From 48a860bfd4a000388d6b1d534e7c2fe92c333b9d Mon Sep 17 00:00:00 2001 From: DDSRem <73049927+DDSRem@users.noreply.github.com> Date: Fri, 7 Jun 2024 11:08:41 +0800 Subject: [PATCH] feat: refactor docker http proxy --- Dockerfile | 4 +-- docker_http_proxy.conf | 43 ++++++++++++++++++++++++++++++ entrypoint | 4 +-- haproxy.cfg | 60 ------------------------------------------ 4 files changed, 47 insertions(+), 64 deletions(-) create mode 100644 docker_http_proxy.conf delete mode 100644 haproxy.cfg diff --git a/Dockerfile b/Dockerfile index c549c3362..0d08d020e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,6 @@ RUN apt-get update -y \ busybox \ dumb-init \ jq \ - haproxy \ fuse3 \ rsync \ ffmpeg \ @@ -68,8 +67,9 @@ COPY . . RUN cp -f /app/nginx.conf /etc/nginx/nginx.template.conf \ && cp -f /app/update /usr/local/bin/mp_update \ && cp -f /app/entrypoint /entrypoint \ + && cp -f /app/docker_http_proxy.conf /etc/nginx/docker_http_proxy.conf \ && chmod +x /entrypoint /usr/local/bin/mp_update \ - && mkdir -p ${HOME} /var/lib/haproxy/server-state \ + && mkdir -p ${HOME} \ && groupadd -r moviepilot -g 911 \ && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 911 \ && python_ver=$(python3 -V | awk '{print $2}') \ diff --git a/docker_http_proxy.conf b/docker_http_proxy.conf new file mode 100644 index 000000000..0ea788ad8 --- /dev/null +++ b/docker_http_proxy.conf @@ -0,0 +1,43 @@ +worker_processes 1; +user root; +daemon on; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + upstream docker { + server unix:/var/run/docker.sock fail_timeout=0; + } + server { + listen 38379; + server_name localhost; + + access_log /dev/stdout combined; + error_log /dev/stdout; + + location / { + proxy_pass http://docker; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + client_max_body_size 10m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 120; + proxy_read_timeout 120; + + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + } + } +} diff --git a/entrypoint b/entrypoint index 0e1eb761e..7b8107e74 100644 --- a/entrypoint +++ b/entrypoint @@ -24,9 +24,9 @@ chown moviepilot:moviepilot /etc/hosts /tmp gosu moviepilot:moviepilot playwright install chromium # 启动前端nginx服务 nginx -# 启动haproxy +# 启动docker http proxy nginx if [ -S "/var/run/docker.sock" ]; then - haproxy -f /app/haproxy.cfg + nginx -c /etc/nginx/docker_http_proxy.conf fi # 设置后端服务权限掩码 umask "${UMASK}" diff --git a/haproxy.cfg b/haproxy.cfg deleted file mode 100644 index e69adebc4..000000000 --- a/haproxy.cfg +++ /dev/null @@ -1,60 +0,0 @@ -global - log stdout format raw daemon info - - user root - group root - - daemon - - pidfile /run/haproxy.pid - maxconn 4000 - - # Turn on stats unix socket - server-state-file /var/lib/haproxy/server-state - - setenv POST 1 - setenv ALLOW_RESTARTS 1 - setenv CONTAINERS 1 - setenv VERSION 1 - -defaults - mode http - log global - option httplog - option dontlognull - option http-server-close - option redispatch - retries 3 - timeout http-request 10s - timeout queue 1m - timeout connect 10s - timeout client 10m - timeout server 10m - timeout http-keep-alive 10s - timeout check 10s - maxconn 3000 - - # Allow seamless reloads - load-server-state-from-file global - - # Use provided example error pages - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - -backend dockerbackend - server dockersocket /var/run/docker.sock - -frontend dockerfrontend - bind :38379 - http-request deny unless METH_GET || { env(POST) -m bool } - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool } - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool } - http-request deny - default_backend dockerbackend -