Fijxu/docker-compose-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-compose-configs/haproxy.cfg
Fijxu 9940e4c01e
Use static ip addresses for containers and centralize the proxy components in a single file. 
I had to use static ip addresses here due to a very anoying NGINX
behavior which is: `nginx: [emerg] host not found in upstream
"companion:8081" in /etc/nginx/nginx.conf:17`

NIGNX will NOT start if it can't find the container IP address from the
Docker DNS resolver 127.0.0.11 which is pretty fucking anoying. Thanks
nginx dev for that stupid design.
2025-03-13 19:40:36 -03:00

73 lines
2.4 KiB
INI
Raw Blame History

# Good info about TLS speeds: https://istlsfastyet.com/
global
# This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom
# maxconn 32768
# Tied to net.core.somaxconn kernel parameter
resolvers docker
# Without this, if a container crashes, haproxy will not be
# able to find where the recreated container is.
# Ref: https://stackoverflow.com/a/42135283
nameserver dns1 127.0.0.11:53
defaults
mode http
timeout client 30s
timeout connect 5s
timeout server 30s
http-reuse safe
option splice-auto
option tcp-smart-connect
# Prometheus for graphs
frontend prometheus
bind *:10000
mode http
http-request use-service prometheus-exporter if { path /metrics }
no log
frontend www
bind *:80
# bind *:443 ssl crt /certs/cert.pem alpn h2,http/1.1 allow-0rtt
# Restrict to HTTP/1.1 since HTTP/2 is not useful for DASH video streaming.
# HTTP/1.1 also uses a fairly low ammount of CPU compared to HTTP/2.
# HTTP/2 is useful for requesting a lot of files at the same time, but
# for DASH video streaming you download the video in a synchronously way,
# making HTTP/2 useless for it.
bind *:443 ssl crt /certs/cert.pem alpn http/1.1
# https://docs.haproxy.org/3.0/configuration.html#4.2-tcp-request%20connection
# https://docs.haproxy.org/3.0/configuration.html#4.2-http-request
http-request deny if { src -f /etc/haproxy/denylist.txt }
filter bwlim-out video-streaming default-limit 5000k default-period 1s
# QUIC is not really needed for video streaming and it uses a lot of CPU.
# Ref: https://news.ycombinator.com/item?id=23585120
#bind quic4@:443 ssl crt /certs/cert.pem alpn h3 allow-0rtt
#http-after-response add-header alt-svc 'h3=":443"; ma=900'
# HAPROXY_EXVPP_HOST: The external video playback host
acl c hdr(host) -i "$COMPANION_HOST"
acl cc hdr(host) -i "$COMPANION_HOST":8443
acl h hdr(host) -i "$EXVPP_HOST"
acl hh hdr(host) -i "$EXVPP_HOST":8443
http-request set-bandwidth-limit video-streaming if h || hh
http-request redirect scheme https unless { ssl_fc }
acl health_check path /health
http-request return status 200 if health_check
acl videoplayback path_beg /videoplayback
use_backend http3-ytproxy if h || hh
use_backend companion if c || cc
backend http3-ytproxy
#server s1 gluetun:8080 resolvers docker init-addr libc,none
server s1 unix@/tmp/http-ytproxy.sock
backend companion
server s1 172.50.0.3:8081 check resolvers docker init-addr libc,none
Reference in a new issue View git blame Copy permalink