES_PASSWORD=changeme | |
| container_name: postgres | |
| traefik: | |
| image: traefik:latest | |
| restart: always | |
| volumes: | |
| - ./traefik.yml:/etc/traefik/traefik.yml:ro | |
| container_name: traefik | |
| network_mode: service:tailscale | |
| tailscale: | |
| image: tailscale/tailscale:latest | |
| container_name: piped-tailscale | |
| hostname: ${HOSTNAME} | |
| restart: unless-stopped | |
| volumes: | |
| - tailscale:/var/lib/tailscale | |
| command: | |
| - "/bin/sh" | |
| - "-c" | |
| - | | |
| /usr/local/bin/containerboot & | |
| sleep 3 | |
| tailscale serve 80 | |
| environment: | |
| TS_AUTHKEY: ${TS_AUTHKEY} | |
| TS_HOSTNAME: piped | |
| TS_STATE_DIR: /var/lib/tailscale | |
| #watchtower: | |
| # image: containrrr/watchtower | |
| # restart: always | |
| # volumes: | |
| # - /var/run/docker.sock:/var/run/docker.sock | |
| # - /etc/timezone:/etc/timezone:ro | |
| # environment: | |
| # - WATCHTOWER_CLEANUP=true | |
| # - WATCHTOWER_INCLUDE_RESTARTING=true | |
| # container_name: watchtower | |
| # command: piped-frontend piped-backend piped-proxy traefik postgres watchtower | |
| volumes: | |
| tailscale: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #log: | |
| # level: DEBUG | |
| providers: | |
| file: | |
| filename: /etc/traefik/traefik.yml | |
| watch: true | |
| entryPoints: | |
| web: | |
| address: ":80" | |
| websecure: | |
| address: ":443" | |
| http: | |
| routers: | |
| piped-backend: | |
| rule: "PathPrefix(`/api`)" | |
| service: piped-backend | |
| middlewares: | |
| - global | |
| - backend | |
| piped-proxy-cc: | |
| rule: "PathPrefix(`/proxy/videoplayack`) || PathPrefix(`/proxy/api/v4/`) || PathPrefix(`/proxy/api/manifest/`)" | |
| service: piped-proxy | |
| middlewares: | |
| - global | |
| - proxy | |
| - ytproxy | |
| - ytproxy-cc | |
| piped-proxy: | |
| rule: "PathPrefix(`/proxy`)" | |
| service: piped-proxy | |
| middlewares: | |
| - global | |
| - proxy | |
| - ytproxy | |
| piped-frontend: | |
| rule: "!PathPrefix(`/api`) && !PathPrefix(`/proxy`)" | |
| service: piped-frontend | |
| middlewares: | |
| - global | |
| services: | |
| piped-frontend: | |
| loadBalancer: | |
| servers: | |
| - url: http://piped-frontend:80 | |
| piped-backend: | |
| loadBalancer: | |
| servers: | |
| - url: http://piped-backend:8080 | |
| piped-proxy: | |
| loadBalancer: | |
| servers: | |
| - url: http://piped-proxy:8080 | |
| middlewares: | |
| proxy: | |
| stripPrefix: | |
| prefixes: | |
| - "/proxy" | |
| backend: | |
| stripPrefix: | |
| prefixes: | |
| - "/api" | |
| global: | |
| headers: | |
| customResponseHeaders: | |
| # disable FLoC tracking | |
| Permissions-Policy: interest-cohort=() | |
| # enable HSTS | |
| Strict-Transport-Security: max-age=31536000; | |
| # keep referrer data off | |
| Referrer-Policy: no-referrer | |
| # prevent for appearing in search engine for private instances (option) | |
| X-Robots-Tag: noindex | |
| ytproxy: | |
| headers: | |
| customRequestHeaders: | |
| X-Forwarded-For: "" | |
| CF-Connecting-IP: "" | |
| Connection: keep-alive | |
| customResponseHeaders: | |
| Alt-Svc: "" | |
| Cache-Control: "" | |
| ETag: "" | |
| ytproxy-cc: | |
| headers: | |
| customResponseHeaders: | |
| Cache-Control: private always |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment