69 lines
2.4 KiB
INI
69 lines
2.4 KiB
INI
# Good info about TLS speeds: https://istlsfastyet.com/
|
|
|
|
global
|
|
# This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom
|
|
# maxconn 32768
|
|
# Tied to net.core.somaxconn kernel parameter
|
|
|
|
resolvers docker
|
|
# Without this, if a container crashes, haproxy will not be
|
|
# able to find where the recreated container is.
|
|
# Ref: https://stackoverflow.com/a/42135283
|
|
nameserver dns1 127.0.0.11:53
|
|
|
|
defaults
|
|
mode http
|
|
timeout client 30s
|
|
timeout connect 5s
|
|
timeout server 30s
|
|
http-reuse safe
|
|
option splice-auto
|
|
option tcp-smart-connect
|
|
|
|
# Prometheus for graphs
|
|
frontend prometheus
|
|
bind *:10000
|
|
mode http
|
|
http-request use-service prometheus-exporter if { path /metrics }
|
|
no log
|
|
|
|
frontend www
|
|
bind *:80
|
|
# bind *:443 ssl crt /certs/cert.pem alpn h2,http/1.1 allow-0rtt
|
|
# Restrict to HTTP/1.1 since HTTP/2 is not useful for DASH video streaming.
|
|
# HTTP/1.1 also uses a fairly low ammount of CPU compared to HTTP/2.
|
|
# HTTP/2 is useful for requesting a lot of files at the same time, but
|
|
# for DASH video streaming you download the video in a synchronously way,
|
|
# making HTTP/2 useless for it.
|
|
bind *:443 ssl crt /certs/cert.pem alpn http/1.1
|
|
|
|
# https://docs.haproxy.org/3.0/configuration.html#4.2-tcp-request%20connection
|
|
# https://docs.haproxy.org/3.0/configuration.html#4.2-http-request
|
|
http-request deny if { src -f /etc/haproxy/denylist.txt }
|
|
|
|
filter bwlim-out video-streaming default-limit 5000k default-period 1s
|
|
# QUIC is not really needed for video streaming and it uses a lot of CPU.
|
|
# Ref: https://news.ycombinator.com/item?id=23585120
|
|
#bind quic4@:443 ssl crt /certs/cert.pem alpn h3 allow-0rtt
|
|
#http-after-response add-header alt-svc 'h3=":443"; ma=900'
|
|
|
|
# HAPROXY_EXVPP_HOST: The external video playback host
|
|
# acl c hdr(host) -i "$COMPANION_HOST"
|
|
# acl cc hdr(host) -i "$COMPANION_HOST":8443
|
|
# acl h hdr(host) -i "$EXVPP_HOST"
|
|
# acl hh hdr(host) -i "$EXVPP_HOST":8443
|
|
|
|
http-request set-bandwidth-limit video-streaming
|
|
|
|
acl health_check path /health
|
|
http-request return status 200 if health_check
|
|
|
|
use_backend http3-ytproxy if { path_beg /videoplayback } || { path /metrics_ytproxy }
|
|
default_backend companion
|
|
|
|
backend http3-ytproxy
|
|
http-request set-path /metrics if { path /metrics_ytproxy }
|
|
server s1 unix@/tmp/http-ytproxy.sock
|
|
|
|
backend companion
|
|
server s1 gluetun:8081 check resolvers docker init-addr libc,none
|