Fixing HAProxy to use http headers so a 502 error code doesn't get served with a 200 status code. I mean seriously, WTF HAProxy?!

2025-09-18 21:43:31 +00:00 · 2013-03-17 12:39:05 -07:00 · 2013-03-17 12:39:05 -07:00 · 4e0fb455d7
commit 4e0fb455d7
parent 233af12d0e
5 changed files with 118 additions and 9 deletions
--- a/config/debug_haproxy.conf
+++ b/config/debug_haproxy.conf
@ -5,23 +5,25 @@ global
  daemon
  ca-base /srv/newsblur/config/certificates
  crt-base /srv/newsblur/config/certificates
+  log 127.0.0.1 local0 notice
+  log 127.0.0.1 local1 info

 defaults
  log global
  maxconn 4096
  mode http
-  # Add x-forwarded-for header.
  option forwardfor
  option http-server-close
+  option log-health-checks
  option httplog
  option redispatch
  timeout connect 5s
  timeout client 30s
  timeout server 30s
-  # Long timeout for WebSocket connections.
  timeout tunnel 1h
-  errorfile 503 /srv/newsblur/templates/502.html
-  errorfile 504 /srv/newsblur/templates/502.html
+  retries 3
+  errorfile 503 /srv/newsblur/templates/502.http
+  errorfile 504 /srv/newsblur/templates/502.http
 
 frontend public
  bind :80
@ -30,6 +32,10 @@ frontend public
  # Redirect all HTTP traffic to HTTPS
  # redirect scheme https if !{ ssl_fc }

+  acl site_dead nbsrv(gunicorn) lt 1
+  acl site_dead nbsrv(nginx) lt 1
+  monitor fail  if site_dead
+  
  use_backend node if { path_beg /socket.io/ }
  use_backend nginx if { path_beg /media/ }
  use_backend nginx if { path_beg /static/ }
@ -62,4 +68,5 @@ backend stats
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
-    stats auth sclay:password
+    stats auth sclay:password
+    stats refresh 5s
--- a/config/haproxy_rsyslog.conf
+++ b/config/haproxy_rsyslog.conf
@ -0,0 +1,7 @@
+$ModLoad imudp
+$UDPServerAddress 127.0.0.1
+$UDPServerRun 514
+
+local0.* -/var/log/haproxy.log
+local1.* -/var/log/haproxy_info.log
+& ~
--- a/config/logrotate.conf
+++ b/config/logrotate.conf
@ -18,3 +18,15 @@
       missingok
 }

+/var/log/haproxy*.log {
+    rotate 4
+    weekly
+    missingok
+    notifempty
+    compress
+    delaycompress
+    sharedscripts
+    postrotate
+        reload rsyslog >/dev/null 2>&1 || true
+    endscript
+}
--- a/fabfile.py
+++ b/fabfile.py
@ -452,10 +452,10 @@ def add_machine_to_ssh():
    
 def setup_repo():
    with settings(warn_only=True):
-        run('git clone https://github.com/samuelclay/NewsBlur.git newsblur')
+        run('git clone https://github.com/samuelclay/NewsBlur.git ~/newsblur')
    sudo('mkdir -p /srv')
-    sudo('ln -f -s /home/%s/code /srv/code' % env.user)
-    sudo('ln -f -s /home/%s/newsblur /srv/newsblur' % env.user)
+    sudo('ln -f -s /home/%s/code /srv/' % env.user)
+    sudo('ln -f -s /home/%s/newsblur /srv/' % env.user)

 def setup_repo_local_settings():
    with cd(env.NEWSBLUR_PATH):
@ -717,7 +717,9 @@ def setup_haproxy():
    run('cat %s/newsblur.com.crt > %s/newsblur.pem' % (cert_path, cert_path))
    run('cat %s/intermediate.crt >> %s/newsblur.pem' % (cert_path, cert_path))
    run('cat %s/newsblur.com.key >> %s/newsblur.pem' % (cert_path, cert_path))
-
+    put('config/haproxy_rsyslog.conf', '/etc/rsyslog.d/49-haproxy.conf', use_sudo=True)
+    sudo('restart rsyslog')
+    
    sudo('/etc/init.d/haproxy stop')
    sudo('/etc/init.d/haproxy start')

--- a/templates/502.http
+++ b/templates/502.http
@ -0,0 +1,81 @@
+HTTP/1.0 502 Server Error
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+        <meta http-equiv="x-dns-prefetch-control" content="off"/>
+        <meta name="robots" content="noindex"/>
+
+        <style>
+        html {
+            height: 100%;
+            -webkit-font-smoothing: antialiased;
+            margin: 0;
+            padding: 0;
+            border: 0;
+            overflow-y: scroll
+        }
+        body {
+            height: 100%;
+            font-family: 'Helvetica Neue',Helvetica,sans-serif;
+            text-align: center;
+            margin: 0;
+            padding: 0;
+            border: 0;
+            background-color: #232732;
+            background: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#232732), to(#15171E));
+            background: -moz-linear-gradient(center top , #232732 0%, #15171E 100%) repeat scroll 0 0 transparent;
+
+        }
+        #container {
+            width: 500px
+        }
+        h1 {
+            color: #fff;
+            font-size: 30px;
+            font-weight: bold;
+            text-shadow: 0 1px 4px rgba(0,0,0,0.68);
+            letter-spacing: -1px;
+            margin: 0;
+            width: 500px;
+        }
+        .description {
+            color: rgba(255, 255, 255, .8);
+            font-size: 18px;
+            line-height: 24px;
+            text-shadow: 0 1px 0 rgba(0,0,0,0.33);
+            width: 450px;
+        }
+        .description a {
+            color: #849EDB;
+            text-decoration: none;
+        }
+        .description a:hover {
+            color: #516BB7;
+        }
+        .error404 {
+            color: #C5826E;
+        }
+        </style>
+        <title>502 - NewsBlur is down</title>
+    </head>
+    <body>
+        <table height="100%" width="100%">
+            <tr>
+                <td align="center" valign="middle">
+                    <div id="container">
+                        <h1><span class="error404">502</span> &middot; NewsBlur is down</h1>
+                        <div class="description">
+                            <p>Please wait patiently while NewsBlur comes back.</p>
+                            <p><a href="http://twitter.com/newsblur">@newsblur on Twitter</a> may have more information.</p>
+                        </div>
+                    </div>
+                </td>
+            </tr>
+        </table>
+    </body>
+</html>