global maxconn 100000 daemon ca-base /srv/newsblur/config/certificates crt-base /srv/newsblur/config/certificates tune.bufsize 32000 tune.maxrewrite 8196 tune.ssl.default-dh-param 2048 log 127.0.0.1 local0 notice # log 127.0.0.1 local1 info defaults log global maxconn 100000 mode http option forwardfor option http-server-close option httpclose option log-health-checks option log-separate-errors option httplog option redispatch option abortonclose timeout connect 10s timeout client 10s timeout server 30s timeout tunnel 1h retries 3 errorfile 502 /srv/newsblur/templates/502.http errorfile 503 /srv/newsblur/templates/502.http errorfile 504 /srv/newsblur/templates/502.http frontend public bind :80 bind :443 ssl crt /srv/newsblur/config/certificates/localhost.pem #ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3 http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains option http-server-close # Redirect all HTTP traffic to HTTPS redirect scheme https code 301 if !{ ssl_fc } acl gunicorn_dead nbsrv(gunicorn) lt 1 acl nginx_dead nbsrv(nginx) lt 1 acl is_unread_count url_beg /reader/feed_unread_count acl is_refresh_feeds url_beg /reader/refresh_feed monitor-uri /status monitor fail if gunicorn_dead monitor fail if nginx_dead use_backend node_socket if { path_beg /v3/socket.io/ } use_backend node_favicon if { path_beg /rss_feeds/icon/ } use_backend node_text if { path_beg /rss_feeds/original_text_fetcher } use_backend node_page if { path_beg /original_page/ } use_backend nginx if { path_beg /media/ } use_backend nginx if { path_beg /static/ } use_backend nginx if { path_beg /favicon } use_backend nginx if { path_beg /crossdomain/ } use_backend nginx if { path_beg /robots } #use_backend self if { path_beg /munin/ } # use_backend gunicorn_counts if is_unread_count # use_backend gunicorn_refresh if is_refresh_feeds use_backend gunicorn unless gunicorn_dead || nginx_dead backend node_socket http-check expect rstatus 200|503 balance roundrobin server node_socket newsblur_node:8008 check inter 3000ms backend node_favicon http-check expect rstatus 200|301|503 # option httpchk GET /rss_feeds/icon/1 balance roundrobin server node_favicon newsblur_node:8008 check inter 3000ms backend node_text http-check expect rstatus 200|503 option httpchk GET /rss_feeds/original_text_fetcher?test=1 balance roundrobin server node_text newsblur_node:8008 check inter 3000ms backend node_page http-check expect rstatus 200|503 option httpchk GET /rss_feeds/original_text_fetcher?test=1 balance roundrobin server node_page newsblur_node:8008 check inter 3000ms backend nginx balance roundrobin # option httpchk GET /_nginxchk http-check expect rstatus 200|503 server nginx nginx:81 check inter 60000ms backend gunicorn balance roundrobin # option httpchk GET /_haproxychk server app_django nb.com:8000 check inter 3000ms backend postgres server db_postgres db_postgres:5434 check inter 2000ms backend mongo server db_mongo db_mongo:29019 check inter 2000ms backend redis server db_redis db_redis:6579 check inter 2000ms server db_redis_pubsub db_redis:6579 check inter 2000ms backend redis_story server db_redis_story db_redis:6579 check inter 2000ms backend redis_sessions server db_redis_sessions db_redis:6579 check inter 2000ms backend elasticsearch server db_elasticsearch db_elasticsearch:9200 check inter 2000ms listen stats bind :1936 ssl crt /srv/newsblur/config/certificates/localhost.pem stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth gimmiestats:StatsGiver stats refresh 15s