Use nginx

apps/push-serverless/Dockerfile

@@ -12,17 +12,9 @@ FROM ossrs/srs:4
 
 RUN apt-get update &&\
   apt-get install -y \
-  # KnzkLive
-  ca-certificates gnupg openssl libssl-dev libc6 curl ffmpeg \
-  # Caddy
-  debian-keyring debian-archive-keyring apt-transport-https &&\
-  # Node.js
+  ca-certificates gnupg openssl libssl-dev libc6 curl ffmpeg nginx &&\
   curl -fsSL https://deb.nodesource.com/setup_20.x | bash - &&\
-  # Caddy
-  curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg &&\
-  curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list &&\
-  apt-get update &&\
-  apt-get install -y nodejs caddy &&\
+  apt-get install -y nodejs &&\
   apt-get clean &&\
   rm -rf /var/lib/apt/lists/*
 
@@ -31,7 +23,8 @@ ENV FFMPEG_PATH=/usr/local/srs/objs/ffmpeg/bin/ffmpeg
 ENV FFPROBE_PATH=/usr/bin/ffprobe
 
 COPY ./apps/push-serverless/vm/usr/local/srs/conf/knzklive.conf /usr/local/srs/conf/knzklive.conf
-COPY ./apps/push-serverless/vm/knzk/Caddyfile /knzk/Caddyfile
+COPY ./apps/push-serverless/vm/etc/nginx/conf.d/knzklive.conf /etc/nginx/conf.d/knzklive.conf
+COPY ./apps/push-serverless/vm/etc/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY ./apps/push-serverless/vm/knzk/entry.sh /knzk/entry.sh
 RUN chmod +x /knzk/entry.sh
 

apps/push-serverless/README.md

@@ -14,15 +14,15 @@
 ## Spec
 
 - 以下のプロセスが一つの Firecracker VM 内で動作します
-  - Caddy - 静的ファイルの配信とリバースプロキシ
+  - Nginx - 静的ファイルの配信とリバースプロキシ
   - SRS - RTMP サーバー
   - KnzkLive Push Agent - 制御基盤
   - FFmpeg - ビデオエンコーダ
 
 ```mermaid
 graph LR
     api["KnzkLive API"]
-	  caddy["Caddy"]
+	  nginx["Nginx"]
     srs["SRS"]
     agent["KnzkLive Push Agent"]
     ffmpeg["FFmpeg"]
@@ -46,13 +46,12 @@ graph LR
 
       ffmpeg -- HLS --> storage
 
-      caddy --> storage
-      caddy --> srs
+      nginx --> storage
+      nginx --> srs
     end
 
-    caddy -- FLV (低遅延) --> viewer
-    caddy -- HLS --> viewer
-
+    nginx -- FLV (低遅延) --> viewer
+    nginx -- HLS --> viewer
 ```
 
 ## Limitations

apps/push-serverless/vm/etc/nginx/conf.d/knzklive.conf

@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    root /tmp/knzklive;
+
+    location /static/ {
+        if ($request_uri ~* \.m3u8($|\?)) {
+            add_header Access-Control-Allow-Origin "*" always;
+            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+            add_header Cache-Control "public, no-cache, no-store, must-revalidate";
+        }
+
+        if ($request_uri ~* \.ts($|\?)) {
+            add_header Access-Control-Allow-Origin "*" always;
+            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+            add_header Cache-Control "public, max-age=31536000";
+        }
+
+        try_files $uri $uri/ =404;
+    }
+
+    location /streaming/ {
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+        proxy_hide_header "Access-Control-Allow-Origin";
+        proxy_pass http://localhost:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /api/externals/ {
+        proxy_pass http://localhost:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

apps/push-serverless/vm/etc/nginx/nginx.conf

@@ -0,0 +1,63 @@
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 4098;
+        multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+        log_format main '$remote_addr - $remote_user [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent"';
+        access_log  /dev/stdout  main;
+        error_log   /dev/stderr  warn;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/knzklive.conf;
+}

apps/push-serverless/vm/knzk/entry.sh

@@ -5,6 +5,6 @@
 set -m # to make job control work
 
 node /knzk/kernel/index.js &
-caddy run --config /knzk/Caddyfile &
+nginx &
 /usr/local/srs/objs/srs -c conf/knzklive.conf &
 fg %1 # gross!

infra/push-serverless/fly.toml

@@ -20,6 +20,12 @@ auto_start_machines = true
 min_machines_running = 0
 processes = ['app']
 
+# fixme
+[http_service.concurrency]
+type = "requests"
+soft_limit = 9999
+hard_limit = 9999
+
 # (Experimental) RTMPS
 [[services]]
 internal_port = 1935
@@ -44,4 +50,4 @@ processes = ['app']
 port = 1935
 
 [[vm]]
-size = 'performance-2x'
+size = 'performance-1x'