-
Notifications
You must be signed in to change notification settings - Fork 161
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add invidious companion temporary doc (#620)
- Loading branch information
Showing
7 changed files
with
549 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| # Apache2 reverse proxy setup with Invidious companion | ||
|
|
||
| - A very basic config, secured with Let's Encrypt. Any log is disabled by default. Do not forget to replace `ServerName` with your domain. | ||
|
|
||
| ``` | ||
| <IfModule mod_ssl.c> | ||
| <VirtualHost *:443> | ||
| ServerName invidious.domain.tld | ||
| ServerAdmin admin@localhost | ||
| ProxyPreserveHost On | ||
| ProxyRequests off | ||
| ProxyPass / http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse / http://127.0.0.1:3000/ | ||
| ProxyPass /latest_version http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /latest_version http://127.0.0.1:3000/ | ||
| ProxyPass /api/manifest/dash/id/ http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /api/manifest/dash/id/ http://127.0.0.1:3000/ | ||
| ProxyPass /videoplayback http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /videoplayback http://127.0.0.1:3000/ | ||
| AllowEncodedSlashes on | ||
| # ErrorLog /var/log/apache2/invidious.domain.tld/error.log | ||
| CustomLog /dev/null combined | ||
| RewriteEngine on | ||
| SSLCertificateFile /etc/letsencrypt/live/invidious.domain.tld/fullchain.pem | ||
| SSLCertificateKeyFile /etc/letsencrypt/live/invidious.domain.tld/privkey.pem | ||
| SSLCertificateChainFile /etc/letsencrypt/live/invidious.domain.tld/chain.pem | ||
| </VirtualHost> | ||
| </IfModule> | ||
| ``` | ||
|
|
||
| ## Another config example without HTTPS, but with Apache Basic Auth HTTP login. | ||
|
|
||
|
|
||
| The user will connect to Apache on port 3333 and will be asked to log in. If authentification is successful, Apache will redirect the user to Invidious' page. | ||
| To make the VirtualHost config below actually work, you should as well: | ||
|
|
||
| - Create a [.htpasswd](http://httpd.apache.org/docs/current/programs/htpasswd.html) file and add required [username/login combos](http://aspirine.org/htpasswd_en.html) to it, if not already existing. | ||
| - Open port 3333 (or any other free port) adding `Listen 3333` to Apache `ports.conf` (Debian `/etc/apache2/ports.conf`) | ||
| - If you run Invidious with default parameters, you may need to replace default host binding (0.0.0.0) with localhost (127.0.0.1) instead. That way, Invidious won't be publicly available on port 3000 anymore, but only accessible via the reverse proxy on port 3333. So if you run Invidious via a systemd service, you would edit the service file (e.g. `/etc/systemd/system/invidious.service`) and modify the ExecStart line to include the -b switch as follows `ExecStart=/home/invidious/invidious/invidious -b 127.0.0.1 -o invidious.log` and then reload the daemon with `systemctl daemon-reload` so that changes are taken into account. | ||
| - A convenient way to open such protected Invidious page without having to log in manually everytime is to access use a URL with the following format: http://username:password@domain:3333 | ||
|
|
||
| ``` | ||
| <VirtualHost *:3333> | ||
| ServerName invidious.domain.tld #add your own domain name (or localhost if you have none) | ||
| ServerAdmin admin@localhost | ||
| <Location /> | ||
| Deny from all # Forbid access to all by default... | ||
| #Allow from 127.0.0.1 #...Except from specific IPs (which will not need to authenticate)... | ||
| AuthUserFile /etc/apache2/.htpasswd #path to .htpasswd file | ||
| AuthName "Restricted Area" # name displayed in the promptbox | ||
| AuthType Basic # http://httpd.apache.org/docs/current/howto/auth.html | ||
| Satisfy Any | ||
| Require valid-user # ...and except from authenticated users included in the .htpasswd file | ||
| </Location> | ||
| ProxyPass / http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse / http://127.0.0.1:3000/ | ||
| ProxyPass /latest_version http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /latest_version http://127.0.0.1:3000/ | ||
| ProxyPass /api/manifest/dash/id/ http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /api/manifest/dash/id/ http://127.0.0.1:3000/ | ||
| ProxyPass /videoplayback http://127.0.0.1:3000/ nocanon | ||
| ProxyPassReverse /videoplayback http://127.0.0.1:3000/ | ||
| ProxyPreserveHost On | ||
| ProxyRequests Off | ||
| AllowEncodedSlashes On | ||
| #ErrorLog ${APACHE_LOG_DIR}/error.log | ||
| CustomLog /dev/null combined | ||
| </VirtualHost> | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Caddy reverse proxy setup with Invidious companion | ||
|
|
||
| This is a very basic config, assuming that you're using Caddy to manage SSL certificates for you. | ||
| Any log is disabled by default. Do not forget to replace `server_name` with your domain. | ||
|
|
||
| ``` | ||
| https://<server_name> { | ||
| @companion { | ||
| path /latest_version | ||
| path /api/manifest/dash/id/* | ||
| path /videoplayback* | ||
| } | ||
| reverse_proxy @companion localhost:8282 | ||
| reverse_proxy localhost:3000 | ||
| log { | ||
| output discard | ||
| } | ||
| } | ||
| ``` |
Oops, something went wrong.