diff --git a/docker-compose.yml b/docker-compose.yml index 0802ba921..cad0edab2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -252,7 +252,7 @@ services: environment: - DOCKERBUILD=True volumes: - - ./docker/haproxy/haproxy.conf:/usr/local/etc/haproxy/haproxy.cfg + - ./docker/haproxy/haproxy.docker-compose.conf:/usr/local/etc/haproxy/haproxy.cfg - app-files:/srv/newsblur volumes: diff --git a/docker/haproxy/haproxy.cfg b/docker/haproxy/haproxy.cfg deleted file mode 100644 index 792587ba3..000000000 --- a/docker/haproxy/haproxy.cfg +++ /dev/null @@ -1,168 +0,0 @@ -global - maxconn 100000 - daemon - ca-base /srv/newsblur/config/certificates - crt-base /srv/newsblur/config/certificates - tune.bufsize 32000 - tune.maxrewrite 8196 - tune.ssl.default-dh-param 2048 - log 127.0.0.1 local0 notice - # log 127.0.0.1 local1 info - -resolvers docker - nameserver dns1 127.0.0.11:53 - -defaults - log global - maxconn 100000 - mode http - option forwardfor - option http-server-close - option httpclose - option log-health-checks - option log-separate-errors - option httplog - option redispatch - option abortonclose - timeout connect 10s - timeout client 10s - timeout server 30s - timeout tunnel 1h - retries 3 - errorfile 502 /srv/newsblur/templates/502.http - errorfile 503 /srv/newsblur/templates/502.http - errorfile 504 /srv/newsblur/templates/502.http - -frontend public - bind :80 - bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem #ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3 - http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains - option http-server-close - - acl gunicorn_dead nbsrv(app) lt 1 - acl nginx_dead nbsrv(nginx) lt 1 - acl mx_mode nbsrv(maintenance) lt 1 - acl is_unread_count url_beg /reader/feed_unread_count - acl is_refresh_feeds url_beg /reader/refresh_feed - - monitor-uri /status - monitor fail if gunicorn_dead - monitor fail if nginx_dead - monitor fail if mx_mode - - # Redirect all HTTP traffic to HTTPS - redirect scheme https code 301 if !{ ssl_fc } - - use_backend node_socket if { path_beg /v2/socket.io/ } - use_backend node_favicon if { path_beg /rss_feeds/icon/ } - use_backend node_text if { path_beg /rss_feeds/original_text_fetcher } - use_backend node_page if { path_beg /original_page/ } - use_backend nginx if { path_beg /media/ } - use_backend nginx if { path_beg /static/ } - use_backend nginx if { path_beg /favicon } - use_backend nginx if { path_beg /crossdomain/ } - use_backend nginx if { path_beg /robots } - #use_backend self if { path_beg /munin/ } - - use_backend nginx if mx_mode - - use_backend app_counts if is_unread_count - use_backend app_refresh if is_refresh_feeds - use_backend app unless gunicorn_dead || nginx_dead - -backend node_socket - balance roundrobin - server node_socket01 node:8888 check inter 3000ms - -backend node_favicon - http-check expect rstatus 200|503 - option httpchk GET /rss_feeds/icon/1 - balance roundrobin - server node_favicon01 node:3030 check inter 3000ms - -backend node_text - http-check expect rstatus 200|503 - option httpchk GET /rss_feeds/original_text_fetcher?test=1 - balance roundrobin - server node_text01 node:4040 check inter 3000ms - -backend node_page - http-check expect rstatus 200|503 - # check if there is a check for this - option httpchk GET /rss_feeds/original_text_fetcher?test=1 - balance roundrobin - server node_page01 node:3060 check inter 3000ms - - -backend nginx - balance roundrobin - option httpchk GET /_nginxchk - http-check expect rstatus 200|503 - server nginx01 app:81 check inter 3000ms - -backend app - balance roundrobin - option httpchk GET /_haproxychk - server app01 app:8000 check inter 3000ms - -backend app_counts - balance roundrobin - option httpchk GET /_haproxychk - server app_counts app_counts:8000 check inter 15000ms - -backend app_refresh - balance roundrobin - option httpchk GET /_haproxychk - server-template app_refresh 2 app_refresh:8000 check inter 30000ms - - -backend push - balance roundrobin - option httpchk GET /_haproxychk - server push app_push:8000 check inter 3000ms - -backend work - balance roundrobin - option httpchk GET http://monitor:5579/work_check/celeryd_work_queue - http-check expect rstatus 200|503|301 - server work task_celeryd_work_queue:82 check inter 3000ms - -backend postgres - option httpchk GET http://monitor:5579/db_check/postgres - server postgres-db02 postgres:5432 check inter 2000ms - -backend mongo - option httpchk GET http://monitor:5579/db_check/mongo - server-template mongo 4 db_mongo:27017 check inter 2000ms - -backend db_redis - option httpchk GET http://monitor:5579/db_check/redis - # redis, redis_pubsub, redis_sessions, redis_story droplets are necessary - # in docker swarm although not routed with haproxy -backend db_redis_story - option httpchk GET http://monitor:5579/db_check/redis_story - -backend db_redis_sessions - option httpchk GET http://monitor:5579/db_check/redis_sessions - -backend db_redis_pubsub - option httpchk GET http://monitor:5579/db_check/redis_pubsub - -backend elasticsearch - option httpchk GET http://monitor:5579/db_check/elasticsearch - server es-search01 elasticsearch:9300 check inter 2000ms - -backend maintenance - option httpchk HEAD /maintenance - http-check expect status 404 - http-check send-state - server nginx nginx:81 check inter 3000ms - -listen stats -bind :1936 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem -stats enable -stats hide-version -stats realm Haproxy\ Statistics -stats uri / -stats auth gimmiestats:StatsGiver -stats refresh 15s diff --git a/docker/haproxy/haproxy.dev.cfg b/docker/haproxy/haproxy.docker-compose.cfg similarity index 100% rename from docker/haproxy/haproxy.dev.cfg rename to docker/haproxy/haproxy.docker-compose.cfg