Téléverser les fichiers vers "/"

.env

@@ -0,0 +1,59 @@
+VM_VERSIONNING="2023-10-13"
+
+# --------------------------------------------------
+# Local  network definition
+# --------------------------------------------------
+VM_DOMAIN="home"
+VM_IP_ASSIGN="xxx.xxx.xxx"
+
+
+# --------------------------------------------------
+# VM specific definition
+# --------------------------------------------------
+
+VM_NAME="xxx"
+VM_TITLE="xxx"
+VM_IP="$VM_IP_ASSIGN.xxx"
+
+
+
+# --------------------------------------------------
+# Local containers exposed ports (for all VM)
+# --------------------------------------------------
+
+# common (4000-4999)
+VM_PORT_DOCKERPROXY="4000"
+VM_PORT_LOKI="4001"
+VM_PORT_PROMTAIL="4002"
+VM_PORT_DOZZLE="4003"
+VM_PORT_WATCHTOWER="4004"
+
+# particular (8000-8999)
+VM_PORT_PIPED_DB="8300"
+VM_PORT_PIPED_BACK="8301"
+VM_PORT_PIPED_FRONT="8302"
+VM_PORT_PIPED_PROXY="8303"
+VM_PORT_HYPERPIPE_NGINX="8304"
+VM_PORT_HYPERPIPE_BACK="8305"
+VM_PORT_HYPERPIPE_FRONT="8306"
+
+
+
+# --------------------------------------------------
+# Common
+# --------------------------------------------------
+
+VM_USER="1000"
+VM_GROUP="1000"
+VM_MASTER="xxx"
+MASTER_HOST="${VM_MASTER}.${VM_DOMAIN}"
+VM_HOST="${VM_NAME}.${VM_DOMAIN}"
+
+
+
+# --------------------------------------------------
+# Services specifics
+# --------------------------------------------------
+
+WATCHTOWER_NOTIFICATION_TITLE_TAG="${VM_TITLE}"
+WATCHTOWER_NOTIFICATIONS_HOSTNAME="${VM_NAME}"

README.md

@@ -1,2 +1,57 @@
-# hyperpiped
+# Hyperpipe / Piped
 
+Hyperpipe, a privacy-friendly frontend designed for YouTube Music, was inspired and created using Piped and YouTube's InnerTube API.
+
+In the following steps, you'll be guided through the installation of Hyperpipe, as well as Piped, to dramatically improve your online privacy.
+
+What sets Hyperpipe and Piped apart in particular is the ability to enjoy YouTube music and videos without being interrupted by ads.
+
+In this detailed tutorial, I'll explain how to deploy Hyperpipe using Docker and Portainer.
+
+## Considerations
+
+This Docker stack is scaled for a 8 vCPUs _and 24 Gb memory_ on a gigabite network.
+
+Using ADSL will give poorer performance than using fiber.
+
+I strongly recommend that you only use this tool if you finally have a good fiber connection.
+
+## Prerequisites
+
+You must have already installed:
+
+* A fully fonctionnal [internet domain name](https://infos.zogg.fr/caddy-docker-cloudflare)
+* [Docker](https://infos.zogg.fr/tags#docker)
+* A textual editor ([Visual Studio Code](https://code.visualstudio.com/), [Notepad++](https://notepad-plus-plus.org/), nano...)
+* A fully functionnal [Traefik reverse proxy](https://infos.zogg.fr/tags#traefik) setup
+
+## What's here
+
+### Folders
+
+* **conf** : used to store all configuration files
+* **datas** : persistent storage _(mainly for the PostgreQL database)_
+
+### Files
+
+* **docker-compose.yml** : a fully functionnal docker-compose file to run using _docker compose up -d_
+* **vm/common.yml** : docker-compose on which _docker-compose.yml_ is extended
+* **vm/host.yml** : docker-compose on which host.yml_ is extended
+* **.env** : default environement variables used by the docker-compose file
+
+* **traefik/hyperpipe.yml** : the Traefik configuration for this stack _(routers, services, middlewares)_
+
+* **conf/hyperpipe/nginx.conf** : highly optimized [NGinx](https://infos.zogg.fr/nginx) base configuration used by _hyperpipe-nginx_
+* **conf/hyperpipe/youtube.conf** : used by _hyperpipe-nginx_
+* **conf/piped/api.conf** : used by _hyperpipe-nginx_
+* **conf/piped/backend.conf** : configuration file used by _piped-back_
+* **conf/piped/frontend.conf** : used by _hyperpipe-nginx_
+* **conf/piped/proxy.conf** : used by _hyperpipe-nginx_
+
+## Usage
+
+You **MUST** find & replace all _'xxx'_ entries in each file to match your setup.
+
+* **docker-compose.yml** : piped-db _POSTGRES_PASSWORD_
+* **nginx.conf** : resolver _(put your private dns ip resolver or comment the entire line)_
+* **domain.com** : replace all _domain.com_ to match your domain name in all files

