NewsBlur/config/debug_haproxy.conf

global
  maxconn 100000
  daemon
  ca-base /srv/newsblur/config/certificates
  crt-base /srv/newsblur/config/certificates
  tune.bufsize 32000
  tune.maxrewrite 8196
  tune.ssl.default-dh-param 2048
  log 127.0.0.1 local0 notice
  log 127.0.0.1 local1 debug

defaults
  log global
  maxconn 100000
  mode http
  option forwardfor
  option http-server-close
  option httpclose
  # option log-health-checks
  option log-separate-errors
  option httplog
  option redispatch
  option abortonclose
  timeout connect 5s
  timeout client 30s
  timeout server 30s
  timeout tunnel 1h
  retries 3
  errorfile 502 /srv/newsblur/templates/502.http
  errorfile 503 /srv/newsblur/templates/502.http
  errorfile 504 /srv/newsblur/templates/502.http
  
frontend public
  bind :80
  bind :443 ssl crt newsblur.com.crt ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
  http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
  option http-server-close

  acl gunicorn_dead nbsrv(gunicorn) lt 1
  acl nginx_dead nbsrv(nginx) lt 1
  acl mx_mode nbsrv(maintenance) lt 1
  acl is_unread_count url_beg /reader/feed_unread_count
  
  monitor-uri /status
  monitor fail  if gunicorn_dead
  monitor fail  if nginx_dead
  monitor fail  if mx_mode
  
  # Redirect all HTTP traffic to HTTPS
  redirect scheme https code 301 if !{ ssl_fc }

  use_backend imageproxy if { hdr_end(host) -i imageproxy.newsblur.com }
  use_backend push if { hdr_end(host) -i push.newsblur.com }
  use_backend node_socket if { path_beg /socket.io/ }
  use_backend node_socket2 if { path_beg /v2/socket.io/ }
  use_backend node_socket3 if { path_beg /v3/socket.io/ }
  use_backend node_favicon if { path_beg /rss_feeds/icon/ }
  use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
  use_backend nginx if { path_beg /media/ }
  use_backend nginx if { path_beg /static/ }
  use_backend nginx if { path_beg /favicon }
  use_backend nginx if { path_beg /crossdomain/ }
  use_backend nginx if { path_beg /robots }
  use_backend nginx if { path_beg /munin/ }
  
  use_backend nginx if mx_mode
  
  use_backend gunicorn_counts if is_unread_count
  use_backend gunicorn unless gunicorn_dead || nginx_dead
 
backend imageproxy
  option httpchk HEAD /sc,sN1megONJiGNy-CCvqzVPTv-TWRhgSKhFlf61XAYESl4=/http:/samuelclay.com/static/images/2019%20-%20Cuba.jpg
  http-check expect rstatus 200|301
  server imageproxy01 imageproxy:80    check inter 2000ms

backend push
  # option httpchk GET /_haproxychk
  # http-check expect rstatus 200|503
  server push 127.0.0.1:8000        check inter 2000ms

backend node_socket
  balance roundrobin
  server nodedebug 127.0.0.1:8888    check inter 2000ms

backend node_socket2
  balance roundrobin
  server nodedebug 127.0.0.1:8888    check inter 2000ms

backend node_socket3
  balance roundrobin
  server nodedebug 127.0.0.1:8888    check inter 2000ms

backend node_favicon
  balance roundrobin
  server nodedebug 127.0.0.1:81      check inter 2000ms

backend node_text
  balance roundrobin
  server nodedebug 127.0.0.1:4040      check inter 2000ms

backend nginx
  balance roundrobin
  option httpchk GET /_nginxchk
  http-check expect rstatus 200|503
  server nginxdebug 127.0.0.1:81     check inter 2000ms

backend gunicorn
  balance roundrobin
  option httpchk GET /_haproxychk
  server gunicorndebug 127.0.0.1:8000     check inter 600000ms

