add haproxy dockerfile and haproxy config for swarm

docker/haproxy/swarm/Dockerfile

@@ -0,0 +1,10 @@
+FROM newsblur/newsblur_python3
+FROM haproxy:1.8.22
+ENV PYTHONUNBUFFERED=1
+ENV NEWSBLUR_PATH=/srv/newsblur
+WORKDIR   /srv/newsblur
+
+RUN /bin/bash -c 'echo "ENABLED=1" | tee /etc/default/haproxy'
+RUN /bin/bash -c 'mkdir -p /srv/newsblur/config/certificates/'
+COPY 'config/haproxy_rsyslog.conf' '/etc/rsyslog.d/49-haproxy.conf'
+COPY './docker/haproxy/swarm/haproxy.conf /usr/local/etc/haproxy/haproxy.cfg'

docker/haproxy/swarm/haproxy.conf

@@ -0,0 +1,169 @@
+global
+    maxconn 100000
+    daemon
+    ca-base /srv/newsblur/config/certificates
+    crt-base /srv/newsblur/config/certificates
+    tune.bufsize 32000
+    tune.maxrewrite 8196
+    tune.ssl.default-dh-param 2048
+    log 127.0.0.1 local0 notice
+    # log 127.0.0.1 local1 info
+
+resolvers docker
+    nameserver dns1 127.0.0.11:53
+
+defaults
+    log global
+    maxconn 100000
+    mode http
+    option forwardfor
+    option http-server-close
+    option httpclose
+    option log-health-checks
+    option log-separate-errors
+    option httplog
+    option redispatch
+    option abortonclose
+    timeout connect 10s
+    timeout client 10s
+    timeout server 30s
+    timeout tunnel 1h
+    retries 3
+    errorfile 502 /srv/newsblur/templates/502.http
+    errorfile 503 /srv/newsblur/templates/502.http
+    errorfile 504 /srv/newsblur/templates/502.http
+
+frontend public
+    bind :80
+    bind :443 ssl crt /srv/newsblur/config/certificates/localhost.pem #ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
+    rspadd Strict-Transport-Security:\ max-age=0;\ includeSubDomains
+    option http-server-close
+
+    # Redirect all HTTP traffic to HTTPS
+    redirect scheme https code 301 if !{ ssl_fc }
+
+    acl gunicorn_dead nbsrv(gunicorn) lt 1
+    acl nginx_dead nbsrv(nginx) lt 1
+    acl mx_mode nbsrv(maintenance) lt 1
+    acl is_unread_count url_beg /reader/feed_unread_count
+    acl is_refresh_feeds url_beg /reader/refresh_feed
+
+    monitor-uri /status
+    monitor fail if gunicorn_dead
+    monitor fail if nginx_dead
+    monitor fail if mx_mode
+
+    use_backend node_socket if { path_beg /v2/socket.io/ }
+    use_backend node_favicon if { path_beg /rss_feeds/icon/ }
+    use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
+    use_backend node_page if { path_beg /original_page/ }
+    use_backend nginx if { path_beg /media/ }
+    use_backend nginx if { path_beg /static/ }
+    use_backend nginx if { path_beg /favicon }
+    use_backend nginx if { path_beg /crossdomain/ }
+    use_backend nginx if { path_beg /robots }
+    #use_backend self if { path_beg /munin/ }
+
+    use_backend nginx if mx_mode
+
+    use_backend gunicorn_counts if is_unread_count
+    use_backend gunicorn_refresh if is_refresh_feeds
+    use_backend gunicorn unless gunicorn_dead || nginx_dead
+
+backend node_socket
+    http-check expect rstatus 200|503
+    balance roundrobin
+    server node_socket01 node:8888 check inter 3000ms
+
+backend node_favicon
+    http-check expect rstatus 200|503
+    option httpchk GET /rss_feeds/icon/1
+    balance roundrobin
+    server node_favicon01 node:3030 check inter 3000ms
+
+backend node_text
+    http-check expect rstatus 200|503
+    option httpchk GET /rss_feeds/original_text_fetcher?test=1
+    balance roundrobin
+    server node_text01 node:4040 check inter 3000ms
+
+backend node_page
+    http-check expect rstatus 200|503
+    # check if there is a check for this
+    #option httpchk GET /rss_feeds/original_text_fetcher?test=1
+    balance roundrobin
+    server node_page01 node:3060 check inter 3000ms
+
+
+backend nginx
+    balance roundrobin
+    option httpchk GET /_nginxchk
+    http-check expect rstatus 200|503
+    server nginx01 app:81 check inter 3000ms
+
+backend gunicorn
+    balance roundrobin
+    option httpchk GET /_haproxychk
+    server app01 app:8000 check inter 3000ms
+
+backend gunicorn_counts
+    balance roundrobin
+    option httpchk GET /_haproxychk
+    server gunicorn_counts app_counts:8000 check inter 15000ms
+
+backend gunicorn_refresh
+    balance roundrobin
+    option httpchk GET /_haproxychk
+    server-template gunicorn_refresh 2 app_refresh:8000 check inter 30000ms
+
+
+backend push
+    balance roundrobin
+    option httpchk GET /_haproxychk
+    server push app_push:8000 check inter 3000ms
+
+backend work
+    balance roundrobin
+    option httpchk GET http://monitor:5579/work_check/celeryd_work_queue
+    http-check expect rstatus 200|503|301
+    server work celeryd_work_queue:82 check inter 3000ms
+
+backend postgres
+    option httpchk GET http://monitor:5579/db_check/postgres
+    server postgres-db02 postgres:5432 check inter 2000ms
+
+backend mongo
+    option httpchk GET http://monitor:5579/db_check/mongo
+    server-template mongo 4 db_mongo:27017 check inter 2000ms
+
+backend redis
+    option httpchk GET http://monitor:5579/db_check/redis
+    # redis, redis_pubsub, redis_sessions, redis_story droplets are necessary
+    # in docker swarm although not routed with haproxy
+backend redis_story
+    option httpchk GET http://monitor:5579/db_check/redis_story
+
+backend redis_sessions
+    option httpchk GET http://monitor:5579/db_check/redis_sessions
+
+backend redis_pubsub
+    option httpchk GET http://monitor:5579/db_check/redis_pubsub
+
+backend elasticsearch
+    option httpchk GET http://monitor:5579/db_check/elasticsearch
+    server es-search01 elasticsearch:9300 check inter 2000ms
+
+backend maintenance
+    option httpchk HEAD /maintenance HTTP/1.1\r\nHost:\ www
+    http-check expect status 404
+    http-check send-state
+    server nginx nginx:81 check inter 3000ms
+
+listen stats
+bind :1936 ssl crt localhost.pem
+stats enable
+stats hide-version
+stats realm Haproxy\ Statistics
+stats uri /
+stats auth gimmiestats:StatsGiver
+stats refresh 15s