public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-09-18 21:50:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding HAProxy config.

Browse source
This commit is contained in:
Samuel Clay 2013-03-14 22:39:58 -07:00
parent 116605d476
commit 881f24859b
4 changed files with 252 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/gunicorn_conf.py
View file

@ -19,6 +19,6 @@ else:
workers = int(NUM_CPUS / 2)
if workers <= 4:
workers = int(math.floor(GIGS_OF_MEMORY * 1000 / 512))
workers = min(int(math.floor(GIGS_OF_MEMORY * 1000 / 512)), 4)
if workers > 8:
workers = 8

154
config/haproxy-init Normal file
View file

@ -0,0 +1,154 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: haproxy
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description: This file should be used to start and stop haproxy.
### END INIT INFO
# Author: Arnaud Cornet <acornet@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PIDFILE=/var/run/haproxy.pid
CONFIG=/etc/haproxy/haproxy.cfg
HAPROXY=/usr/local/sbin/haproxy
EXTRAOPTS=
ENABLED=0
test -x $HAPROXY || exit 0
test -f "$CONFIG" || exit 0
if [ -e /etc/default/haproxy ]; then
. /etc/default/haproxy
fi
test "$ENABLED" != "0" || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
haproxy_start(){
start-stop-daemon --start --pidfile "$PIDFILE" \
--exec $HAPROXY -- -f "$CONFIG" -D -p "$PIDFILE" \
$EXTRAOPTS || return 2
return 0
}
haproxy_stop(){
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
for pid in $(cat $PIDFILE) ; do
/bin/kill $pid || return 4
done
rm -f $PIDFILE
return 0
}
haproxy_reload(){
$HAPROXY -f "$CONFIG" -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
|| return 2
return 0
}
haproxy_status(){
if [ ! -f $PIDFILE ] ; then
# program not running
return 3
fi
for pid in $(cat $PIDFILE) ; do
if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then
# program running, bogus pidfile
return 1
fi
done
return 0
}
case "$1" in
start)
log_daemon_msg "Starting haproxy" "haproxy"
haproxy_start
ret=$?
case "$ret" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
echo "pid file '$PIDFILE' found, haproxy not started."
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
stop)
log_daemon_msg "Stopping haproxy" "haproxy"
haproxy_stop
ret=$?
case "$ret" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
reload|force-reload)
log_daemon_msg "Reloading haproxy" "haproxy"
haproxy_reload
case "$?" in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
;;
restart)
log_daemon_msg "Restarting haproxy" "haproxy"
haproxy_stop
haproxy_start
case "$?" in
0)
log_end_msg 0
;;
1)
log_end_msg 1
;;
2)
log_end_msg 1
;;
esac
;;
status)
haproxy_status
ret=$?
case "$ret" in
0)
echo "haproxy is running."
;;
1)
echo "haproxy dead, but $PIDFILE exists."
;;
*)
echo "haproxy not running."
;;
esac
exit $ret
;;
*)
echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}"
exit 2
;;
esac
:

