summaryrefslogtreecommitdiff
path: root/templates/default/kubernetes/stream-lb-cm.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'templates/default/kubernetes/stream-lb-cm.yml.j2')
-rw-r--r--templates/default/kubernetes/stream-lb-cm.yml.j276
1 files changed, 76 insertions, 0 deletions
diff --git a/templates/default/kubernetes/stream-lb-cm.yml.j2 b/templates/default/kubernetes/stream-lb-cm.yml.j2
new file mode 100644
index 0000000..6e1e40d
--- /dev/null
+++ b/templates/default/kubernetes/stream-lb-cm.yml.j2
@@ -0,0 +1,76 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ deploy.namespace }}
+ name: stream-lb-{{ deploy.stream }}
+ labels:
+ app: nginx
+ type: stream-lb
+ stream: {{ deploy.stream }}
+data:
+ nginx.conf: |
+ worker_processes 4;
+ pid /srv/nginx.pid;
+ error_log /dev/stderr notice;
+
+ events {
+ worker_connections 768;
+ # multi_accept on;
+ }
+
+ http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ server_names_hash_bucket_size 64;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ access_log /dev/null;
+
+ upstream streamers {
+{% for streamer in deploy.streamers %}
+ server localhost:{{ 10000 + loop.index }};
+{% endfor %}
+ }
+
+ server {
+ listen {{ desc.streams[deploy.stream].port }} ssl default_server;
+ listen [::]:{{ desc.streams[deploy.stream].port }} ssl default_server;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+ ssl_session_tickets off;
+
+ ssl_certificate /srv/acme/fullchain;
+ ssl_certificate_key /srv/acme/privkey;
+
+ server_name _;
+
+ root /srv/www;
+
+ location / {
+ proxy_pass http://streamers;
+ }
+ }
+
+{% for streamer in deploy.streamers %}
+ server {
+ listen localhost:{{ 10000 + loop.index }};
+
+ expires -1s;
+ add_header Cache-Control "no-store,must-revalidate,max-age=0";
+ location / {
+ return 302 https://{{ streamer }}:{{ desc.streams[deploy.stream].port }}$request_uri;
+ }
+ }
+{% endfor %}
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-15 21:51:50 +0000