NewsBlur/docker/haproxy/haproxy.consul.cfg.j2

global
    maxconn 100000
    daemon
    ca-base /srv/newsblur/config/certificates
    crt-base /srv/newsblur/config/certificates
    tune.bufsize 32000
    tune.maxrewrite 8196
    tune.ssl.default-dh-param 2048
    log 127.0.0.1 local0 notice
    # log 127.0.0.1 local1 info

defaults
    log global
    maxconn 100000
    mode http
    option forwardfor
    option http-server-close
    option httpclose
    option log-health-checks
    option log-separate-errors
    option httplog
    option redispatch
    option abortonclose
    timeout connect 10s
    timeout client 10s
    timeout server 30s
    timeout tunnel 1h
    retries 3
    errorfile 502 /srv/newsblur/templates/502.http
    errorfile 503 /srv/newsblur/templates/502.http
    errorfile 504 /srv/newsblur/templates/502.http

frontend public
    bind :80
    bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem #ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA no-sslv3
    http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
    option http-server-close

    acl gunicorn_dead nbsrv(app) lt 1
    acl nginx_dead nbsrv(nginx) lt 1
    acl mx_mode nbsrv(maintenance) lt 1
    acl is_unread_count url_beg /reader/feed_unread_count
    acl is_refresh_feeds url_beg /reader/refresh_feed

    monitor-uri /status
    monitor fail if gunicorn_dead
    monitor fail if nginx_dead
    monitor fail if mx_mode

    # Redirect all HTTP traffic to HTTPS
    redirect scheme https code 301 if !{ ssl_fc }

    use_backend node_socket if { path_beg /v2/socket.io/ }
    use_backend node_favicon if { path_beg /rss_feeds/icon/ }
    use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
    use_backend node_page if { path_beg /original_page/ }
    use_backend nginx if { path_beg /media/ }
    use_backend nginx if { path_beg /static/ }
    use_backend nginx if { path_beg /favicon }
    use_backend nginx if { path_beg /crossdomain/ }
    use_backend nginx if { path_beg /robots }
    #use_backend self if { path_beg /munin/ }

    use_backend nginx if mx_mode

    use_backend app_counts if is_unread_count
    use_backend app_refresh if is_refresh_feeds
    use_backend app unless gunicorn_dead || nginx_dead

backend node_socket
    balance roundrobin
    server-template node-socket 1 node-socket.service.nyc1.consul:8888 resolvers consul check inter 3000ms

backend node_favicon
    http-check expect rstatus 200|503
    option httpchk GET /rss_feeds/icon/1
    balance roundrobin
    server-template node-favicons 1 node-favicons.service.nyc1.consul:3030 resolvers consul check inter 3000ms

backend node_text
    http-check expect rstatus 200|503
    option httpchk GET /rss_feeds/original_text_fetcher?test=1
    balance roundrobin
    server-template node-text 1 node-text.service.nyc1.consul:4040 resolvers consul check inter 3000ms

backend node_page
    http-check expect rstatus 200|503
    # check if there is a check for this
    option httpchk GET /rss_feeds/original_text_fetcher?test=1
    balance roundrobin
    server-template node-page 1 node-page.service.nyc1.consul:3060 resolvers consul check inter 3000ms

backend nginx
    balance roundrobin
    option httpchk GET /_nginxchk
    http-check expect rstatus 200|503
    server-template nginx 1 app-django.service.nyc1.consul:80 resolvers consul check inter 3000ms

backend app
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app 1 app-django.service.nyc1.consul:8000 resolvers consul check inter 3000ms

backend app_counts
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app 1 app-counts.service.nyc1.consul:8000 resolvers consul check inter 3000ms
backend app_refresh
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app 1 app-refresh.service.nyc1.consul:8000 resolvers consul check inter 3000ms

backend push
    balance roundrobin
    option httpchk GET /_haproxychk
    server-template app 1 app-push.service.nyc1.consul:8000 resolvers consul check inter 3000ms

backend work
    balance roundrobin
    option httpchk GET http://monitor.service.nyc1.consul:5579/work_check/celeryd_work_queue
    http-check expect rstatus 200|503|301
    server-template work 1 task-work.service.nyc1.consul:82 check inter 30000ms

backend postgres
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/postgres
    server-template postgres 1 postgres.service.nyc1.consul:5432 check inter 30000ms

backend mongo
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/mongo
    server-template mongo 4 db-mongo.service.nyc1.consul:27017 check inter 2000ms

backend db_redis
    option httpchk GET http://monitor:5579/db_check/redis
    # redis, redis_pubsub, redis_sessions, redis_story droplets are necessary
    # in docker swarm although not routed with haproxy
backend db_redis_story
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/redis_story

backend db_redis_sessions
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/redis_sessions

backend db_redis_pubsub
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/redis_pubsub

backend db_elasticsearch
    option httpchk GET http://monitor.service.nyc1.consul:5579/db_check/elasticsearch
    server-template elasticsearch 1 db-elasticsearch.service.nyc1.consul:9300 check inter 2000ms

backend maintenance
    option httpchk HEAD /maintenance
    http-check expect status 404
    http-check send-state
    server nginx haproxy.service.nyc1.consul:81 check inter 3000ms

listen stats
bind :1936 ssl crt {{ ssl_certificate }}

stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth gimmiestats:StatsGiver
stats refresh 15s