route rtmp via haproxy

This commit is contained in:
deflax 2021-10-10 14:05:08 +00:00
parent c214444a9b
commit e7ceb9684b
2 changed files with 83 additions and 4 deletions

72
config/lb/haproxy.cfg Normal file
View file

@ -0,0 +1,72 @@
global
maxconn 4096
user root
group root
daemon
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
log global
mode http
balance roundrobin
maxconn 1024
option httpclose
option forwardfor
retries 3
option redispatch
timeout client 30s
timeout connect 30s
timeout server 30s
#option httpchk HEAD /haproxy?monitor HTTP/1.0
#timeout check 5s
#stats enable
#stats uri /haproxy?stats
#stats realm Haproxy\ Statistics
#stats auth admin:yourpasswordhere
#stats refresh 5s
frontend http
bind :80
option http-server-close
redirect scheme https if ! { path_beg -i /.well-known/acme-challenge }
default_backend certbot
frontend https
bind :443 ssl crt /certificates alpn http/1.1
# CORS
http-response set-header Access-Control-Allow-Origin "*"
http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
http-response set-header Access-Control-Max-Age 3628800
http-response set-header Access-Control-Allow-Methods "GET"
use_backend vod_web
frontend rtmp
bind :1935 name rtmp
mode tcp
maxconn 600
use_backend vod_rtmp
backend certbot
server c1 certbot:80
backend vod_web
server rw1 rtmp:8080 check
backend vod_rtmp
mode tcp
balance roundrobin
stick store-request src
stick-table type ip size 200k expire 20m
stick on src
source 0.0.0.0 usesrc clientip
server rr1 rtmp:1935 check maxconn 200 weight 10

View file

@ -5,6 +5,7 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "1935:1935"
volumes: volumes:
- "./data/certificates:/certificates" - "./data/certificates:/certificates"
- "./config/lb:/usr/local/etc/haproxy" - "./config/lb:/usr/local/etc/haproxy"
@ -34,12 +35,18 @@ services:
rtmp: rtmp:
build: ./rtmp build: ./rtmp
ports: container_name: rtmp
- "1935:1935" hostname: rtmp
- "80:8080"
container_name: rtmp_server
volumes: volumes:
- "./data/rtmp/hls:/tmp/hls" - "./data/rtmp/hls:/tmp/hls"
depends_on:
- "lb"
- "certbot"
restart: always
networks:
- internal
labels:
- meta.role=rtmp
auth: auth:
build: ./auth build: ./auth