docker-compose.yml

@@ -0,0 +1,339 @@
+version: "3.0"
+
+#
+# updated: 2023-10-13
+# stack:   hyperpiped
+#
+
+networks:
+  hyperpipe:
+    name: hyperpipe
+    driver: bridge
+    enable_ipv6: true
+  traefik:
+    external: true
+
+services:
+
+  piped-db:
+    extends:
+      file: ./_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - CHOWN
+      - FOWNER
+      - FSETID
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+      - MKNOD
+    container_name: piped-db
+    hostname: piped-db
+    image: postgres:16
+    restart: unless-stopped
+    ports:
+      - "${VM_PORT_PIPED_DB}:5432"
+    expose:
+      - "5432"
+    networks:
+      - hyperpipe
+      - traefik
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-d", "piped", "-U", "root"]
+    environment:
+      POSTGRES_DB: piped
+      POSTGRES_USER: root
+      POSTGRES_PASSWORD: xxx
+    labels:
+      com.stack.name: "piped"
+      com.stack.service.name: "db"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    volumes:
+      - ./datas/db:/var/lib/postgresql/data:rw
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  piped-proxy:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    read_only: true
+    container_name: piped-proxy
+    hostname: piped-proxy
+    image: 1337kavin/piped-proxy:latest
+    restart: unless-stopped
+    ports:
+      - "${VM_PORT_PIPED_PROXY}:80"
+    expose:
+      - "80"
+    networks:
+      - hyperpipe
+      - traefik
+    healthcheck:
+      test: uname -a || exit 1
+    environment:
+      UDS: 1
+    labels:
+      com.stack.name: "piped"
+      com.stack.service.name: "proxy"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    volumes:
+      - ./datas/piped/proxy:/app/socket:rw
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  piped-back:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - CHOWN
+      - FOWNER
+      - FSETID
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+      - MKNOD
+    container_name: piped-back
+    hostname: piped-back
+    image: 1337kavin/piped:latest
+    restart: unless-stopped
+    ports:
+      - "${VM_PORT_PIPED_BACK}:8080"
+    expose:
+      - "8080"
+    networks:
+      - hyperpipe
+      - traefik
+    depends_on:
+      piped-db:
+        condition: service_healthy
+      piped-proxy:
+        condition: service_healthy
+    healthcheck:
+      test: curl --fail http://localhost:8080/ || exit 1
+    environment:
+      DSN: ""
+    labels:
+      com.stack.name: "piped"
+      com.stack.service.name: "back"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    volumes:
+      - ./conf/piped/backend.conf:/app/config.properties:ro
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  piped-front:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - CHOWN
+      - FOWNER
+      - FSETID
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+      - MKNOD
+    container_name: piped-front
+    hostname: piped-front
+    image: 1337kavin/piped-frontend:latest
+    restart: unless-stopped
+    ports:
+      - "${VM_PORT_PIPED_FRONT}:80"
+    expose:
+      - "80"
+    networks:
+      - hyperpipe
+      - traefik
+    depends_on:
+      piped-back:
+        condition: service_healthy
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:80
+    entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/pipedapi.domain.com/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
+    labels:
+      com.stack.name: "piped"
+      com.stack.service.name: "front"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  hyperpipe-nginx:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    user: 0:0
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - FOWNER
+      - FSETID
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+      - MKNOD
+      - SETPCAP
+      - SYS_ADMIN
+    container_name: hyperpipe-nginx
+    hostname: hyperpipe-nginx
+    image: registry.domain.com/zogg/nginx:latest
+    restart: unless-stopped
+    depends_on:
+      piped-db:
+        condition: service_healthy
+      piped-back:
+        condition: service_healthy
+      piped-front:
+        condition: service_healthy
+      piped-proxy:
+        condition: service_healthy
+    ports:
+      - "${VM_PORT_HYPERPIPE_NGINX}:80"
+    expose:
+      - "80"
+    networks:
+      - hyperpipe
+      - traefik
+    healthcheck:
+      test: curl --fail http://localhost:80/ || exit 1
+      start_period: 120s
+    labels:
+      com.stack.name: "hyperpipe"
+      com.stack.service.name: "nginx"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    volumes:
+      - ./conf/hyperpipe/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./conf/piped/api.conf:/etc/nginx/conf.d/pipedapi.conf:ro
+      - ./conf/piped/proxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
+      - ./conf/piped/frontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
+      - ./conf/hyperpipe/youtube.conf:/etc/nginx/snippets/ytproxy.conf:ro
+      - ./datas/piped/proxy:/var/run/ytproxy:rw
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  hyperpipe-back:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    container_name: hyperpipe-back
+    hostname: hyperpipe-back
+    image: codeberg.org/hyperpipe/hyperpipe-backend:latest
+    restart: unless-stopped
+    depends_on:
+      hyperpipe-nginx:
+        condition: service_healthy
+    ports:
+      - "${VM_PORT_HYPERPIPE_BACK}:3000"
+    expose:
+      - "3000"
+    networks:
+      - hyperpipe
+      - traefik
+    environment:
+      HYP_PROXY: "ytproxy.domain.com"
+    labels:
+      com.stack.name: "hyperpipe"
+      com.stack.service.name: "back"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0
+
+  hyperpipe-front:
+    extends:
+      file: ./_vm/host.yml
+      service: x-host
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - CHOWN
+      - FOWNER
+      - FSETID
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+      - MKNOD
+    container_name: hyperpipe-front
+    hostname: hyperpipe-front
+    image: codeberg.org/hyperpipe/hyperpipe:latest
+    restart: unless-stopped
+    depends_on:
+      hyperpipe-back:
+        condition: service_started
+    ports:
+      - "${VM_PORT_HYPERPIPE_FRONT}:80"
+    expose:
+      - "80"
+    networks:
+      - hyperpipe
+      - traefik
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost
+    entrypoint: sh -c 'find /usr/share/nginx/html -type f -exec sed -i s/pipedapi.kavin.rocks/pipedapi.domain.com/g {} \; -exec sed -i s/hyperpipeapi.onrender.com/hyperpipeapi.domain.com/g {} \; && /docker-entrypoint.sh && nginx -g "daemon off;"'
+    labels:
+      com.stack.name: "hyperpipe"
+      com.stack.service.name: "front"
+    deploy:
+      resources:
+        limits:
+          cpus: "8.0"
+          memory: 4G
+          pids: 8192
+    tmpfs:
+      - /tmp:rw,exec,size=1G
+    sysctls:
+      net.core.somaxconn: 8192
+      net.ipv4.tcp_syncookies: 0