backend gunicorn_counts
  balance roundrobin
  option httpchk GET /_haproxychk
  server gunicorndebug 127.0.0.1:8000     check inter 600000ms

backend maintenance
  option httpchk HEAD /maintenance
  http-check expect status 404
  http-check send-state
  server nginxdebug 127.0.0.1:81     check inter 2000ms
 
backend postgres
  option httpchk GET /db_check/postgres
  server postgres-db01      db_pgsql:5000       check inter 2000ms
backend mongo
  option httpchk GET /db_check/mongo
  server mongo-db22         db_mongo:5000       check inter 2000ms
backend redis
  option httpchk GET /db_check/redis
  server redis-db40         db_redis:5000       check inter 2000ms
backend redis_story
  option httpchk GET /db_check/redis_story
  server redis-story-db42   db_redis_story:5000       check inter 2000ms
backend redis_sessions
  option httpchk GET /db_check/redis_sessions
  server redis-sess-db41    db_redis_sessions:5000       check inter 2000ms
backend elasticsearch
  option httpchk GET /db_check/elasticsearch
  server es-db10            db_search:5000       check inter 2000ms

listen stats
  bind :1936 ssl crt newsblur.pem
  stats enable
  stats hide-version
  stats realm Haproxy\ Statistics
  stats uri /
  stats auth sclay:password
  stats refresh 15s
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`global`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`maxconn 100000`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`daemon`
			`ca-base /srv/newsblur/config/certificates`
			`crt-base /srv/newsblur/config/certificates`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`tune.bufsize 32000`
			`tune.maxrewrite 8196`
Disabling RC4 in nginx config. 2015-03-16 13:53:04 -07:00			`tune.ssl.default-dh-param 2048`
Fixing HAProxy to use http headers so a 502 error code doesn't get served with a 200 status code. I mean seriously, WTF HAProxy?! 2013-03-17 12:39:05 -07:00			`log 127.0.0.1 local0 notice`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`log 127.0.0.1 local1 debug`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00
			`defaults`
			`log global`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`maxconn 100000`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`mode http`
Moving from X-Real-IP to X-Forwarded-For. 2013-09-06 16:25:32 -07:00			`option forwardfor`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`option http-server-close`
Adding ratelimit to friends list. 2014-12-08 14:59:23 -08:00			`option httpclose`
HAProxy munin graphs. 2013-07-23 18:15:30 -07:00			`# option log-health-checks`
			`option log-separate-errors`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`option httplog`
			`option redispatch`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`option abortonclose`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`timeout connect 5s`
			`timeout client 30s`
			`timeout server 30s`
			`timeout tunnel 1h`
Fixing HAProxy to use http headers so a 502 error code doesn't get served with a 200 status code. I mean seriously, WTF HAProxy?! 2013-03-17 12:39:05 -07:00			`retries 3`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`errorfile 502 /srv/newsblur/templates/502.http`
Fixing HAProxy to use http headers so a 502 error code doesn't get served with a 200 status code. I mean seriously, WTF HAProxy?! 2013-03-17 12:39:05 -07:00			`errorfile 503 /srv/newsblur/templates/502.http`
			`errorfile 504 /srv/newsblur/templates/502.http`
Adding X-server to headers to figure out request pinning. 2013-03-18 11:32:24 -07:00
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`frontend public`
			`bind :80`
Moving imageproxy and push to behind HAProxy for single point configuration. 2021-01-11 17:49:52 -05:00			`bind :443 ssl crt newsblur.com.crt ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3`
			`http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`option http-server-close`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`acl gunicorn_dead nbsrv(gunicorn) lt 1`
			`acl nginx_dead nbsrv(nginx) lt 1`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`acl mx_mode nbsrv(maintenance) lt 1`
Postgres min log statement to 0.5s. Syncing haproxy debug with haproxy config. 2015-07-29 13:30:17 -07:00			`acl is_unread_count url_beg /reader/feed_unread_count`

Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`monitor-uri /status`
			`monitor fail if gunicorn_dead`
			`monitor fail if nginx_dead`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`monitor fail if mx_mode`
Adding imageproxy check using a real image. 2021-01-12 14:30:51 -05:00
			`# Redirect all HTTP traffic to HTTPS`
			`redirect scheme https code 301 if !{ ssl_fc }`
Fixing auto bootstraps. Also splitting favicons onto its own server. 2013-06-23 12:51:50 -07:00
Moving imageproxy and push to behind HAProxy for single point configuration. 2021-01-11 17:49:52 -05:00			`use_backend imageproxy if { hdr_end(host) -i imageproxy.newsblur.com }`
			`use_backend push if { hdr_end(host) -i push.newsblur.com }`
Fixing auto bootstraps. Also splitting favicons onto its own server. 2013-06-23 12:51:50 -07:00			`use_backend node_socket if { path_beg /socket.io/ }`
Adding node02 to handle new upgraded websockets. 2016-11-30 15:26:42 -08:00			`use_backend node_socket2 if { path_beg /v2/socket.io/ }`
Switching to Socket.IO v3. 2021-01-04 17:55:47 -05:00			`use_backend node_socket3 if { path_beg /v3/socket.io/ }`
Fixing haproxy and gunicorn url length issues. This ones for @misc. 2014-10-01 15:40:33 -07:00			`use_backend node_favicon if { path_beg /rss_feeds/icon/ }`
Testing http > https redirect. 2020-05-19 19:15:20 -04:00			`use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`use_backend nginx if { path_beg /media/ }`
			`use_backend nginx if { path_beg /static/ }`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`use_backend nginx if { path_beg /favicon }`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`use_backend nginx if { path_beg /crossdomain/ }`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`use_backend nginx if { path_beg /robots }`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`use_backend nginx if { path_beg /munin/ }`

Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`use_backend nginx if mx_mode`

Postgres min log statement to 0.5s. Syncing haproxy debug with haproxy config. 2015-07-29 13:30:17 -07:00			`use_backend gunicorn_counts if is_unread_count`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`use_backend gunicorn unless gunicorn_dead \|\| nginx_dead`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00
Moving imageproxy and push to behind HAProxy for single point configuration. 2021-01-11 17:49:52 -05:00			`backend imageproxy`
Adding imageproxy check using a real image. 2021-01-12 14:30:51 -05:00			`option httpchk HEAD /sc,sN1megONJiGNy-CCvqzVPTv-TWRhgSKhFlf61XAYESl4=/http:/samuelclay.com/static/images/2019%20-%20Cuba.jpg`
			`http-check expect rstatus 200\|301`
			`server imageproxy01 imageproxy:80 check inter 2000ms`
Moving imageproxy and push to behind HAProxy for single point configuration. 2021-01-11 17:49:52 -05:00
			`backend push`
Don't need full health checks in debug. 2021-01-12 14:50:27 -05:00			`# option httpchk GET /_haproxychk`
			`# http-check expect rstatus 200\|503`
Adding imageproxy check using a real image. 2021-01-12 14:30:51 -05:00			`server push 127.0.0.1:8000 check inter 2000ms`
Moving imageproxy and push to behind HAProxy for single point configuration. 2021-01-11 17:49:52 -05:00
Fixing auto bootstraps. Also splitting favicons onto its own server. 2013-06-23 12:51:50 -07:00			`backend node_socket`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`balance roundrobin`
Adding real ip to socketio. 2013-05-01 13:22:03 -07:00			`server nodedebug 127.0.0.1:8888 check inter 2000ms`
Adding X-server to headers to figure out request pinning. 2013-03-18 11:32:24 -07:00
Adding node02 to handle new upgraded websockets. 2016-11-30 15:26:42 -08:00			`backend node_socket2`
			`balance roundrobin`
			`server nodedebug 127.0.0.1:8888 check inter 2000ms`

