From e7ceb9684b56898f987b3077fb3e47fe581d6b97 Mon Sep 17 00:00:00 2001 From: deflax Date: Sun, 10 Oct 2021 14:05:08 +0000 Subject: [PATCH] route rtmp via haproxy --- config/lb/haproxy.cfg | 72 +++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 15 ++++++--- 2 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 config/lb/haproxy.cfg diff --git a/config/lb/haproxy.cfg b/config/lb/haproxy.cfg new file mode 100644 index 0000000..e354ab9 --- /dev/null +++ b/config/lb/haproxy.cfg @@ -0,0 +1,72 @@ +global + maxconn 4096 + user root + group root + daemon + + tune.ssl.default-dh-param 2048 + ssl-default-bind-options no-sslv3 no-tls-tickets + ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + +defaults + log global + mode http + balance roundrobin + maxconn 1024 + + option httpclose + option forwardfor + + retries 3 + option redispatch + + timeout client 30s + timeout connect 30s + timeout server 30s + + #option httpchk HEAD /haproxy?monitor HTTP/1.0 + #timeout check 5s + #stats enable + #stats uri /haproxy?stats + #stats realm Haproxy\ Statistics + #stats auth admin:yourpasswordhere + #stats refresh 5s + +frontend http + bind :80 + option http-server-close + redirect scheme https if ! { path_beg -i /.well-known/acme-challenge } + default_backend certbot + +frontend https + bind :443 ssl crt /certificates alpn http/1.1 + + # CORS + http-response set-header Access-Control-Allow-Origin "*" + http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId" + http-response set-header Access-Control-Max-Age 3628800 + http-response set-header Access-Control-Allow-Methods "GET" + + use_backend vod_web + +frontend rtmp + bind :1935 name rtmp + mode tcp + maxconn 600 + use_backend vod_rtmp + +backend certbot + server c1 certbot:80 + +backend vod_web + server rw1 rtmp:8080 check + +backend vod_rtmp + mode tcp + balance roundrobin + stick store-request src + stick-table type ip size 200k expire 20m + stick on src + source 0.0.0.0 usesrc clientip + server rr1 rtmp:1935 check maxconn 200 weight 10 + diff --git a/docker-compose.yml b/docker-compose.yml index 1b1f3f8..08a20c4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,6 +5,7 @@ services: ports: - "80:80" - "443:443" + - "1935:1935" volumes: - "./data/certificates:/certificates" - "./config/lb:/usr/local/etc/haproxy" @@ -34,12 +35,18 @@ services: rtmp: build: ./rtmp - ports: - - "1935:1935" - - "80:8080" - container_name: rtmp_server + container_name: rtmp + hostname: rtmp volumes: - "./data/rtmp/hls:/tmp/hls" + depends_on: + - "lb" + - "certbot" + restart: always + networks: + - internal + labels: + - meta.role=rtmp auth: build: ./auth