Moving HAProxy's config to secrets so I can set a password.

2025-09-18 21:43:31 +00:00 · 2013-03-20 15:12:56 -07:00 · 2013-03-20 15:12:56 -07:00 · 9ea3be9999
commit 9ea3be9999
parent b958619c95
2 changed files with 2 additions and 138 deletions
--- a/config/haproxy.conf
+++ b/config/haproxy.conf
@ -1,136 +0,0 @@
-global
-  maxconn 4096
-  user haproxy
-  group haproxy
-  daemon
-  ca-base /srv/newsblur/config/certificates
-  crt-base /srv/newsblur/config/certificates
-  log 127.0.0.1 local0 notice
-  # log 127.0.0.1 local1 info
-
-defaults
-  log global
-  maxconn 4096
-  mode http
-  option forwardfor
-  option http-server-close
-  option log-health-checks
-  option httplog
-  option redispatch
-  option abortonclose
-  timeout connect 5s
-  timeout client 30s
-  timeout server 30s
-  timeout tunnel 1h
-  retries 3
-  errorfile 502 /srv/newsblur/templates/502.http
-  errorfile 503 /srv/newsblur/templates/502.http
-  errorfile 504 /srv/newsblur/templates/502.http
- 
-frontend public
-  bind :80
-  bind :443 ssl crt newsblur.pem
-  option http-server-close
-  # Redirect all HTTP traffic to HTTPS
-  # redirect scheme https if !{ ssl_fc }
-
-  acl gunicorn_dead nbsrv(gunicorn) lt 1
-  acl nginx_dead nbsrv(nginx) lt 1
-  acl mx_mode nbsrv(maintenance) lt 1
-  monitor-uri /status
-  monitor fail  if gunicorn_dead
-  monitor fail  if nginx_dead
-  monitor fail  if mx_mode
-  
-  use_backend node if { path_beg /socket.io/ }
-  use_backend nginx if { path_beg /media/ }
-  use_backend nginx if { path_beg /static/ }
-  use_backend nginx if { path_beg /favicon }
-  use_backend nginx if { path_beg /crossdomain/ }
-  use_backend nginx if { path_beg /robots }
-  use_backend nginx if { path_beg /munin/ }
-  use_backend nginx if { path_beg /rss_feeds/icon }
-  
-  use_backend nginx if mx_mode
-  
-  use_backend gunicorn unless gunicorn_dead || nginx_dead
- 
-backend node
-  balance roundrobin
-  # stick-table type ip size 1m expire 60m store gpc0,conn_rate(30s)
-  # server node10 198.211.109.197:8888    check inter 2000ms weight 0
-  server node11 198.211.110.131:8888    check inter 2000ms
-  # server node12 198.211.110.230:8888    check inter 2000ms
-  # server node13 192.34.61.227:8888      check inter 2000ms
-  # server node14 198.211.109.155:8888    check inter 2000ms
-  # server node15 198.211.107.87:8888     check inter 2000ms
-  # server node16 198.211.105.155:8888    check inter 2000ms
-  # server node17 198.211.104.133:8888    check inter 2000ms
-  # server node18 198.211.103.214:8888    check inter 2000ms
-  # server node19 198.211.106.22:8888     check inter 2000ms
-  # server node20 198.211.110.189:8888    check inter 2000ms
-  # server node21 198.211.106.215:8888    check inter 2000ms
-  # server node22 192.81.209.42:8888      check inter 2000ms
-  # server node23 198.211.102.245:8888    check inter 2000ms
-
-backend nginx
-  balance roundrobin
-  server nginx10 198.211.109.197:81     check inter 2000ms
-  server nginx11 198.211.110.131:80     check inter 2000ms
-  server nginx12 198.211.110.230:80     check inter 2000ms
-  server nginx13 192.34.61.227:80       check inter 2000ms
-  server nginx14 198.211.109.155:80     check inter 2000ms
-  server nginx15 198.211.107.87:80      check inter 2000ms
-  server nginx16 198.211.105.155:80     check inter 2000ms
-  server nginx17 198.211.104.133:80     check inter 2000ms
