fix(#8166): Update tune.bufsize and remove rsyslog from haproxy image (…

…#8170) Adds following haproxy and container changes: - lowers maxconn to 60000 - removes rsyslog - lowers tune.buffsize to 2x default value - adds max 1G memory limit to haproxy container in docker-compose template #8166
medic · May 10, 2023 · 534f126 · 534f126
1 parent deb0a21
commit 534f126
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 63 deletions.
diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
@@ -1,14 +1,12 @@
 FROM haproxy:2.6
 
 USER root
-RUN apt-get update && apt-get install rsyslog luarocks gettext jq curl -y
+RUN apt-get update && apt-get install luarocks gettext jq curl -y
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
 ADD default_frontend.cfg /usr/local/etc/haproxy
 ADD backend.cfg.template /usr/local/etc/haproxy
-ADD rsyslog.conf /etc/rsyslog.conf
 COPY scripts /usr/local/etc/haproxy/
 
 ENTRYPOINT ["/entrypoint.sh"]
-CMD ["haproxy", "-f", "/usr/local/etc/haproxy/default_frontend.cfg", "-f", "/usr/local/etc/haproxy/backend.cfg"]
diff --git a/haproxy/default_frontend.cfg b/haproxy/default_frontend.cfg
@@ -1,28 +1,12 @@
-# Setting `log` here with the address of 127.0.0.1 will have the effect
-# of haproxy sending the udp log messages to its own rsyslog instance
-# (which sits at `127.0.0.1`) at the `local0` facility including all
-# logs that have a priority greater or equal to the specified log level
-# log 127.0.0.1 local0 warning
 global
-  maxconn 150000
+  maxconn 60000
   spread-checks 5
   lua-load-per-thread /usr/local/etc/haproxy/parse_basic.lua
   lua-load-per-thread /usr/local/etc/haproxy/parse_cookie.lua
   lua-load-per-thread /usr/local/etc/haproxy/replace_password.lua
   log stdout len 65535 local2 debug
-  tune.bufsize 1638400
-  tune.http.maxhdr 1010
-
-# https://www.haproxy.com/documentation/hapee/latest/onepage/#3.2-tune.bufsize
-# At least the global maxconn
-# parameter should be decreased by the same factor as this one is increased. If an
-# HTTP request is larger than (tune.bufsize - tune.maxrewrite), HAProxy will
-# return HTTP 400 (Bad Request) error. Similarly if an HTTP response is larger
-# than this size, HAProxy will return HTTP 502 (Bad Gateway).
-
-# https://www.haproxy.com/documentation/hapee/latest/onepage/#3.2-tune.http.maxhdr
-# Similarly, too large responses
-# are blocked with "502 Bad Gateway".
+  tune.bufsize 32768
+  tune.buffers.limit 60000
 
 defaults
   mode http

diff --git a/haproxy/entrypoint.sh b/haproxy/entrypoint.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 
 set -e
-# Make sure service is running
-service rsyslog start
 
 DEFAULT="/usr/local/etc/haproxy/default_frontend.cfg"
 BACKEND="/usr/local/etc/haproxy/backend.cfg"
@@ -24,4 +22,4 @@ echo $COUCHDB_USER > /srv/storage/haproxy/passwd/username
 echo $COUCHDB_PASSWORD > /srv/storage/haproxy/passwd/admin
 
 # Start haproxy
-exec /usr/local/bin/docker-entrypoint.sh "$@"
+exec /usr/local/bin/docker-entrypoint.sh -f $DEFAULT -f $BACKEND
diff --git a/haproxy/rsyslog.conf b/haproxy/rsyslog.conf
diff --git a/scripts/build/cht-core.yml.template b/scripts/build/cht-core.yml.template
@@ -19,6 +19,10 @@ services:
         max-file: "${LOG_MAX_FILES:-20}"
     networks:
        - cht-net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
     expose:
       - ${HAPROXY_PORT:-5984}