diff --git a/.env b/.env new file mode 100644 index 0000000..a269ddd --- /dev/null +++ b/.env @@ -0,0 +1,59 @@ +VM_VERSIONNING="2023-10-13" + +# -------------------------------------------------- +# Local network definition +# -------------------------------------------------- +VM_DOMAIN="home" +VM_IP_ASSIGN="xxx.xxx.xxx" + + +# -------------------------------------------------- +# VM specific definition +# -------------------------------------------------- + +VM_NAME="xxx" +VM_TITLE="xxx" +VM_IP="$VM_IP_ASSIGN.xxx" + + + +# -------------------------------------------------- +# Local containers exposed ports (for all VM) +# -------------------------------------------------- + +# common (4000-4999) +VM_PORT_DOCKERPROXY="4000" +VM_PORT_LOKI="4001" +VM_PORT_PROMTAIL="4002" +VM_PORT_DOZZLE="4003" +VM_PORT_WATCHTOWER="4004" + +# particular (8000-8999) +VM_PORT_PIPED_DB="8300" +VM_PORT_PIPED_BACK="8301" +VM_PORT_PIPED_FRONT="8302" +VM_PORT_PIPED_PROXY="8303" +VM_PORT_HYPERPIPE_NGINX="8304" +VM_PORT_HYPERPIPE_BACK="8305" +VM_PORT_HYPERPIPE_FRONT="8306" + + + +# -------------------------------------------------- +# Common +# -------------------------------------------------- + +VM_USER="1000" +VM_GROUP="1000" +VM_MASTER="xxx" +MASTER_HOST="${VM_MASTER}.${VM_DOMAIN}" +VM_HOST="${VM_NAME}.${VM_DOMAIN}" + + + +# -------------------------------------------------- +# Services specifics +# -------------------------------------------------- + +WATCHTOWER_NOTIFICATION_TITLE_TAG="${VM_TITLE}" +WATCHTOWER_NOTIFICATIONS_HOSTNAME="${VM_NAME}" diff --git a/README.md b/README.md index 562e8cb..57c75f3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,57 @@ -# hyperpiped +# Hyperpipe / Piped +Hyperpipe, a privacy-friendly frontend designed for YouTube Music, was inspired and created using Piped and YouTube's InnerTube API. + +In the following steps, you'll be guided through the installation of Hyperpipe, as well as Piped, to dramatically improve your online privacy. + +What sets Hyperpipe and Piped apart in particular is the ability to enjoy YouTube music and videos without being interrupted by ads. + +In this detailed tutorial, I'll explain how to deploy Hyperpipe using Docker and Portainer. + +## Considerations + +This Docker stack is scaled for a 8 vCPUs _and 24 Gb memory_ on a gigabite network. + +Using ADSL will give poorer performance than using fiber. + +I strongly recommend that you only use this tool if you finally have a good fiber connection. + +## Prerequisites + +You must have already installed: + +* A fully fonctionnal [internet domain name](https://infos.zogg.fr/caddy-docker-cloudflare) +* [Docker](https://infos.zogg.fr/tags#docker) +* A textual editor ([Visual Studio Code](https://code.visualstudio.com/), [Notepad++](https://notepad-plus-plus.org/), nano...) +* A fully functionnal [Traefik reverse proxy](https://infos.zogg.fr/tags#traefik) setup + +## What's here + +### Folders + +* **conf** : used to store all configuration files +* **datas** : persistent storage _(mainly for the PostgreQL database)_ + +### Files + +* **docker-compose.yml** : a fully functionnal docker-compose file to run using _docker compose up -d_ +* **vm/common.yml** : docker-compose on which _docker-compose.yml_ is extended +* **vm/host.yml** : docker-compose on which host.yml_ is extended +* **.env** : default environement variables used by the docker-compose file + +* **traefik/hyperpipe.yml** : the Traefik configuration for this stack _(routers, services, middlewares)_ + +* **conf/hyperpipe/nginx.conf** : highly optimized [NGinx](https://infos.zogg.fr/nginx) base configuration used by _hyperpipe-nginx_ +* **conf/hyperpipe/youtube.conf** : used by _hyperpipe-nginx_ +* **conf/piped/api.conf** : used by _hyperpipe-nginx_ +* **conf/piped/backend.conf** : configuration file used by _piped-back_ +* **conf/piped/frontend.conf** : used by _hyperpipe-nginx_ +* **conf/piped/proxy.conf** : used by _hyperpipe-nginx_ + +## Usage + +You **MUST** find & replace all _'xxx'_ entries in each file to match your setup. + +* **docker-compose.yml** : piped-db _POSTGRES_PASSWORD_ +* **nginx.conf** : resolver _(put your private dns ip resolver or comment the entire line)_ +* **domain.com** : replace all _domain.com_ to match your domain name in all files diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..560a988 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,339 @@ +version: "3.0" + +# +# updated: 2023-10-13 +# stack: hyperpiped +# + +networks: + hyperpipe: + name: hyperpipe + driver: bridge + enable_ipv6: true + traefik: + external: true + +services: + + piped-db: + extends: + file: ./_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - CHOWN + - FOWNER + - FSETID + - SETGID + - SETUID + - NET_BIND_SERVICE + - MKNOD + container_name: piped-db + hostname: piped-db + image: postgres:16 + restart: unless-stopped + ports: + - "${VM_PORT_PIPED_DB}:5432" + expose: + - "5432" + networks: + - hyperpipe + - traefik + healthcheck: + test: ["CMD", "pg_isready", "-q", "-d", "piped", "-U", "root"] + environment: + POSTGRES_DB: piped + POSTGRES_USER: root + POSTGRES_PASSWORD: xxx + labels: + com.stack.name: "piped" + com.stack.service.name: "db" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + