2021-02-16 13:11:26 -05:00
|
|
|
global
|
|
|
|
|
maxconn 100000
|
|
|
|
|
daemon
|
|
|
|
|
ca-base /srv/newsblur/config/certificates
|
|
|
|
|
crt-base /srv/newsblur/config/certificates
|
|
|
|
|
tune.bufsize 32000
|
|
|
|
|
tune.maxrewrite 8196
|
|
|
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
|
log 127.0.0.1 local0 notice
|
2021-03-11 00:50:52 -05:00
|
|
|
log 127.0.0.1 local1 info
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-02-24 20:02:37 -05:00
|
|
|
resolvers consul
|
|
|
|
|
nameserver consul 127.0.0.1:53
|
|
|
|
|
accepted_payload_size 8192 # allow larger DNS payloads
|
|
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
defaults
|
|
|
|
|
log global
|
|
|
|
|
maxconn 100000
|
|
|
|
|
mode http
|
|
|
|
|
option forwardfor
|
|
|
|
|
option http-server-close
|
|
|
|
|
option httpclose
|
|
|
|
|
option log-health-checks
|
|
|
|
|
option log-separate-errors
|
|
|
|
|
option httplog
|
|
|
|
|
option redispatch
|
|
|
|
|
option abortonclose
|
2021-03-11 09:51:46 -05:00
|
|
|
timeout connect 10s
|
|
|
|
|
timeout client 10s
|
|
|
|
|
timeout server 30s
|
|
|
|
|
timeout tunnel 1h
|
2021-02-16 13:11:26 -05:00
|
|
|
retries 3
|
|
|
|
|
errorfile 502 /srv/newsblur/templates/502.http
|
|
|
|
|
errorfile 503 /srv/newsblur/templates/502.http
|
|
|
|
|
errorfile 504 /srv/newsblur/templates/502.http
|
|
|
|
|
|
2021-03-11 00:50:52 -05:00
|
|
|
# balance roundrobin
|
|
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
frontend public
|
|
|
|
|
bind :80
|
2021-02-18 18:03:36 -05:00
|
|
|
bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
|
2021-02-16 13:11:26 -05:00
|
|
|
http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
|
|
|
|
|
option http-server-close
|
|
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
acl gunicorn_dead nbsrv(app_django) lt 1
|
2021-02-16 13:11:26 -05:00
|
|
|
acl nginx_dead nbsrv(nginx) lt 1
|
|
|
|
|
acl mx_mode nbsrv(maintenance) lt 1
|
|
|
|
|
acl is_unread_count url_beg /reader/feed_unread_count
|
|
|
|
|
acl is_refresh_feeds url_beg /reader/refresh_feed
|
2022-02-08 15:32:43 -05:00
|
|
|
acl is_original_text url_beg /rss_feeds/original_text
|
|
|
|
|
acl is_river url_beg /reader/river_stories
|
|
|
|
|
acl is_automated_river urlp(h) -m found
|
2021-07-02 09:15:22 -04:00
|
|
|
acl is_dashboard url_param(dashboard) -i true
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
monitor-uri /status
|
|
|
|
|
monitor fail if gunicorn_dead
|
|
|
|
|
monitor fail if nginx_dead
|
|
|
|
|
monitor fail if mx_mode
|
|
|
|
|
|
|
|
|
|
# Redirect all HTTP traffic to HTTPS
|
2021-04-28 17:37:37 -04:00
|
|
|
acl is_root path /
|
|
|
|
|
redirect scheme https if is_root !{ ssl_fc }
|
|
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
use_backend app_push if { hdr_end(host) -i push.newsblur.com }
|
|
|
|
|
use_backend node_socket if { path_beg /v3/socket.io/ }
|
2022-08-17 09:51:06 -04:00
|
|
|
use_backend node_favicons if { path_beg /rss_feeds/icon/ }
|
2021-02-16 13:11:26 -05:00
|
|
|
use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
|
2021-02-18 18:03:36 -05:00
|
|
|
use_backend node_images if { hdr_end(host) -i imageproxy.newsblur.com }
|
2021-07-12 11:46:22 -04:00
|
|
|
use_backend node_images if { hdr_end(host) -i imageproxy2.newsblur.com }
|
2021-02-16 13:11:26 -05:00
|
|
|
use_backend node_page if { path_beg /original_page/ }
|
2021-06-28 18:50:30 -04:00
|
|
|
use_backend blog if { hdr_end(host) -i blog.newsblur.com }
|
2022-01-03 14:48:39 -05:00
|
|
|
use_backend sentry if { hdr_end(host) -i sentry.newsblur.com }
|
2021-02-16 13:11:26 -05:00
|
|
|
use_backend nginx if { path_beg /media/ }
|
|
|
|
|
use_backend nginx if { path_beg /static/ }
|
|
|
|
|
use_backend nginx if { path_beg /favicon }
|
|
|
|
|
use_backend nginx if { path_beg /crossdomain/ }
|
|
|
|
|
use_backend nginx if { path_beg /robots }
|
2022-03-31 17:37:03 -04:00
|
|
|
use_backend metrics if { path_beg /metrics }
|
2021-02-16 13:11:26 -05:00
|
|
|
#use_backend self if { path_beg /munin/ }
|
2021-06-14 20:32:19 -06:00
|
|
|
use_backend db_metrics if { hdr_end(host) -i metrics.newsblur.com }
|
2021-06-15 09:43:44 -06:00
|
|
|
use_backend consul_manager if { hdr_end(host) -i consul.newsblur.com }
|
2021-02-16 13:11:26 -05:00
|
|
|
use_backend nginx if mx_mode
|
|
|
|
|
|
|
|
|
|
use_backend app_counts if is_unread_count
|
|
|
|
|
use_backend app_refresh if is_refresh_feeds
|
2021-07-02 08:43:16 -04:00
|
|
|
use_backend app_refresh if is_dashboard
|
2022-02-08 15:32:43 -05:00
|
|
|
use_backend app_refresh if is_original_text
|
|
