Imageproxy behind haproxy.

config/camo.nginx.conf

@@ -1,66 +0,0 @@
-upstream camo_server {
-    server 127.0.0.1:8081 fail_timeout=10 max_fails=3;
-}
-upstream imageproxy_server {
-    server 127.0.0.1:4593 fail_timeout=10 max_fails=3;
-}
-
-server {
-    listen 80 default_server;
-
-    server_name _;
-
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl;
-
-    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
-    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
-
-    client_max_body_size 4M;
-    server_name images.newsblur.com;
-
-    location / {
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_redirect off;
-        
-        proxy_pass http://camo_server;
-    }
-    
-    error_page 404 /custom_404.html;
-    location = /custom_404.html {
-        root /srv/newsblur/;
-        rewrite ^(.*)$ /templates/404.html break;
-    }
-}
-
-server {
-    listen 443 ssl;
-
-    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
-    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
-
-    client_max_body_size 4M;
-    server_name imageproxy.newsblur.com;
-
-    location / {
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_redirect off;
-        
-        proxy_pass http://imageproxy_server;
-    }
-    
-    error_page 404 /custom_404.html;
-    location = /custom_404.html {
-        root /srv/newsblur/;
-        rewrite ^(.*)$ /templates/404.html break;
-    }
-}

config/haproxy.conf.template

@@ -51,6 +51,7 @@ frontend public
   monitor fail  if mx_mode
 
   use_backend imageproxy if { hdr_end(host) -i imageproxy.newsblur.com }
+  use_backend imageproxy if { hdr_end(host) -i iproxy.newsblur.com }
   use_backend push if { hdr_end(host) -i push.newsblur.com }
   use_backend node_socket if { path_beg /v2/socket.io/ }
   use_backend node_socket3 if { path_beg /v3/socket.io/ }

config/nginx.imageproxy.conf

@@ -0,0 +1,30 @@
+upstream imageproxy_server {
+    server 127.0.0.1:4593 fail_timeout=10 max_fails=3;
+}
+
+server {
+    listen 80 default_server;
+    listen 443 ssl;
+
+    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
+    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
+
+    client_max_body_size 4M;
+    server_name _ imageproxy.newsblur.com;
+
+    location / {
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_redirect off;
+        
+        proxy_pass http://imageproxy_server;
+    }
+    
+    error_page 404 /custom_404.html;
+    location = /custom_404.html {
+        root /srv/newsblur/;
+        rewrite ^(.*)$ /templates/404.html break;
+    }
+}

fabfile.py

@@ -1471,7 +1471,8 @@ def setup_imageproxy(install_go=False):
     sudo('supervisorctl reread')
     sudo('supervisorctl update')
     sudo('ufw allow 443')
-    put(os.path.join(env.NEWSBLUR_PATH, 'config/camo.nginx.conf'), "/usr/local/nginx/conf/sites-enabled/camo.conf", use_sudo=True)
+    sudo('ufw allow 80')
+    put(os.path.join(env.NEWSBLUR_PATH, 'config/nginx.imageproxy.conf'), "/usr/local/nginx/conf/sites-enabled/imageproxy.conf", use_sudo=True)
     sudo("/etc/init.d/nginx restart")