Fijxu/docker-compose-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-compose-configs/unused/haproxy-host.cfg

68 lines
2.1 KiB
INI
Raw Blame History

# Good info about TLS speeds: https://istlsfastyet.com/
global
# This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom
# maxconn 32768
# Tied to net.core.somaxconn kernel parameter
resolvers docker
# Without this, if a container crashes, haproxy will not be
# able to find where the recreated container is.
# Ref: https://stackoverflow.com/a/42135283
nameserver dns1 127.0.0.11:53
defaults
mode http
timeout client 30s
timeout connect 5s
timeout server 30s
http-reuse safe
option splice-auto
option tcp-smart-connect
# Prometheus for graphs
frontend prometheus
bind *:10000
mode http
http-request use-service prometheus-exporter if { path /metrics }
no log
frontend www
bind *:80
#bind *:443 ssl crt /certs/cert.pem alpn h2,http/1.1 allow-0rtt
bind *:443 ssl crt /certs/cert.pem alpn http/1.1
# https://docs.haproxy.org/3.0/configuration.html#4.2-tcp-request%20connection
# https://docs.haproxy.org/3.0/configuration.html#4.2-http-request
http-request deny if { src -f /etc/haproxy/denylist.txt }
filter bwlim-out video-streaming default-limit 5000k default-period 1s
# QUIC is not really needed for video streaming and it uses a lot of CPU.
# Ref: https://news.ycombinator.com/item?id=23585120
#bind quic4@:443 ssl crt /certs/cert.pem alpn h3 allow-0rtt
#http-after-response add-header alt-svc 'h3=":443"; ma=900'
# HAPROXY_EXVPP_HOST: The external video playback host
acl c hdr(host) -i "$COMPANION_HOST"
acl cc hdr(host) -i "$COMPANION_HOST":8443
acl h hdr(host) -i "$EXVPP_HOST"
acl hh hdr(host) -i "$EXVPP_HOST":8443
http-request set-bandwidth-limit video-streaming if h || hh
http-request redirect scheme https unless { ssl_fc }
acl health_check path /health
http-request return status 200 if health_check
acl videoplayback path_beg /videoplayback
use_backend http3-ytproxy if h || hh
use_backend companion if c || cc
backend http3-ytproxy
#server s1 gluetun:8080 resolvers docker init-addr libc,none
server s1 unix@/tmp/http-ytproxy.sock
backend companion
server s1 127.0.0.1:8081 check resolvers docker init-addr libc,none
Reference in a new issue View git blame Copy permalink