Switching to Socket.IO v3. 2021-01-04 17:55:47 -05:00			`backend node_socket3`
			`balance roundrobin`
			`server nodedebug 127.0.0.1:8888 check inter 2000ms`

Fixing auto bootstraps. Also splitting favicons onto its own server. 2013-06-23 12:51:50 -07:00			`backend node_favicon`
			`balance roundrobin`
			`server nodedebug 127.0.0.1:81 check inter 2000ms`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00
Updating node_modules. 2019-04-13 16:01:51 -04:00			`backend node_text`
			`balance roundrobin`
			`server nodedebug 127.0.0.1:4040 check inter 2000ms`

Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`backend nginx`
			`balance roundrobin`
Adding nginx health check. Fixing ssh keys. 2013-07-30 19:16:12 -07:00			`option httpchk GET /_nginxchk`
Correct haproxy config to account for new http layer 7 health checks from nginx. 2013-08-13 16:27:56 -07:00			`http-check expect rstatus 200\|503`
Adding real ip to socketio. 2013-05-01 13:22:03 -07:00			`server nginxdebug 127.0.0.1:81 check inter 2000ms`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00			`backend gunicorn`
			`balance roundrobin`
Adding haproxy exception for health check. 2013-07-30 18:24:34 -07:00			`option httpchk GET /_haproxychk`
Fixing iOS issue on river terminating prematurely. 2013-09-10 16:02:49 -07:00			`server gunicorndebug 127.0.0.1:8000 check inter 600000ms`
Trying out a gunicorn haproxy backend. 2013-03-17 11:25:16 -07:00
DB migration. 2013-06-24 17:59:31 -07:00			`backend gunicorn_counts`
			`balance roundrobin`
Upgrading HAProxy to 1.5.12. 2015-05-07 10:59:38 -07:00			`option httpchk GET /_haproxychk`
Fixing paypalapi to check if api_ca_certs is false. 2015-05-26 12:34:52 -07:00			`server gunicorndebug 127.0.0.1:8000 check inter 600000ms`
DB migration. 2013-06-24 17:59:31 -07:00
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`backend maintenance`
Adding imageproxy check using a real image. 2021-01-12 14:30:51 -05:00			`option httpchk HEAD /maintenance`
Rewriting HAProxy config to include gunicorn and maintenance. Much better monitoring. 2013-03-17 14:06:17 -07:00			`http-check expect status 404`
			`http-check send-state`
Cleaning up haproxy debug, logrotate. 2013-08-13 15:45:40 -07:00			`server nginxdebug 127.0.0.1:81 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00
			`backend postgres`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/postgres`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server postgres-db01 db_pgsql:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00			`backend mongo`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/mongo`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server mongo-db22 db_mongo:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00			`backend redis`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/redis`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server redis-db40 db_redis:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00			`backend redis_story`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/redis_story`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server redis-story-db42 db_redis_story:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00			`backend redis_sessions`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/redis_sessions`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server redis-sess-db41 db_redis_sessions:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00			`backend elasticsearch`
Abstracting redis host and elasticsearch host for db monitor. 2015-08-09 14:28:27 -07:00			`option httpchk GET /db_check/elasticsearch`
Using hosts names for debug haproxy. 2015-11-16 14:27:39 -08:00			`server es-db10 db_search:5000 check inter 2000ms`
Adding db health checks. 2015-08-05 19:33:19 -07:00
DB checks OK in middleware. 2015-08-05 20:05:54 -07:00			`listen stats`
Re-upping 12 to 64 free feeds. 2013-03-17 10:28:26 -07:00			`bind :1936 ssl crt newsblur.pem`
DB checks OK in middleware. 2015-08-05 20:05:54 -07:00			`stats enable`
			`stats hide-version`
			`stats realm Haproxy\ Statistics`
			`stats uri /`
			`stats auth sclay:password`
			`stats refresh 15s`