Merge pull request #2288 from DDS-Derek/main

Revert "feat: refactor docker http proxy"

Dockerfile

@@ -30,6 +30,7 @@ RUN apt-get update -y \
         busybox \
         dumb-init \
         jq \
+        haproxy \
         fuse3 \
         rsync \
         ffmpeg \
@@ -67,9 +68,8 @@ COPY . .
 RUN cp -f /app/nginx.conf /etc/nginx/nginx.template.conf \
     && cp -f /app/update /usr/local/bin/mp_update \
     && cp -f /app/entrypoint /entrypoint \
-    && cp -f /app/docker_http_proxy.conf /etc/nginx/docker_http_proxy.conf \
     && chmod +x /entrypoint /usr/local/bin/mp_update \
-    && mkdir -p ${HOME} \
+    && mkdir -p ${HOME} /var/lib/haproxy/server-state \
     && groupadd -r moviepilot -g 911 \
     && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 911 \
     && python_ver=$(python3 -V | awk '{print $2}') \

docker_http_proxy.conf

@@ -1,43 +0,0 @@
-worker_processes 1;
-user root;
-daemon on;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-    upstream docker {
-        server unix:/var/run/docker.sock fail_timeout=0;
-    }
-    server {
-        listen 38379;
-        server_name localhost;
- 
-        access_log /dev/stdout combined;
-        error_log /dev/stdout;
- 
-        location / {
-            proxy_pass http://docker;
-            proxy_redirect off;
- 
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- 
-            client_max_body_size 10m;
-            client_body_buffer_size 128k;
- 
-            proxy_connect_timeout 90;
-            proxy_send_timeout 120;
-            proxy_read_timeout 120;
- 
-            proxy_buffer_size 4k;
-            proxy_buffers 4 32k;
-            proxy_busy_buffers_size 64k;
-            proxy_temp_file_write_size 64k;
-        }
-    }
-}

entrypoint

@@ -24,9 +24,9 @@ chown moviepilot:moviepilot /etc/hosts /tmp
 gosu moviepilot:moviepilot playwright install chromium
 # 启动前端nginx服务
 nginx
-# 启动docker http proxy nginx
+# 启动haproxy
 if [ -S "/var/run/docker.sock" ]; then
-    nginx -c /etc/nginx/docker_http_proxy.conf
+    haproxy -f /app/haproxy.cfg
 fi
 # 设置后端服务权限掩码
 umask "${UMASK}"

haproxy.cfg

@@ -0,0 +1,60 @@
+global
+    log stdout format raw daemon info
+
+    user root
+    group root
+
+    daemon
+
+    pidfile /run/haproxy.pid
+    maxconn 4000
+
+    # Turn on stats unix socket
+    server-state-file /var/lib/haproxy/server-state
+
+    setenv POST 1
+    setenv ALLOW_RESTARTS 1
+    setenv CONTAINERS 1
+    setenv VERSION 1
+
+defaults
+    mode http
+    log global
+    option httplog
+    option dontlognull
+    option http-server-close
+    option redispatch
+    retries 3
+    timeout http-request 10s
+    timeout queue 1m
+    timeout connect 10s
+    timeout client 10m
+    timeout server 10m
+    timeout http-keep-alive 10s
+    timeout check 10s
+    maxconn 3000
+
+    # Allow seamless reloads
+    load-server-state-from-file global
+
+    # Use provided example error pages
+    errorfile 400 /etc/haproxy/errors/400.http
+    errorfile 403 /etc/haproxy/errors/403.http
+    errorfile 408 /etc/haproxy/errors/408.http
+    errorfile 500 /etc/haproxy/errors/500.http
+    errorfile 502 /etc/haproxy/errors/502.http
+    errorfile 503 /etc/haproxy/errors/503.http
+    errorfile 504 /etc/haproxy/errors/504.http
+
+backend dockerbackend
+    server dockersocket /var/run/docker.sock
+
+frontend dockerfrontend
+    bind :38379
+    http-request deny unless METH_GET || { env(POST) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool }
+    http-request deny
+    default_backend dockerbackend
+