diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-02-26 10:20:42 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-02-26 10:23:09 +0100 |
commit | 8d3fb900d7f7973752a3512b159a1c0fed353fb7 (patch) | |
tree | 0c0741268120d746fc850c7e6a2abe7f63c86a7a /templates/default/kubernetes/stream-lb-cm.yml.j2 | |
parent | TLS hack (diff) |
stream loadbalander added (needs testing)
Diffstat (limited to 'templates/default/kubernetes/stream-lb-cm.yml.j2')
-rw-r--r-- | templates/default/kubernetes/stream-lb-cm.yml.j2 | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/templates/default/kubernetes/stream-lb-cm.yml.j2 b/templates/default/kubernetes/stream-lb-cm.yml.j2 new file mode 100644 index 0000000..6e1e40d --- /dev/null +++ b/templates/default/kubernetes/stream-lb-cm.yml.j2 @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ deploy.namespace }} + name: stream-lb-{{ deploy.stream }} + labels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} +data: + nginx.conf: | + worker_processes 4; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 768; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + upstream streamers { +{% for streamer in deploy.streamers %} + server localhost:{{ 10000 + loop.index }}; +{% endfor %} + } + + server { + listen {{ desc.streams[deploy.stream].port }} ssl default_server; + listen [::]:{{ desc.streams[deploy.stream].port }} ssl default_server; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_session_tickets off; + + ssl_certificate /srv/acme/fullchain; + ssl_certificate_key /srv/acme/privkey; + + server_name _; + + root /srv/www; + + location / { + proxy_pass http://streamers; + } + } + +{% for streamer in deploy.streamers %} + server { + listen localhost:{{ 10000 + loop.index }}; + + expires -1s; + add_header Cache-Control "no-store,must-revalidate,max-age=0"; + location / { + return 302 https://{{ streamer }}:{{ desc.streams[deploy.stream].port }}$request_uri; + } + } +{% endfor %} + } |