From 534f126f4cff8d5f2500d5477cfd6f490ebd115a Mon Sep 17 00:00:00 2001
From: Diana Barsan <35681649+dianabarsan@users.noreply.github.com>
Date: Wed, 10 May 2023 07:54:35 +0300
Subject: [PATCH] fix(#8166): Update tune.bufsize and remove rsyslog from
 haproxy image (#8170)

Adds following haproxy and container changes:
- lowers maxconn to 60000
- removes rsyslog
- lowers tune.buffsize to 2x default value
- adds max 1G memory limit to haproxy container in docker-compose template

#8166
---
 haproxy/Dockerfile                  |  4 +--
 haproxy/default_frontend.cfg        | 22 +++--------------
 haproxy/entrypoint.sh               |  4 +--
 haproxy/rsyslog.conf                | 38 -----------------------------
 scripts/build/cht-core.yml.template |  4 +++
 5 files changed, 9 insertions(+), 63 deletions(-)
 delete mode 100644 haproxy/rsyslog.conf

diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile
index eb10ccee6da..3f7e71f9571 100644
--- a/haproxy/Dockerfile
+++ b/haproxy/Dockerfile
@@ -1,14 +1,12 @@
 FROM haproxy:2.6
 
 USER root
-RUN apt-get update && apt-get install rsyslog luarocks gettext jq curl -y
+RUN apt-get update && apt-get install luarocks gettext jq curl -y
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
 ADD default_frontend.cfg /usr/local/etc/haproxy
 ADD backend.cfg.template /usr/local/etc/haproxy
-ADD rsyslog.conf /etc/rsyslog.conf
 COPY scripts /usr/local/etc/haproxy/
 
 ENTRYPOINT ["/entrypoint.sh"]
-CMD ["haproxy", "-f", "/usr/local/etc/haproxy/default_frontend.cfg", "-f", "/usr/local/etc/haproxy/backend.cfg"]
diff --git a/haproxy/default_frontend.cfg b/haproxy/default_frontend.cfg
index f450105b7cb..34354dbc4da 100644
--- a/haproxy/default_frontend.cfg
+++ b/haproxy/default_frontend.cfg
@@ -1,28 +1,12 @@
-# Setting `log` here with the address of 127.0.0.1 will have the effect
-# of haproxy sending the udp log messages to its own rsyslog instance
-# (which sits at `127.0.0.1`) at the `local0` facility including all
-# logs that have a priority greater or equal to the specified log level
-# log 127.0.0.1 local0 warning
 global
-  maxconn 150000
+  maxconn 60000
   spread-checks 5
   lua-load-per-thread /usr/local/etc/haproxy/parse_basic.lua
   lua-load-per-thread /usr/local/etc/haproxy/parse_cookie.lua
   lua-load-per-thread /usr/local/etc/haproxy/replace_password.lua
   log stdout len 65535 local2 debug
-  tune.bufsize 1638400
-  tune.http.maxhdr 1010
-
-# https://www.haproxy.com/documentation/hapee/latest/onepage/#3.2-tune.bufsize
-# At least the global maxconn
-# parameter should be decreased by the same factor as this one is increased. If an
-# HTTP request is larger than (tune.bufsize - tune.maxrewrite), HAProxy will
-# return HTTP 400 (Bad Request) error. Similarly if an HTTP response is larger
-# than this size, HAProxy will return HTTP 502 (Bad Gateway).
-
-# https://www.haproxy.com/documentation/hapee/latest/onepage/#3.2-tune.http.maxhdr
-# Similarly, too large responses
-# are blocked with "502 Bad Gateway".
+  tune.bufsize 32768
+  tune.buffers.limit 60000
 
 defaults
   mode http
diff --git a/haproxy/entrypoint.sh b/haproxy/entrypoint.sh
index 27e76483d4b..46c32d6115b 100644
--- a/haproxy/entrypoint.sh
+++ b/haproxy/entrypoint.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 
 set -e
-# Make sure service is running
-service rsyslog start
 
 DEFAULT="/usr/local/etc/haproxy/default_frontend.cfg"
 BACKEND="/usr/local/etc/haproxy/backend.cfg"
@@ -24,4 +22,4 @@ echo $COUCHDB_USER > /srv/storage/haproxy/passwd/username
 echo $COUCHDB_PASSWORD > /srv/storage/haproxy/passwd/admin
 
 # Start haproxy
-exec /usr/local/bin/docker-entrypoint.sh "$@"
+exec /usr/local/bin/docker-entrypoint.sh -f $DEFAULT -f $BACKEND
diff --git a/haproxy/rsyslog.conf b/haproxy/rsyslog.conf
deleted file mode 100644
index 9bffb231ad7..00000000000
--- a/haproxy/rsyslog.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-module(load="imuxsock") # provides support for local system logging
-
-module(load="imudp")
-input(type="imudp" port="514")
-
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-$WorkDirectory /var/spool/rsyslog
-
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-auth,authpriv.*         /var/log/auth.log
-*.*;auth,authpriv.none      -/var/log/syslog
-daemon.*            -/var/log/daemon.log
-kern.*              -/var/log/kern.log
-lpr.*               -/var/log/lpr.log
-mail.*              -/var/log/mail.log
-user.*              -/var/log/user.log
-
-mail.info           -/var/log/mail.info
-mail.warn           -/var/log/mail.warn
-mail.err            /var/log/mail.err
-
-*.=debug;\
-    auth,authpriv.none;\
-    news.none;mail.none -/var/log/debug
-*.=info;*.=notice;*.=warn;\
-    auth,authpriv.none;\
-    cron,daemon.none;\
-    mail,news.none      -/var/log/messages
-
-*.emerg             :omusrmsg:*
diff --git a/scripts/build/cht-core.yml.template b/scripts/build/cht-core.yml.template
index 9fe5cc6eb7f..2f5b065890d 100644
--- a/scripts/build/cht-core.yml.template
+++ b/scripts/build/cht-core.yml.template
@@ -19,6 +19,10 @@ services:
         max-file: "${LOG_MAX_FILES:-20}"
     networks:
        - cht-net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
     expose:
       - ${HAPROXY_PORT:-5984}