feat: refactor docker http proxy

.github/workflows/build.yml

@@ -46,8 +46,6 @@ jobs:
             linux/amd64
             linux/arm64/v8
           push: true
-          build-args: |
-            MOVIEPILOT_VERSION=${{ env.app_version }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha, scope=${{ github.workflow }}-docker

Dockerfile

@@ -1,5 +1,4 @@
 FROM python:3.11.4-slim-bookworm
-ARG MOVIEPILOT_VERSION
 ENV LANG="C.UTF-8" \
     TZ="Asia/Shanghai" \
     HOME="/moviepilot" \
@@ -30,7 +29,6 @@ RUN apt-get update -y \
         busybox \
         dumb-init \
         jq \
-        haproxy \
         fuse3 \
         rsync \
         ffmpeg \
@@ -68,10 +66,11 @@ COPY . .
 RUN cp -f /app/nginx.conf /etc/nginx/nginx.template.conf \
     && cp -f /app/update /usr/local/bin/mp_update \
     && cp -f /app/entrypoint /entrypoint \
+    && cp -f /app/docker_http_proxy.conf /etc/nginx/docker_http_proxy.conf \
     && chmod +x /entrypoint /usr/local/bin/mp_update \
-    && mkdir -p ${HOME} /var/lib/haproxy/server-state \
-    && groupadd -r moviepilot -g 911 \
-    && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 911 \
+    && mkdir -p ${HOME} \
+    && groupadd -r moviepilot -g 918 \
+    && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 918 \
     && python_ver=$(python3 -V | awk '{print $2}') \
     && echo "/app/" > /usr/local/lib/python${python_ver%.*}/site-packages/app.pth \
     && echo 'fs.inotify.max_user_watches=5242880' >> /etc/sysctl.conf \

docker_http_proxy.conf

@@ -0,0 +1,43 @@
+worker_processes 1;
+user root;
+daemon on;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    upstream docker {
+        server unix:/var/run/docker.sock fail_timeout=0;
+    }
+    server {
+        listen 38379;
+        server_name localhost;
+ 
+        access_log /dev/stdout combined;
+        error_log /dev/stdout;
+ 
+        location / {
+            proxy_pass http://docker;
+            proxy_redirect off;
+ 
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ 
+            client_max_body_size 10m;
+            client_body_buffer_size 128k;
+ 
+            proxy_connect_timeout 90;
+            proxy_send_timeout 120;
+            proxy_read_timeout 120;
+ 
+            proxy_buffer_size 4k;
+            proxy_buffers 4 32k;
+            proxy_busy_buffers_size 64k;
+            proxy_temp_file_write_size 64k;
+        }
+    }
+}

entrypoint

@@ -24,9 +24,9 @@ chown moviepilot:moviepilot /etc/hosts /tmp
 gosu moviepilot:moviepilot playwright install chromium
 # 启动前端nginx服务
 nginx
-# 启动haproxy
+# 启动docker http proxy nginx
 if [ -S "/var/run/docker.sock" ]; then
-    haproxy -f /app/haproxy.cfg
+    nginx -c /etc/nginx/docker_http_proxy.conf
 fi
 # 设置后端服务权限掩码
 umask "${UMASK}"

haproxy.cfg

@@ -1,60 +0,0 @@
-global
-    log stdout format raw daemon info
-
-    user root
-    group root
-
-    daemon
-
-    pidfile /run/haproxy.pid
-    maxconn 4000
-
-    # Turn on stats unix socket
-    server-state-file /var/lib/haproxy/server-state
-
-    setenv POST 1
-    setenv ALLOW_RESTARTS 1
-    setenv CONTAINERS 1
-    setenv VERSION 1
-
-defaults
-    mode http
-    log global
-    option httplog
-    option dontlognull
-    option http-server-close
-    option redispatch
-    retries 3
-    timeout http-request 10s
-    timeout queue 1m
-    timeout connect 10s
-    timeout client 10m
-    timeout server 10m
-    timeout http-keep-alive 10s
-    timeout check 10s
-    maxconn 3000
-
-    # Allow seamless reloads
-    load-server-state-from-file global
-
-    # Use provided example error pages
-    errorfile 400 /etc/haproxy/errors/400.http
-    errorfile 403 /etc/haproxy/errors/403.http
-    errorfile 408 /etc/haproxy/errors/408.http
-    errorfile 500 /etc/haproxy/errors/500.http
-    errorfile 502 /etc/haproxy/errors/502.http
-    errorfile 503 /etc/haproxy/errors/503.http
-    errorfile 504 /etc/haproxy/errors/504.http
-
-backend dockerbackend
-    server dockersocket /var/run/docker.sock
-
-frontend dockerfrontend
-    bind :38379
-    http-request deny unless METH_GET || { env(POST) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool }
-    http-request deny
-    default_backend dockerbackend
-