Deployment - V4NT-ORG/LibreOdysee GitHub Wiki

The more hosted instances of LibreOdysee we have, the better load will be balanced between them all, leading to a better experience for everyone.

Pre-requisites

• Server or an always-on computer
• Fast internet connection

LibreOdysee is deployed using Docker. Docker containerizes the app for a more convenient and secure deployment.

If you don't have Docker already, follow the official documentation to install the engine.

⚠️ I will not provide a Docker image, But if someone wants to maintain it. you have to be a trusted community member first.

1. Find a directory to put LibreOdysee's source code.
2. Clone the repo with git clone https://github.com/WhateverItWorks/LibreOdysee.git.
3. Create a folder that's called data. Example: mkdir data
4. Copy the config.example.yml to data/config.yml with cp config.example.yml data/config.yml
5. Now edit to your desired settings nano data/config.yml.

LibreOdysee provides an example docker-compose file in docker-compose.yml. This defines the setup for the container.

• Modify ports if needed.
• Usually you want to edit the ports: section to meet your needs, especially if you're using a reverse proxy, like nginx. Try replacing the - 3245:3000 part with - 127.0.0.1:3245:3000.
• Modify environment: to fit your setup.

In the same directory as the docker-compose.yml file, run docker compose up -d --build to run the container in the background as a daemon (-d) and compile it (--build).

Reverse proxies are especially useful if you want to run multiple services on your machine. nginx is recommended.

You can install it for your operating system according to the official documentation.

Depending on your operating system, this path may differ, but usually configs are stored in /etc/nginx/sites-enabled. Navigate to this directory and create a new file called .conf.

In this file, put the following:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    server_name changethis;

    add_header strict_sni on;
    add_header strict_sni_header on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header Clear-Site-Data "cookies";
    add_header Referrer-Policy "no-referrer";
    add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
    resolver 1.1.1.1;


    ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

    # disable all logs
    access_log /dev/null;
    error_log /dev/null;

        location / {
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_pass http://localhost:3245;
        }

}

server {
    listen 80;
    listen [::]:80;
    server_name changethis;
    return 301 https://changethis$request_uri;
}

$remote_addr Is passed to the app via X-Forwarded-For to enforce the anti-scraping ratelimit properly. If you remove this block, it may block access globally if your instance is abused.

Run nginx -t to test your config. If all is ok, it should print the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If there are no issues, reload using nginx -s reload.