route rtmp via haproxy

config/lb/haproxy.cfg

@@ -0,0 +1,72 @@
+global
+    maxconn 4096
+    user root
+    group root
+    daemon
+
+    tune.ssl.default-dh-param       2048
+    ssl-default-bind-options no-sslv3 no-tls-tickets
+    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+defaults
+    log global
+    mode http
+    balance roundrobin
+    maxconn 1024
+
+    option httpclose
+    option forwardfor
+
+    retries 3
+    option redispatch
+
+    timeout client  30s
+    timeout connect 30s
+    timeout server  30s
+
+    #option httpchk HEAD /haproxy?monitor HTTP/1.0
+    #timeout check 5s
+    #stats enable
+    #stats uri     /haproxy?stats
+    #stats realm   Haproxy\ Statistics
+    #stats auth    admin:yourpasswordhere
+    #stats refresh 5s
+
+frontend http
+    bind :80
+    option http-server-close
+    redirect scheme https if ! { path_beg -i /.well-known/acme-challenge }
+    default_backend certbot
+
+frontend https
+    bind :443 ssl crt /certificates alpn http/1.1
+
+    # CORS
+    http-response set-header Access-Control-Allow-Origin "*"
+    http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
+    http-response set-header Access-Control-Max-Age 3628800
+    http-response set-header Access-Control-Allow-Methods "GET"
+
+    use_backend vod_web
+
+frontend rtmp
+    bind :1935 name rtmp
+    mode tcp
+    maxconn 600
+    use_backend vod_rtmp
+
+backend certbot
+    server c1 certbot:80
+
+backend vod_web
+    server rw1 rtmp:8080 check
+
+backend vod_rtmp
+    mode tcp
+    balance roundrobin
+    stick store-request src
+    stick-table type ip size 200k expire 20m
+    stick on src
+    source 0.0.0.0 usesrc clientip
+    server rr1 rtmp:1935 check maxconn 200 weight 10
+

docker-compose.yml

@@ -5,6 +5,7 @@ services:
     ports:
       - "80:80"
       - "443:443"
+      - "1935:1935"
     volumes:
       - "./data/certificates:/certificates"
       - "./config/lb:/usr/local/etc/haproxy"
@@ -34,12 +35,18 @@ services:
 
   rtmp:
     build: ./rtmp
-    ports:
+    container_name: rtmp
-      - "1935:1935"
+    hostname: rtmp
-      - "80:8080"
-    container_name: rtmp_server
     volumes:
       - "./data/rtmp/hls:/tmp/hls"
+    depends_on:
+      - "lb"
+      - "certbot"
+    restart: always
+    networks:
+      - internal
+    labels:
+      - meta.role=rtmp
 
   auth:
     build: ./auth