Cavemanon/haproxy-protection
9
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to unix sockets for varnish<->haproxy comms

Browse Source 
Remove some cruft from old caching
This commit is contained in:
Thomas Lynch
2024-11-12 19:58:38 +11:00
parent 0d5e39cad1
commit f233c1f06d
3 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docker-compose.yml
View File

@@ -1,4 +1,5 @@
version: "3.9" version: "3.9"
services: services:
haproxy: haproxy:
@@ -8,6 +9,7 @@ services:
context: ./ context: ./
dockerfile: haproxy/Dockerfile dockerfile: haproxy/Dockerfile
volumes: volumes:
- shared-socket:/shared-sockets
- ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg - ./haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
#- ./haproxy/dataplaneapi.yml:/etc/haproxy/dataplaneapi.yml #- ./haproxy/dataplaneapi.yml:/etc/haproxy/dataplaneapi.yml
- ./haproxy/errors/:/etc/haproxy/errors/ - ./haproxy/errors/:/etc/haproxy/errors/
@@ -41,13 +43,6 @@ services:
- POW_TYPE=argon2 - POW_TYPE=argon2
- TOR_CONTROL_PORT_PASSWORD=changeme - TOR_CONTROL_PORT_PASSWORD=changeme
- USE_INTER_FONT=1 - USE_INTER_FONT=1
# tor:
# build:
# context: ./
# dockerfile: tor/Dockerfile
# volumes:
# - ./tor/hidden_service:/var/lib/tor/hidden_service # persists hs keys
nginx: nginx:
ports: ports:
@@ -64,5 +59,17 @@ services:
- VARNISH_SIZE=256M - VARNISH_SIZE=256M
- VARNISH_PORT=8083 - VARNISH_PORT=8083
volumes: volumes:
- shared-socket:/shared-sockets
- ./varnish/default.vcl:/etc/varnish/default.vcl - ./varnish/default.vcl:/etc/varnish/default.vcl
command: varnishd -F -a :$VARNISH_PORT -f /etc/varnish/default.vcl -s malloc,$VARNISH_SIZE command: varnishd -F -a /shared-sockets/haproxy-to-varnish-cache.sock -f /etc/varnish/default.vcl -s malloc,$VARNISH_SIZE
user: root
# tor:
# build:
# context: ./
# dockerfile: tor/Dockerfile
# volumes:
# - ./tor/hidden_service:/var/lib/tor/hidden_service # persists hs keys
volumes:
shared-socket:

14
haproxy/haproxy.cfg
View File

@@ -142,10 +142,6 @@ frontend http-in
#http-request lua.set-lang-json #http-request lua.set-lang-json
#http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode #http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
# simple example cache for files
http-request set-var(txn.path) path
acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
# optional alt-svc header (done after cache so not set in cached responses # optional alt-svc header (done after cache so not set in cached responses
acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}" acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
http-response set-header X-Server-CN "${HAPROXY_CONTINENT}" http-response set-header X-Server-CN "${HAPROXY_CONTINENT}"
@@ -153,16 +149,16 @@ frontend http-in
http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent
# varnish caching if available # varnish caching if available
acl varnish_available nbsrv(varnish) gt 0 acl varnish_available nbsrv(haproy-to-varnish-cache) gt 0
use_backend varnish if varnish_available use_backend haproy-to-varnish-cache if varnish_available
default_backend servers default_backend servers
frontend varnish-to-haproxy-internal frontend varnish-to-haproxy-internal
bind 127.0.0.1:8080 user root mode 666 bind unix@/shared-sockets/varnish-to-haproxy-internal.sock user root mode 666
default_backend servers default_backend servers
backend varnish backend haproy-to-varnish-cache
server CACHE 127.0.0.1:8083 check observe layer7 inter 1s server CACHE unix@/shared-sockets/haproxy-to-varnish-cache.sock check observe layer7 inter 1s
backend servers backend servers
balance leastconn balance leastconn

3
varnish/default.vcl
View File

@@ -3,8 +3,7 @@ import std;
# backend pointing to HAProxy # backend pointing to HAProxy
backend haproxy { backend haproxy {
.host = "127.0.0.1"; .path = "/shared-sockets/varnish-to-haproxy-internal.sock";
.port = "8080";
} }
acl purge_allowed { acl purge_allowed {