global
    maxconn 100000
    daemon
    ca-base /srv/newsblur/config/certificates
    crt-base /srv/newsblur/config/certificates
    tune.bufsize 32000
    tune.maxrewrite 8196
    tune.ssl.default-dh-param 2048
    log 127.0.0.1 local0 notice
    # log 127.0.0.1 local1 info

resolvers consul
    nameserver consul 127.0.0.1:53
    accepted_payload_size 8192 # allow larger DNS payloads

defaults
    log global
    maxconn 100000
    mode http
    option forwardfor
    option http-server-close
    option httpclose
    option log-health-checks
    option log-separate-errors
    option httplog
    option redispatch
    option abortonclose
    timeout connect 10s
    timeout client 10s
    timeout server 30s
    timeout tunnel 1h
    retries 3
    errorfile 502 /srv/newsblur/templates/502.http
    errorfile 503 /srv/newsblur/templates/502.http
    errorfile 504 /srv/newsblur/templates/502.http

frontend public
    bind :80
    bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
    http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
    option http-server-close

    acl gunicorn_dead nbsrv(app_django) lt 1
    acl nginx_dead nbsrv(nginx) lt 1
    acl mx_mode nbsrv(maintenance) lt 1
    acl is_unread_count url_beg /reader/feed_unread_count
    acl is_refresh_feeds url_beg /reader/refresh_feed

    monitor-uri /status
    monitor fail if gunicorn_dead
    monitor fail if nginx_dead
    monitor fail if mx_mode

    # Redirect all HTTP traffic to HTTPS
    redirect scheme https code 301 if !{ ssl_fc }

    use_backend app_push if { hdr_end(host) -i push.newsblur.com }
    use_backend node_socket if { path_beg /v3/socket.io/ }
    use_backend node_favicon if { path_beg /rss_feeds/icon/ }
    use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
    use_backend node_images if { hdr_end(host) -i imageproxy.newsblur.com }
    use_backend node_page if { path_beg /original_page/ }
    use_backend nginx if { path_beg /media/ }
    use_backend nginx if { path_beg /static/ }
    use_backend nginx if { path_beg /favicon }
    use_backend nginx if { path_beg /crossdomain/ }
    use_backend nginx if { path_beg /robots }
    #use_backend self if { path_beg /munin/ }

    use_backend nginx if mx_mode

    use_backend app_counts if is_unread_count
    use_backend app_refresh if is_refresh_feeds
    use_backend app_django unless gunicorn_dead || nginx_dead

backend nginx
    balance roundrobin
    option httpchk GET /_nginxchk
    http-check expect rstatus 200|503
    server-template nginx 5 _nginx._tcp.service.nyc1.consul:80 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend app_django
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app-django 5 _app-django._tcp.service.nyc1.consul:8000 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend app_counts
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app-counts 1 _app-counts._tcp.service.nyc1.consul:8000 check inter 3000ms resolvers consul resolve-opts allow-dup-ip
    
backend app_refresh
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app-refresh 1 _app-refresh._tcp.service.nyc1.consul:8000 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend app_push
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app-push 1 _app-push._tcp.service.nyc1.consul:8000 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend work
    balance roundrobin
    option httpchk GET http://monitor.service.nyc1.consul:5000/work_check/celeryd_work_queue
    http-check expect rstatus 200|503|301
    server-template work 1 _task-work._tcp.service.nyc1.consul:82 check inter 30000ms resolvers consul resolve-opts allow-dup-ip

backend node_images
    option httpchk HEAD /sc,sN1megONJiGNy-CCvqzVPTv-TWRhgSKhFlf61XAYESl4=/http:/samuelclay.com/static/images/2019%20-%20Cuba.jpg
    http-check expect rstatus 200|301
    server-template node-images 1 _node-images._tcp.service.nyc1.consul:80 check inter 2000ms resolvers consul resolve-opts allow-dup-ip

backend node_socket
    balance roundrobin
    server-template node-socket 1 _node-socket._tcp.service.nyc1.consul:8888 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend node_favicon
    http-check expect rstatus 200|503
    option httpchk GET /rss_feeds/icon/1
    balance roundrobin
    server-template node-favicons 1 _node-favicons._tcp.service.nyc1.consul:3030 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend node_text
    http-check expect rstatus 200|503
    option httpchk GET /rss_feeds/original_text_fetcher?test=1
    balance roundrobin
    server-template node-text 1 _node-text._tcp.service.nyc1.consul:4040 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend node_page
    http-check expect rstatus 200|503
    option httpchk GET /original_page/1?test=1
    balance roundrobin
    server-template node-page 1 _node-page._tcp.service.nyc1.consul:3060 check inter 3000ms resolvers consul resolve-opts allow-dup-ip

backend postgres
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/postgres
    server-template postgresql 1 _db-postgres._tcp.service.nyc1.consul:5432 check inter 30000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend mongo
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/mongo
    server-template mongo 4 _db-mongo._tcp.service.nyc1.consul:27017 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend db_redis_user
    option httpchk GET http://monitor:5000/db_check/redis
    server-template db-redis-user 1 _db-redis-user._tcp.service.nyc1.consul:6379 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend db_redis_story
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/redis_story
    server-template db-redis-story 1 _db-redis-story._tcp.service.nyc1.consul:6379 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend db_redis_sessions
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/redis_sessions
    server-template db-redis-sessions 1 _db-redis-sessions._tcp.service.nyc1.consul:6379 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend db_redis_pubsub
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/redis_pubsub
    server-template db-redis-pubsub 1 _db-redis-pubsub._tcp.service.nyc1.consul:6379 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend db_elasticsearch
    option httpchk GET http://monitor.service.nyc1.consul:5000/db_check/elasticsearch
    server-template elasticsearch 1 _db-elasticsearch._tcp.service.nyc1.consul:9300 check inter 2000ms resolvers consul resolve-opts allow-dup-ip init-addr none

backend maintenance
    option httpchk HEAD /maintenance
    http-check expect status 404
    http-check send-state
    server nginx _haproxy._tcp.service.nyc1.consul:81 check inter 3000ms init-addr none

listen stats
bind :1936 ssl crt {{ ssl_certificate }}

stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth gimmiestats:StatsGiver
stats refresh 15s