Open Daniel-dev22 opened 7 months ago
I don't see the point of not using 0.0.0.0
. It's just a cosmetic tweak
I don't see the point of not using
0.0.0.0
. It's just a cosmetic tweak
If I use that it binds to all IP addresses the container has available. I want it to bind to specific IP addresses not all.
By binding to specific IP addresses I can stop it from listening on my IPvlan address and only listen on the addresses I want it to listen on.
As mentioned in docker when using an ipvlan ports
has no impact on whether the port is exposed for the ipvlan address. If a service binds to a port on that ipvlan address then it's exposed. The only way to stop this is to prevent the service from binding to that address in the first place.
I had to do this with home assistant as well using the server_host
parameter
http:
server_host:
- 192.168.10.4
What I'm looking for is to do this with go2rtc
api: listen: - 192.168.10.12:1984 - 127.0.0.1:1984 origin: '*'
the solution is unix sockets:
api:
listen: 192.168.10.12:1984
unix_listen: "/tmp/go2rtc.sock" # default "", unix socket listener for API
and in frigate's nginx config
upstream go2rtc {
server unix:/tmp/go2rtc.sock;
}
(look into my PR https://github.com/blakeblackshear/frigate/pull/8693)
What I'm looking for is to do this with go2rtc
api: listen: - 192.168.10.12:1984 - 127.0.0.1:1984 origin: '*'
the solution is unix sockets:
api: listen: 192.168.10.12:1984 unix_listen: "/tmp/go2rtc.sock" # default "", unix socket listener for API
and in frigate's nginx config
upstream go2rtc { server unix:/tmp/go2rtc.sock; }
(look into my PR https://github.com/blakeblackshear/frigate/pull/8693)
Is a unix socket faster than tcp/ip connections and would this be local to the container or is this the unix socket on the localhost that the containers would connect to?
Theoretically, the sockets should be a little more faster than tcp/ip, but these are tenths of a percents. So, don’t worry about it :)
Look to a unix-socket as a virtual file in which one process writes data and the other immediately reads. That is, it will be local inside the container if you don't pull it out yourself
Theoretically, the sockets should be a little more faster than tcp/ip, but these are tenths of a percents. So, don’t worry about it :)
Look to a unix-socket as a virtual file in which one process writes data and the other immediately reads. That is, it will be local inside the container if you don't pull it out yourself
The unix-socket path worked thank you.
@skrashevich I think the health check also needs to be changed if go2rtc is not listening on 127.0.0.1 as it will cause false restarts https://github.com/blakeblackshear/frigate/blob/dev/docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc-healthcheck/run#L15
@AlexxIT
Unix sockets don't appear to be a good solution as they don't close connections fast enough at least not the current implementation by go2rtc doesn't.
The frigate v14 UI that can open a lot of connections at once when viewing the live page as it starts live streams automatically when an object is detected. Meaning a lot of cameras in view that suddenly have a lot of action can cause live streams to start, once the action stops the stream "closes". When the action occurs again the cycle continues. Then when switching to a specific camera view all previous connections are "closed". All of that combined results in a lot of opening and closing connections. However i suspect that the unix_sockets don't close immediately resulting in a lot of "closed" connections being left open for a period time and this is resulting in a significant performance impact as mse streams are freezing.
Is it possible to implement api listener taking a list of IP addresses so that can be used instead?
I run frigate in a docker container that is attached to both an IPvlan and a bridge network. The bridge network IP is 192.168.10.12
However the way docker works with IPvlans is that even if you don't put
ports
in your docker compose, if the service (container) binds to a port on all IP addresses*
or0.0.0.0
it will be exposed on the ipvlan ip addresses as well. The only way to fix that is to only allow the service to bind to specific IP addresses rather than all.Frigate does the same thing so I had to modify the nginx file to listen on the bridge network IP 192.168.10.12:5000 and 127.0.0.1:5000 but go2rtc doesn't let me do the same which means I'm exposing 1984 to my isolated camera IPvlan.
Frigate nginx
What I'm looking for is to do this with go2rtc