Add container configurations for FlareSolverr and ConvertX services

2026-02-28 17:25:18 +01:00
parent 6e0d9b4d3c
commit 3cb92b6a39
5 changed files with 190 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -2,4 +2,141 @@

 Collection of Podman Quadlets, with plenty of documentation!

-I personally find that Podman Quadlets do not require that much documentation, but it can be confusing for anyone who isn't already familiar with Docker and/or Podman. While I am not an expert, I have been figuring out how Quadlets work, and believe I can set up my homeserver in an order that would be considered "good". 
+I personally find that Podman Quadlets do not require that much documentation, but it can be confusing for anyone who isn't already familiar with Docker or Podman. While I am not an expert, I have been figuring out how Quadlets work, and believe I can set up my homeserver in an order that would be considered "good". 
+
+## My own personal choices
+
+There are a lot of ways to set up Quadlets, but here I will cover the cleanest setup possible that is also functional. 
+
+Environment files will be stored in the users home directory named `.envs`, with the naming scheme of `SERVICE.env`. In an ideal world you will be able to easily spot whatever file you should be editing. In the Environment files I will include a variable (`Q_DOCS`) with a link to the documentation of the service, plus the most common variables you will probably need to set up the service.
+
+  location /api/authz/auth-request {
+
+
+  internal;
+
+
+
+  proxy_set_header Host $host;
+
+
+  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+
+
+  proxy_set_header X-Forwarded-Proto $scheme;
+
+
+  proxy_set_header X-Forwarded-Host $http_host;
+
+
+  proxy_set_header X-Forwarded-URI $request_uri;
+
+
+  proxy_set_header X-Forwarded-For $remote_addr;
+
+
+
+  # extra settings, don't pass the entire body to auth_request
+
+
+  proxy_set_header Content-Length "";
+
+
+  proxy_set_header Connection "";
+
+
+  proxy_pass_request_body off;
+
+
+
+  # url to send auth_request. Should be ${APP_URL}/api/authz/auth-request
+
+
+  proxy_pass http://localhost:3005/api/authz/auth-request;
+
+
+}
+
+
+
+location /{
+
+
+  proxy_set_header Host $host;
+
+
+  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+
+
+  proxy_set_header X-Forwarded-Proto $scheme;
+
+
+  proxy_set_header X-Forwarded-Host $http_host;
+
+
+  proxy_set_header X-Forwarded-URI $request_uri;
+
+
+  proxy_set_header X-Forwarded-For $remote_addr;
+
+
+  
+
+
+  proxy_set_header Upgrade $http_upgrade;
+
+
+  proxy_set_header Connection "upgrade";
+
+
+
+  auth_request /api/authz/auth-request;
+
+
+
+  # --- FIX STARTS HERE ---
+
+  # You must "capture" the headers into variables first
+
+  auth_request_set $user $upstream_http_remote_user;
+
+  auth_request_set $groups $upstream_http_remote_groups;
+
+  auth_request_set $email $upstream_http_remote_email;
+
+  auth_request_set $name $upstream_http_remote_name;
+
+
+  # Then pass those variables as headers to Navidrome
+
+  proxy_set_header Remote-User $user;
+
+  proxy_set_header Remote-Groups $groups;
+
+  proxy_set_header Remote-Email $email;
+
+  proxy_set_header Remote-Name $name;
+
+  # --- FIX ENDS HERE ---
+
+
+
+  # If response 401 or 407 code, try to redirect to Location Header as if 302.
+
+
+  # NGINX auth_request cannot handle codes except 2xx and 4xx, this is a workaround
+
+
+  auth_request_set $redirection_url $upstream_http_location;
+
+
+  error_page 401 =302 $redirection_url;
+
+
+  error_page 407 =302 $redirection_url;  
+
+
+  proxy_pass $forward_scheme://$server:$port;
+
+
+}  
--- a/pods/vpnstack/flaresolverr-server.container
+++ b/pods/vpnstack/flaresolverr-server.container
@@ -0,0 +1,20 @@
+[Unit]
+Description=FlareSolverr Quadlet, used to bypass Cloudflare protections.
+After=gluetun-server.service
+Requires=gluetun-server.service
+
+[Container]
+Image=ghcr.io/flaresolverr/flaresolverr:latest
+ContainerName=flaresolverr-server
+HostName=flaresolverr-server
+
+Environment=TimeZone=Europe/Copenhagen PGID=1000 PUID=1000
+
+Network=container:gluetun-server
+
+[Service]
+Restart=always
+TimeoutStartSec=900
+
+[Install]
+WantedBy=multi-user.target default.target
--- a/pods/vpnstack/vpnstack.network
+++ b/pods/vpnstack/vpnstack.network
--- a/pods/vpnstack/vpnstack.pod
+++ b/pods/vpnstack/vpnstack.pod
@@ -0,0 +1,15 @@
+# /Users/samue/Documents/quadlets/pods/vpnstack/vpnstack.pod
+[Unit]
+Description=VPN Stack Pod
+Wants=network-online.target
+After=network-online.target
+
+[Pod]
+# Name of the pod
+Name=vpnstack
+# Enable network for the pod
+Network=bridge
+
+[Service]
+# Restart policy for the pod
+Restart=always
--- a/rootless/convertx-server.container
+++ b/rootless/convertx-server.container
@@ -0,0 +1,17 @@
+# convertx-server.container
+[Unit]
+Description=A self-hosted online file converter. Supports over a thousand different formats.
+
+[Container]
+ContainerName=convertx-server
+Image=ghcr.io/c4illin/convertx:latest
+Environment=AUTO_DELETE_EVERY_N_HOURS=0
+PublishPort=3005:3000
+Volume=/home/samu/podman/convertx:/app/data:Z
+
+[Service]
+Restart=always
+TimeoutStartSec=1500
+
+[Install]
+WantedBy=multi-user.target default.target