76
config/haproxy.conf Normal file
View file

@ -0,0 +1,76 @@
global
maxconn 4096
user haproxy
group haproxy
daemon
ca-base /srv/newsblur/config/certificates
crt-base /srv/newsblur/config/certificates
defaults
log global
maxconn 4096
mode http
# Add x-forwarded-for header.
option forwardfor
option http-server-close
timeout connect 5s
timeout client 30s
timeout server 30s
# Long timeout for WebSocket connections.
timeout tunnel 1h
errorfile 503 /srv/newsblur/templates/502.html
frontend public
# HTTP
bind :80
# Redirect all HTTP traffic to HTTPS
# redirect scheme https if !{ ssl_fc }
# HTTPS
# Example with CA certificate bundle
# bind :443 ssl crt intermediate.pem ca-file newsblur.com.crt
# Example without CA certification bunch
bind :443 ssl crt newsblur.pem
# The node backends - websockets will be managed automatically, given the
# right base paths to send them to the right Node.js backend.
#
# If you wanted to specifically send websocket traffic somewhere different
# you'd use an ACL like { hdr(Upgrade) -i WebSocket }. Looking at path works
# just as well, though - such as { path_beg /socket.io } or similar. Adjust your
# rules to suite your specific setup.
use_backend node if { path_beg /socket.io/ }
# Everything else to Nginx.
default_backend nginx
backend node
balance leastconn
# Check by hitting a page intended for this use.
# option httpchk GET /served/by/node/isrunning
# timeout check 500ms
# Wait 500ms between checks.
server node1 127.0.0.1:8888 check inter 500ms
backend nginx
balance leastconn
# Check by hitting a page intended for this use.
# option httpchk GET /isrunning
# timeout check 500ms
# Wait 500ms between checks.
server nginx1 127.0.0.1:81
# For displaying HAProxy statistics.
frontend stats
# HTTPS only.
# Example with CA certificate bundle
# bind :1936 ssl crt zzgenie.com.pem ca-file gd_bundle.crt
# Example without CA certification bunch
bind :1936 ssl crt newsblur.pem
default_backend stats
backend stats
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:password

29
fabfile.py vendored
View file

@ -100,6 +100,7 @@ env.roledefs ={
'198.211.110.131',
'192.34.61.227',
'198.211.109.155',
'198.211.109.197',
]
}
@ -404,7 +405,7 @@ def setup_task(skip_common=False):
def setup_installs():
sudo('apt-get -y update')
sudo('apt-get -y upgrade')
sudo('apt-get -y install build-essential gcc scons libreadline-dev sysstat iotop git zsh python-dev locate python-software-properties libpcre3-dev libncurses5-dev libdbd-pg-perl libssl-dev make pgbouncer python-psycopg2 libmemcache0 python-memcache libyaml-0-2 python-yaml python-numpy python-scipy python-imaging curl monit ufw')
sudo('apt-get -y install build-essential gcc scons libreadline-dev sysstat iotop git zsh python-dev locate python-software-properties software-properties-common libpcre3-dev libncurses5-dev libdbd-pg-perl libssl-dev make pgbouncer python-psycopg2 libmemcache0 python-memcache libyaml-0-2 python-yaml python-numpy python-scipy python-imaging curl monit ufw')
# sudo('add-apt-repository ppa:pitti/postgresql')
sudo('apt-get -y update')
sudo('apt-get -y install postgresql-client')
@ -685,15 +686,27 @@ def maintenance_off():
run('mv templates/maintenance_on.html templates/maintenance_off.html')
run('git checkout templates/maintenance_off.html')
def setup_haproxy():
sudo('apt-get install -y haproxy')
def setup_haproxy(install=False):
# sudo('apt-get install -y haproxy')
# sudo('ufw allow 81') # nginx moved
if install:
with cd(env.VENDOR_PATH):
run('wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev17.tar.gz')
run('tar -xf haproxy-1.5-dev17.tar.gz')
with cd('haproxy-1.5-dev17'):
run('make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1')
sudo('make install')
put('config/haproxy-init', '/etc/init.d/haproxy', use_sudo=True)
sudo('chmod u+x /etc/init.d/haproxy')
put('config/haproxy.conf', '/etc/haproxy/.conf', use_sudo=True)
sudo('mkdir -p /var/lib/redis')
sudo('update-rc.d redis defaults')
sudo('/etc/init.d/redis stop')
sudo('/etc/init.d/redis start')
put('config/haproxy.conf', '/etc/haproxy/haproxy.cfg', use_sudo=True)
sudo('echo "ENABLED=1" > /etc/default/haproxy')
cert_path = "%s/config/certificates" % env.NEWSBLUR_PATH
run('cat %s/newsblur.com.crt > %s/newsblur.pem' % (cert_path, cert_path))
run('cat %s/intermediate.crt >> %s/newsblur.pem' % (cert_path, cert_path))
run('cat %s/newsblur.com.key >> %s/newsblur.pem' % (cert_path, cert_path))
sudo('/etc/init.d/haproxy stop')
sudo('/etc/init.d/haproxy start')
# ==============
# = Setup - DB =