mirror of
https://github.com/samuelclay/NewsBlur.git
synced 2025-08-05 16:58:59 +00:00
156 lines
4.5 KiB
Text
156 lines
4.5 KiB
Text
|
global
|
||
|
|
maxconn 100000
|
||
|
|
daemon
|
||
|
|
ca-base /srv/newsblur/config/certificates
|
||
|
|
crt-base /srv/newsblur/config/certificates
|
||
|
|
tune.bufsize 32000
|
||
|
|
tune.maxrewrite 8196
|
||
|
|
tune.ssl.default-dh-param 2048
|
||
|
|
log 127.0.0.1 local0 notice
|
||
|
|
# log 127.0.0.1 local1 info
|
||
|
|
|
||
|
|
defaults
|
||
|
|
log global
|
||
|
|
maxconn 100000
|
||
|
|
mode http
|
||
|
|
option forwardfor
|
||
|
|
option http-server-close
|
||
|
|
option httpclose
|
||
|
|
option log-health-checks
|
||
|
|
option log-separate-errors
|
||
|
|
option httplog
|
||
|
|
option redispatch
|
||
|
|
option abortonclose
|
||
|
|
timeout connect 10s
|
||
|
|
timeout client 10s
|
||
|
|
timeout server 30s
|
||
|
|
timeout tunnel 1h
|
||
|
|
retries 3
|
||
|
|
errorfile 502 /srv/newsblur/templates/502.http
|
||
|
|
errorfile 503 /srv/newsblur/templates/502.http
|
||
|
|
errorfile 504 /srv/newsblur/templates/502.http
|
||
|
|
|
||
|
|
frontend public
|
||
|
|
bind :80
|
||
|
|
bind :443 ssl crt newsblur.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
|
||
|
|
rspadd Strict-Transport-Security:\ max-age=0;\ includeSubDomains
|
||
|
|
option http-server-close
|
||
|
|
# Redirect all HTTP traffic to HTTPS
|
||
|
|
# redirect scheme https if !{ ssl_fc }
|
||
|
|
|
||
|
|
acl gunicorn_dead nbsrv(gunicorn) lt 1
|
||
|
|
acl nginx_dead nbsrv(nginx) lt 1
|
||
|
|
acl mx_mode nbsrv(maintenance) lt 1
|
||
|
|
acl is_unread_count url_beg /reader/feed_unread_count
|
||
|
|
acl is_refresh_feeds url_beg /reader/refresh_feed
|
||
|
|
|
||
|
|
monitor-uri /status
|
||
|
|
monitor fail if gunicorn_dead
|
||
|
|
monitor fail if nginx_dead
|
||
|
|
monitor fail if mx_mode
|
||
|
|
|
||
|
|
use_backend node_socket if { path_beg /v2/socket.io/ }
|
||
|
|
use_backend node_favicon if { path_beg /rss_feeds/icon/ }
|
||
|
|
use_backend nginx if { path_beg /media/ }
|
||
|
|
use_backend nginx if { path_beg /static/ }
|
||
|
|
use_backend nginx if { path_beg /favicon }
|
||
|
|
use_backend nginx if { path_beg /crossdomain/ }
|
||
|
|
use_backend nginx if { path_beg /robots }
|
||
|
|
use_backend self if { path_beg /munin/ }
|
||
|
|
|
||
|
|
use_backend nginx if mx_mode
|
||
|
|
|
||
|
|
use_backend gunicorn_counts if is_unread_count
|
||
|
|
use_backend gunicorn_refresh if is_refresh_feeds
|
||
|
|
use_backend gunicorn unless gunicorn_dead || nginx_dead
|
||
|
|
|
||
|
|
backend node_socket
|
||
|
|
http-check expect rstatus 200|503
|
||
|
|
balance roundrobin
|
||
|
|
{{ node_socket }}
|
||
|
|
|
||
|
|
backend node_favicon
|
||
|
|
http-check expect rstatus 200|503
|
||
|
|
option httpchk GET /rss_feeds/icon/1
|
||
|
|
balance roundrobin
|
||
|
|
{{ node_favicon }}
|
||
|
|
|
||
|
|
backend self
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_nginxchk
|
||
|
|
http-check expect rstatus 200|503
|
||
|
|
{{ www }}
|
||
|
|
|
||
|
|
backend nginx
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_nginxchk
|
||
|
|
http-check expect rstatus 200|503
|
||
|
|
{{ nginx }}
|
||
|
|
|
||
|
|
backend gunicorn
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_haproxychk
|
||
|
|
{{ app }}
|
||
|
|
|
||
|
|
backend gunicorn_counts
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_haproxychk
|
||
|
|
{{ gunicorn_counts }}
|
||
|
|
|
||
|
|
backend gunicorn_refresh
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_haproxychk
|
||
|
|
{{ gunicorn_refresh }}
|
||
|
|
|
||
|
|
backend push
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_haproxychk
|
||
|
|
{{ push }}
|
||
|
|
|
||
|
|
backend work
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /_nginxchk
|
||
|
|
http-check expect rstatus 200|503
|
||
|
|
{{ work }}
|
||
|
|
|
||
|
|
backend postgres
|
||
|
|
option httpchk GET /db_check/postgres
|
||
|
|
server postgres-db01 db_pgsql:5000 check inter 2000ms
|
||
|
|
|
||
|
|
backend mongo
|
||
|
|
option httpchk GET /db_check/mongo
|
||
|
|
server mongo-db22a db22a:5000 check inter 2000ms
|
||
|
|
server mongo-db20 db20:5000 check inter 2000ms
|
||
|
|
server mongo-db23a db23a:5000 check inter 2000ms
|
||
|
|
server mongo-db25a db25a:5000 check inter 2000ms
|
||
|
|
server mongo-db30 db30:5000 check inter 2000ms
|
||
|
|
|
||
|
|
backend redis
|
||
|
|
option httpchk GET /db_check/redis
|
||
|
|
server redis-db40 db_redis:5000 check inter 2000ms
|
||
|
|
server redis-pubsub-db43 db_redis_pubsub:5000 check inter 2000ms
|
||
|
|
backend redis_story
|
||
|
|
option httpchk GET /db_check/redis_story
|
||
|
|
server redis-story-db42 db_redis_story:5000 check inter 2000ms
|
||
|
|
backend redis_sessions
|
||
|
|
option httpchk GET /db_check/redis_sessions
|
||
|
|
server redis-sess-db41 db_redis_sessions:5000 check inter 2000ms
|
||
|
|
backend elasticsearch
|
||
|
|
option httpchk GET /db_check/elasticsearch
|
||
|
|
server es-search01 db_search:5000 check inter 2000ms
|
||
|
|
|
||
|
|
backend maintenance
|
||
|
|
option httpchk HEAD /maintenance HTTP/1.1\r\nHost:\ www
|
||
|
|
http-check expect status 404
|
||
|
|
http-check send-state
|
||
|
|
{{ maintenance }}
|
||
|
|
|
||
|
|
listen stats
|
||
|
|
bind :1936 ssl crt newsblur.pem
|
||
|
|
stats enable
|
||
|
|
stats hide-version
|
||
|
|
stats realm Haproxy\ Statistics
|
||
|
|
stats uri /
|
||
|
|
stats auth gimmiestats:StatsGiver
|
||
|
|
stats refresh 15s
|