|
|
|
use_backend app_refresh if is_river is_automated_river
|
2021-02-18 18:03:36 -05:00
|
|
|
use_backend app_django unless gunicorn_dead || nginx_dead
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
backend nginx
|
|
|
|
|
option httpchk GET /_nginxchk
|
|
|
|
|
http-check expect rstatus 200|503
|
2021-03-11 09:51:46 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.web %}
|
2022-01-04 14:44:47 -05:00
|
|
|
server nginx-{{host}} {{host}}.node.nyc1.consul:80
|
2021-03-11 09:51:46 -05:00
|
|
|
{% endfor %}
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
backend app_django
|
2021-02-16 13:11:26 -05:00
|
|
|
option httpchk GET /_haproxychk
|
2021-03-11 09:51:46 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.django %}
|
2021-04-07 21:25:22 -04:00
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8000
|
2021-03-11 09:51:46 -05:00
|
|
|
{% endfor %}
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
backend app_counts
|
|
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_haproxychk
|
2021-04-07 21:25:22 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.counts %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8000
|
|
|
|
|
{% endfor %}
|
|
|
|
|
# server-template app-counts 1 _app-counts._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2021-02-19 17:13:33 -05:00
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
backend app_refresh
|
|
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_haproxychk
|
2021-04-07 21:25:22 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.refresh %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8000
|
|
|
|
|
{% endfor %}
|
|
|
|
|
# server-template app-refresh 1 _app-refresh._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
backend app_push
|
2021-02-16 13:11:26 -05:00
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_haproxychk
|
2021-04-07 21:25:22 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.push %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8000
|
|
|
|
|
{% endfor %}
|
|
|
|
|
# server-template app-push 1 _app-push._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-06-22 12:49:53 -04:00
|
|
|
backend blog
|
|
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_nginxchk
|
|
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.blogs %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:80
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
2022-01-03 14:48:39 -05:00
|
|
|
backend sentry
|
|
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_health
|
|
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.sentry %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:9000
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
2022-06-23 17:50:47 -04:00
|
|
|
backend staging
|
|
|
|
|
balance roundrobin
|
|
|
|
|
option httpchk GET /_haproxychk
|
|
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.staging %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8000
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
backend node_images
|
2022-05-26 12:17:45 -04:00
|
|
|
option httpchk HEAD /sc,seLJDaKBog3LLEMDe8cjBefMhnVSibO4RA5boZhWcVZ0=/https://samuelclay.com/static/images/2019%20-%20Cuba.jpg
|
2021-02-18 18:03:36 -05:00
|
|
|
http-check expect rstatus 200|301
|
2022-07-08 11:56:40 -04:00
|
|
|
default-server check inter 10000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.node_images %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8088
|
|
|
|
|
{% endfor %}
|
2021-02-18 18:03:36 -05:00
|
|
|
|
2022-03-31 17:37:03 -04:00
|
|
|
backend metrics
|
|
|
|
|
option httpchk GET /_haproxychk
|
|
|
|
|
http-check expect rstatus 200|301
|
|
|
|
|
server app-django1 app-django1.node.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
|
2021-02-18 18:03:36 -05:00
|
|
|
backend node_socket
|
|
|
|
|
balance roundrobin
|
2021-03-15 10:41:58 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.node_socket %}
|
2021-03-16 19:34:11 -04:00
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8008
|
2021-03-15 10:41:58 -04:00
|
|
|
{% endfor %}
|
2021-02-18 18:03:36 -05:00
|
|
|
|
2022-08-17 09:51:06 -04:00
|
|
|
backend node_favicons
|
2021-02-18 18:03:36 -05:00
|
|
|
http-check expect rstatus 200|503
|
|
|
|
|
option httpchk GET /rss_feeds/icon/1
|
|
|
|
|
balance roundrobin
|
2023-11-10 17:14:09 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.node_favicons %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8008
|
|
|
|
|
{% endfor %}
|
2021-02-18 18:03:36 -05:00
|
|
|
|
|
|
|
|
backend node_text
|
|
|
|
|