tmpfs: + - /tmp:rw,exec,size=1G + volumes: + - ./datas/db:/var/lib/postgresql/data:rw + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + piped-proxy: + extends: + file: ./_vm/host.yml + service: x-host + read_only: true + container_name: piped-proxy + hostname: piped-proxy + image: 1337kavin/piped-proxy:latest + restart: unless-stopped + ports: + - "${VM_PORT_PIPED_PROXY}:80" + expose: + - "80" + networks: + - hyperpipe + - traefik + healthcheck: + test: uname -a || exit 1 + environment: + UDS: 1 + labels: + com.stack.name: "piped" + com.stack.service.name: "proxy" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + volumes: + - ./datas/piped/proxy:/app/socket:rw + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + piped-back: + extends: + file: ./_vm/host.yml + service: x-host + user: 0:0 + cap_add: + - DAC_OVERRIDE + - CHOWN + - FOWNER + - FSETID + - SETGID + - SETUID + - NET_BIND_SERVICE + - MKNOD + container_name: piped-back + hostname: piped-back + image: 1337kavin/piped:latest + restart: unless-stopped + ports: + - "${VM_PORT_PIPED_BACK}:8080" + expose: + - "8080" + networks: + - hyperpipe + - traefik + depends_on: + piped-db: + condition: service_healthy + piped-proxy: + condition: service_healthy + healthcheck: + test: curl --fail http://localhost:8080/ || exit 1 + environment: + DSN: "" + labels: + com.stack.name: "piped" + com.stack.service.name: "back" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + volumes: + - ./conf/piped/backend.conf:/app/config.properties:ro + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + piped-front: + extends: + file: ./_vm/host.yml + service: x-host + user: 0:0 + cap_add: + - DAC_OVERRIDE + - CHOWN + - FOWNER + - FSETID + - SETGID + - SETUID + - NET_BIND_SERVICE + - MKNOD + container_name: piped-front + hostname: piped-front + image: 1337kavin/piped-frontend:latest + restart: unless-stopped + ports: + - "${VM_PORT_PIPED_FRONT}:80" + expose: + - "80" + networks: + - hyperpipe + - traefik + depends_on: + piped-back: + condition: service_healthy + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:80 + entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/pipedapi.domain.com/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' + labels: + com.stack.name: "piped" + com.stack.service.name: "front" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + hyperpipe-nginx: + extends: + file: ./_vm/host.yml + service: x-host + user: 0:0 + cap_add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - FSETID + - SETGID + - SETUID + - NET_BIND_SERVICE + - MKNOD + - SETPCAP + - SYS_ADMIN + container_name: hyperpipe-nginx + hostname: hyperpipe-nginx + image: registry.domain.com/zogg/nginx:latest + restart: unless-stopped + depends_on: + piped-db: + condition: service_healthy + piped-back: + condition: service_healthy + piped-front: + condition: service_healthy + piped-proxy: + condition: service_healthy + ports: + - "${VM_PORT_HYPERPIPE_NGINX}:80" + expose: + - "80" + networks: + - hyperpipe + - traefik + healthcheck: + test: curl --fail http://localhost:80/ || exit 1 + start_period: 120s + labels: + com.stack.name: "hyperpipe" + com.stack.service.name: "nginx" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + volumes: + - ./conf/hyperpipe/nginx.conf:/etc/nginx/nginx.conf:ro + - ./conf/piped/api.conf:/etc/nginx/conf.d/pipedapi.conf:ro + - ./conf/piped/proxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro + - ./conf/piped/frontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro + - ./conf/hyperpipe/youtube.conf:/etc/nginx/snippets/ytproxy.conf:ro + - ./datas/piped/proxy:/var/run/ytproxy:rw + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + hyperpipe-back: + extends: + file: ./_vm/host.yml + service: x-host + container_name: hyperpipe-back + hostname: hyperpipe-back + image: codeberg.org/hyperpipe/hyperpipe-backend:latest + restart: unless-stopped + depends_on: + hyperpipe-nginx: + condition: service_healthy + ports: + - "${VM_PORT_HYPERPIPE_BACK}:3000" + expose: + - "3000" + networks: + - hyperpipe + - traefik + environment: + HYP_PROXY: "ytproxy.domain.com" + labels: + com.stack.name: "hyperpipe" + com.stack.service.name: "back" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0 + + hyperpipe-front: + extends: + file: ./_vm/host.yml + service: x-host + user: 0:0 + cap_add: + - DAC_OVERRIDE + - CHOWN + - FOWNER + - FSETID + - SETGID + - SETUID + - NET_BIND_SERVICE + - MKNOD + container_name: hyperpipe-front + hostname: hyperpipe-front + image: codeberg.org/hyperpipe/hyperpipe:latest + restart: unless-stopped + depends_on: + hyperpipe-back: + condition: service_started + ports: + - "${VM_PORT_HYPERPIPE_FRONT}:80" + expose: + - "80" + networks: + - hyperpipe + - traefik + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost + entrypoint: sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/pipedapi.domain.com/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipeapi.domain.com/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"' + labels: + com.stack.name: "hyperpipe" + com.stack.service.name: "front" + deploy: + resources: + limits: + cpus: "8.0" + memory: 4G + pids: 8192 + tmpfs: + - /tmp:rw,exec,size=1G + sysctls: + net.core.somaxconn: 8192 + net.ipv4.tcp_syncookies: 0