-  server nginx18 198.211.103.214:80     check inter 2000ms
-  server nginx19 198.211.106.22:80      check inter 2000ms
-  server nginx20 198.211.110.189:80     check inter 2000ms
-  server nginx21 198.211.106.215:80     check inter 2000ms
-  server nginx22 192.81.209.42:80       check inter 2000ms
-  server nginx23 198.211.102.245:80     check inter 2000ms
-  server nginx24 198.211.109.236:80     check inter 2000ms
-  server nginx25 198.211.113.54:80      check inter 2000ms
-  server nginx26 198.211.113.206:80     check inter 2000ms
-  server nginx27 198.211.113.86:80      check inter 2000ms
-  server nginx28 198.211.113.196:80     check inter 2000ms
-
-backend gunicorn
-  balance roundrobin
-  server gunicorn10 198.211.109.197:8000     check inter 2000ms
-  # server gunicorn11 198.211.110.131:8000     check inter 2000ms
-  server gunicorn12 198.211.110.230:8000     check inter 2000ms
-  server gunicorn13 192.34.61.227:8000       check inter 2000ms
-  server gunicorn14 198.211.109.155:8000     check inter 2000ms
-  server gunicorn15 198.211.107.87:8000      check inter 2000ms
-  server gunicorn16 198.211.105.155:8000     check inter 2000ms
-  server gunicorn17 198.211.104.133:8000     check inter 2000ms
-  server gunicorn18 198.211.103.214:8000     check inter 2000ms
-  server gunicorn19 198.211.106.22:8000      check inter 2000ms
-  server gunicorn20 198.211.110.189:8000     check inter 2000ms
-  server gunicorn21 198.211.106.215:8000     check inter 2000ms
-  server gunicorn22 192.81.209.42:8000       check inter 2000ms
-  server gunicorn23 198.211.102.245:8000     check inter 2000ms
-  server gunicorn24 198.211.109.236:8000     check inter 2000ms
-  server gunicorn25 198.211.113.54:8000      check inter 2000ms
-  server gunicorn26 198.211.113.206:8000     check inter 2000ms
-  server gunicorn27 198.211.113.86:8000      check inter 2000ms
-  server gunicorn28 198.211.113.196:8000     check inter 2000ms
-
-backend maintenance
-  option httpchk HEAD /maintenance HTTP/1.1\r\nHost:\ www
-  http-check expect status 404
-  http-check send-state
-  server nginx10 198.211.109.197:81     check inter 2000ms
-  
-frontend stats
-  bind :1936 ssl crt newsblur.pem
-  default_backend stats
- 
-backend stats
-    stats enable
-    stats hide-version
-    stats realm Haproxy\ Statistics
-    stats uri /
-    stats auth sclay:password
-    stats refresh 15s
--- a/fabfile.py
+++ b/fabfile.py
@ -745,7 +745,7 @@ def setup_haproxy():
            sudo('make install')
    put('config/haproxy-init', '/etc/init.d/haproxy', use_sudo=True)
    sudo('chmod u+x /etc/init.d/haproxy')
-    put('config/haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
+    put('../secrets-newsblur/configs/haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
    sudo('echo "ENABLED=1" > /etc/default/haproxy')
    cert_path = "%s/config/certificates" % env.NEWSBLUR_PATH
    run('cat %s/newsblur.com.crt > %s/newsblur.pem' % (cert_path, cert_path))
@ -761,7 +761,7 @@ def config_haproxy(debug=False):
    if debug:
        put('config/debug_haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
    else:
-        put('config/haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
+        put('../secrets-newsblur/configs/haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
    sudo('/etc/init.d/haproxy reload')

 # ==============