global maxconn 100000 daemon ca-base /srv/newsblur/config/certificates crt-base /srv/newsblur/config/certificates tune.bufsize 32000 tune.maxrewrite 8196 tune.ssl.default-dh-param 2048 log 127.0.0.1 local0 notice log 127.0.0.1 local1 debug defaults log global maxconn 100000 mode http option forwardfor option http-server-close option httpclose # option log-health-checks option log-separate-errors option httplog option redispatch option abortonclose timeout connect 5s timeout client 30s timeout server 30s timeout tunnel 1h retries 3 errorfile 502 /srv/newsblur/templates/502.http errorfile 503 /srv/newsblur/templates/502.http errorfile 504 /srv/newsblur/templates/502.http frontend public bind :80 bind :443 ssl crt newsblur.com.crt ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3 http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains option http-server-close acl gunicorn_dead nbsrv(gunicorn) lt 1 acl nginx_dead nbsrv(nginx) lt 1 acl mx_mode nbsrv(maintenance) lt 1 acl is_unread_count url_beg /reader/feed_unread_count monitor-uri /status monitor fail if gunicorn_dead monitor fail if nginx_dead monitor fail if mx_mode # Redirect all HTTP traffic to HTTPS redirect scheme https code 301 if !{ ssl_fc } use_backend imageproxy if { hdr_end(host) -i imageproxy.newsblur.com } use_backend push if { hdr_end(host) -i push.newsblur.com } use_backend node_socket if { path_beg /socket.io/ } use_backend node_socket2 if { path_beg /v2/socket.io/ } use_backend node_socket3 if { path_beg /v3/socket.io/ } use_backend node_favicon if { path_beg /rss_feeds/icon/ } use_backend node_text if { path_beg /rss_feeds/original_text_fetcher } use_backend nginx if { path_beg /media/ } use_backend nginx if { path_beg /static/ } use_backend nginx if { path_beg /favicon } use_backend nginx if { path_beg /crossdomain/ } use_backend nginx if { path_beg /robots } use_backend nginx if { path_beg /munin/ } use_backend nginx if mx_mode use_backend gunicorn_counts if is_unread_count use_backend gunicorn unless gunicorn_dead || nginx_dead backend imageproxy option httpchk HEAD /sc,sN1megONJiGNy-CCvqzVPTv-TWRhgSKhFlf61XAYESl4=/http:/samuelclay.com/static/images/2019%20-%20Cuba.jpg http-check expect rstatus 200|301 server imageproxy01 imageproxy:80 check inter 2000ms backend push # option httpchk GET /_haproxychk # http-check expect rstatus 200|503 server push 127.0.0.1:8000 check inter 2000ms backend node_socket balance roundrobin server nodedebug 127.0.0.1:8888 check inter 2000ms backend node_socket2 balance roundrobin server nodedebug 127.0.0.1:8888 check inter 2000ms backend node_socket3 balance roundrobin server nodedebug 127.0.0.1:8888 check inter 2000ms backend node_favicon balance roundrobin server nodedebug 127.0.0.1:81 check inter 2000ms backend node_text balance roundrobin server nodedebug 127.0.0.1:4040 check inter 2000ms backend nginx balance roundrobin option httpchk GET /_nginxchk http-check expect rstatus 200|503 server nginxdebug 127.0.0.1:81 check inter 2000ms backend gunicorn balance roundrobin option httpchk GET /_haproxychk server gunicorndebug 127.0.0.1:8000 check inter 600000ms backend gunicorn_counts balance roundrobin option httpchk GET /_haproxychk server gunicorndebug 127.0.0.1:8000 check inter 600000ms backend maintenance option httpchk HEAD /maintenance http-check expect status 404 http-check send-state server nginxdebug 127.0.0.1:81 check inter 2000ms backend postgres option httpchk GET /db_check/postgres server postgres-db01 db_pgsql:5000 check inter 2000ms backend mongo option httpchk GET /db_check/mongo server mongo-db22 db_mongo:5000 check inter 2000ms backend redis option httpchk GET /db_check/redis server redis-db40 db_redis:5000 check inter 2000ms backend redis_story option httpchk GET /db_check/redis_story server redis-story-db42 db_redis_story:5000 check inter 2000ms backend redis_sessions option httpchk GET /db_check/redis_sessions server redis-sess-db41 db_redis_sessions:5000 check inter 2000ms backend elasticsearch option httpchk GET /db_check/elasticsearch server es-db10 db_search:5000 check inter 2000ms listen stats bind :1936 ssl crt newsblur.pem stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth sclay:password stats refresh 15s