From 173beef3d73d5178f3e60a41a7b963843535e107 Mon Sep 17 00:00:00 2001
From: Samuel Clay <samuel@ofbrooklyn.com>
Date: Mon, 11 Jan 2021 18:46:24 -0500
Subject: [PATCH] Imageproxy behind haproxy.

---
 config/camo.nginx.conf       | 66 ------------------------------------
 config/haproxy.conf.template |  1 +
 config/nginx.imageproxy.conf | 30 ++++++++++++++++
 fabfile.py                   |  3 +-
 4 files changed, 33 insertions(+), 67 deletions(-)
 delete mode 100644 config/camo.nginx.conf
 create mode 100644 config/nginx.imageproxy.conf

diff --git a/config/camo.nginx.conf b/config/camo.nginx.conf
deleted file mode 100644
index a03321417..000000000
--- a/config/camo.nginx.conf
+++ /dev/null
@@ -1,66 +0,0 @@
-upstream camo_server {
-    server 127.0.0.1:8081 fail_timeout=10 max_fails=3;
-}
-upstream imageproxy_server {
-    server 127.0.0.1:4593 fail_timeout=10 max_fails=3;
-}
-
-server {
-    listen 80 default_server;
-
-    server_name _;
-
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl;
-
-    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
-    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
-
-    client_max_body_size 4M;
-    server_name images.newsblur.com;
-
-    location / {
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_redirect off;
-        
-        proxy_pass http://camo_server;
-    }
-    
-    error_page 404 /custom_404.html;
-    location = /custom_404.html {
-        root /srv/newsblur/;
-        rewrite ^(.*)$ /templates/404.html break;
-    }
-}
-
-server {
-    listen 443 ssl;
-
-    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
-    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
-
-    client_max_body_size 4M;
-    server_name imageproxy.newsblur.com;
-
-    location / {
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_redirect off;
-        
-        proxy_pass http://imageproxy_server;
-    }
-    
-    error_page 404 /custom_404.html;
-    location = /custom_404.html {
-        root /srv/newsblur/;
-        rewrite ^(.*)$ /templates/404.html break;
-    }
-}
diff --git a/config/haproxy.conf.template b/config/haproxy.conf.template
index 31b849678..9741418a1 100644
--- a/config/haproxy.conf.template
+++ b/config/haproxy.conf.template
@@ -51,6 +51,7 @@ frontend public
   monitor fail  if mx_mode
 
   use_backend imageproxy if { hdr_end(host) -i imageproxy.newsblur.com }
+  use_backend imageproxy if { hdr_end(host) -i iproxy.newsblur.com }
   use_backend push if { hdr_end(host) -i push.newsblur.com }
   use_backend node_socket if { path_beg /v2/socket.io/ }
   use_backend node_socket3 if { path_beg /v3/socket.io/ }
diff --git a/config/nginx.imageproxy.conf b/config/nginx.imageproxy.conf
new file mode 100644
index 000000000..f37f0a211
--- /dev/null
+++ b/config/nginx.imageproxy.conf
@@ -0,0 +1,30 @@
+upstream imageproxy_server {
+    server 127.0.0.1:4593 fail_timeout=10 max_fails=3;
+}
+
+server {
+    listen 80 default_server;
+    listen 443 ssl;
+
+    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
+    ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
+
+    client_max_body_size 4M;
+    server_name _ imageproxy.newsblur.com;
+
+    location / {
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_redirect off;
+        
+        proxy_pass http://imageproxy_server;
+    }
+    
+    error_page 404 /custom_404.html;
+    location = /custom_404.html {
+        root /srv/newsblur/;
+        rewrite ^(.*)$ /templates/404.html break;
+    }
+}
diff --git a/fabfile.py b/fabfile.py
index a39e866cc..064f94252 100644
--- a/fabfile.py
+++ b/fabfile.py
@@ -1471,7 +1471,8 @@ def setup_imageproxy(install_go=False):
     sudo('supervisorctl reread')
     sudo('supervisorctl update')
     sudo('ufw allow 443')
-    put(os.path.join(env.NEWSBLUR_PATH, 'config/camo.nginx.conf'), "/usr/local/nginx/conf/sites-enabled/camo.conf", use_sudo=True)
+    sudo('ufw allow 80')
+    put(os.path.join(env.NEWSBLUR_PATH, 'config/nginx.imageproxy.conf'), "/usr/local/nginx/conf/sites-enabled/imageproxy.conf", use_sudo=True)
     sudo("/etc/init.d/nginx restart")