route rtmp via haproxy

2021-10-10 14:05:08 +00:00 · 2021-10-10 14:05:08 +00:00 · e7ceb9684b
commit e7ceb9684b
parent c214444a9b
2 changed files with 83 additions and 4 deletions
--- a/config/lb/haproxy.cfg
+++ b/config/lb/haproxy.cfg
@ -0,0 +1,72 @@
+global
+    maxconn 4096
+    user root
+    group root
+    daemon
+
+    tune.ssl.default-dh-param       2048
+    ssl-default-bind-options no-sslv3 no-tls-tickets
+    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+defaults
+    log global
+    mode http
+    balance roundrobin
+    maxconn 1024
+
+    option httpclose
+    option forwardfor
+
+    retries 3
+    option redispatch
+
+    timeout client  30s
+    timeout connect 30s
+    timeout server  30s
+
+    #option httpchk HEAD /haproxy?monitor HTTP/1.0
+    #timeout check 5s
+    #stats enable
+    #stats uri     /haproxy?stats
+    #stats realm   Haproxy\ Statistics
+    #stats auth    admin:yourpasswordhere
+    #stats refresh 5s
+
+frontend http
+    bind :80
+    option http-server-close
+    redirect scheme https if ! { path_beg -i /.well-known/acme-challenge }
+    default_backend certbot
+
+frontend https
+    bind :443 ssl crt /certificates alpn http/1.1
+
+    # CORS
+    http-response set-header Access-Control-Allow-Origin "*"
+    http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
+    http-response set-header Access-Control-Max-Age 3628800
+    http-response set-header Access-Control-Allow-Methods "GET"
+
+    use_backend vod_web
+
+frontend rtmp
+    bind :1935 name rtmp
+    mode tcp
+    maxconn 600
+    use_backend vod_rtmp
+
+backend certbot
+    server c1 certbot:80
+
+backend vod_web
+    server rw1 rtmp:8080 check
+
+backend vod_rtmp
+    mode tcp
+    balance roundrobin
+    stick store-request src
+    stick-table type ip size 200k expire 20m
+    stick on src
+    source 0.0.0.0 usesrc clientip
+    server rr1 rtmp:1935 check maxconn 200 weight 10
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,6 +5,7 @@ services:
    ports:
      - "80:80"
      - "443:443"
+      - "1935:1935"
    volumes:
      - "./data/certificates:/certificates"
      - "./config/lb:/usr/local/etc/haproxy"
@ -34,12 +35,18 @@ services:

  rtmp:
    build: ./rtmp
-    ports:
-      - "1935:1935"
-      - "80:8080"
-    container_name: rtmp_server
+    container_name: rtmp
+    hostname: rtmp
    volumes:
      - "./data/rtmp/hls:/tmp/hls"
+    depends_on:
+      - "lb"
+      - "certbot"
+    restart: always
+    networks:
+      - internal
+    labels:
+      - meta.role=rtmp

  auth:
    build: ./auth