http-check expect rstatus 200|503
|
|
|
|
|
option httpchk GET /rss_feeds/original_text_fetcher?test=1
|
|
|
|
|
balance roundrobin
|
2022-08-17 09:51:06 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.node_text %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:8008
|
|
|
|
|
{% endfor %}
|
2021-02-18 18:03:36 -05:00
|
|
|
|
|
|
|
|
backend node_page
|
|
|
|
|
http-check expect rstatus 200|503
|
2021-02-24 18:13:26 -05:00
|
|
|
option httpchk GET /original_page/1?test=1
|
2021-02-18 18:03:36 -05:00
|
|
|
balance roundrobin
|
2021-03-16 19:34:11 -04:00
|
|
|
server-template node-page 1 _node-page._tcp.service.nyc1.consul:8008 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2021-02-18 18:03:36 -05:00
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
backend postgres
|
2021-03-10 16:54:18 -05:00
|
|
|
option httpchk GET /db_check/postgres
|
2022-05-13 16:59:57 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.postgres %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:5579
|
|
|
|
|
{% endfor %}
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-03-11 09:51:46 -05:00
|
|
|
backend mongo
|
2021-10-19 11:11:11 -04:00
|
|
|
option httpchk GET /db_check/mongo
|
2021-03-11 09:51:46 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.mongo %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:5579
|
|
|
|
|
{% endfor %}
|
2021-08-03 19:43:27 -04:00
|
|
|
|
2021-03-11 09:51:46 -05:00
|
|
|
backend mongo_analytics
|
2021-08-03 19:43:27 -04:00
|
|
|
option httpchk GET /db_check/mongo_analytics
|
2021-03-11 09:51:46 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.mongo_analytics %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:5579
|
|
|
|
|
{% endfor %}
|
2021-08-03 19:43:27 -04:00
|
|
|
|
2021-02-24 20:02:37 -05:00
|
|
|
backend db_redis_user
|
2021-12-06 13:56:09 -05:00
|
|
|
option httpchk GET /db_check/redis_user
|
2021-03-10 16:54:18 -05:00
|
|
|
server db-redis-user db-redis-user.node.nyc1.consul:5579 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none
|
2021-02-24 20:02:37 -05:00
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
backend db_redis_story
|
2021-03-10 16:54:18 -05:00
|
|
|
option httpchk GET /db_check/redis_story
|
2022-06-01 11:08:20 -04:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.redis_story %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:5579
|
|
|
|
|
{% endfor %}
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
backend db_redis_sessions
|
2021-03-10 16:54:18 -05:00
|
|
|
option httpchk GET /db_check/redis_sessions
|
|
|
|
|
server db-redis-sessions db-redis-sessions.node.nyc1.consul:5579 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
backend db_redis_pubsub
|
2021-03-10 16:54:18 -05:00
|
|
|
option httpchk GET /db_check/redis_pubsub
|
|
|
|
|
server db-redis-pubsub db-redis-pubsub.node.nyc1.consul:5579 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-02-17 21:07:12 -05:00
|
|
|
backend db_elasticsearch
|
2021-03-10 16:54:18 -05:00
|
|
|
option httpchk GET /db_check/elasticsearch
|
2022-12-28 22:01:51 -05:00
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
|
|
|
|
{% for host in groups.elasticsearch %}
|
|
|
|
|
server {{host}} {{host}}.node.nyc1.consul:5579
|
|
|
|
|
{% endfor %}
|
2021-02-16 13:11:26 -05:00
|
|
|
|
2021-06-14 20:32:19 -06:00
|
|
|
backend db_metrics
|
|
|
|
|
balance roundrobin
|
|
|
|
|
# option httpchk GET /_haproxychk
|
|
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2022-01-04 14:44:47 -05:00
|
|
|
server db-grafana grafana.service.nyc1.consul:3000
|
2021-06-14 20:32:19 -06:00
|
|
|
|
2021-06-15 09:44:37 -06:00
|
|
|
backend consul_manager
|
2021-06-14 20:32:19 -06:00
|
|
|
balance roundrobin
|
|
|
|
|
# option httpchk GET /_haproxychk
|
|
|
|
|
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2022-01-04 14:44:47 -05:00
|
|
|
server db-consul-manager consul-manager.service.nyc1.consul:8500
|
2021-06-14 20:32:19 -06:00
|
|
|
|
2021-02-16 13:11:26 -05:00
|
|
|
backend maintenance
|
|
|
|
|
option httpchk HEAD /maintenance
|
|
|
|
|
http-check expect status 404
|
|
|
|
|
http-check send-state
|
2022-05-11 11:23:49 -04:00
|
|
|
server maintenance app-django1.node.nyc1.consul:80 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
|
2021-02-16 13:11:26 -05:00
|
|
|
|
|
|
|
|
listen stats
|
|
|
|
|
bind :1936 ssl crt {{ ssl_certificate }}
|
|
|
|
|
|
|
|
|
|
stats enable
|
|
|
|
|
stats hide-version
|
|
|
|
|
stats realm Haproxy\ Statistics
|
|
|
|
|
stats uri /
|
|
|
|
|
stats auth gimmiestats:StatsGiver
|
|
|
|
|
stats refresh 15s
|
