public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-04-13 09:42:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
NewsBlur/docker/haproxy/haproxy.consul.cfg.j2
Samuel Clay 55dda973da Merge branch 'master' into discover 
* master:
  Allowing traffic on docker0 interface.
  Clean TXT records so letsencrypt doesn't fail
  Thresholding bounced newsletters email.
  Another type of invalid url on the widget.
  Handling broken urls on widget
  Handling broken urls on image extraction.
  Handling invalid forgot password form.
  Fixing global shared stories blurblog.
  https for stripe urls. Fixes #1865.
2024-06-29 08:19:51 -04:00

291 lines
12 KiB
Django/Jinja
Raw Blame History

global
maxconn 100000
daemon
ca-base /srv/newsblur/config/certificates
crt-base /srv/newsblur/config/certificates
tune.bufsize 32000
tune.maxrewrite 8196
tune.ssl.default-dh-param 2048
log 127.0.0.1 local0 notice
log 127.0.0.1 local1 info
resolvers consul
nameserver consul 127.0.0.1:53
accepted_payload_size 8192 # allow larger DNS payloads
defaults
log global
maxconn 100000
mode http
option forwardfor
option http-server-close
option httpclose
option log-health-checks
option log-separate-errors
option httplog
option redispatch
option abortonclose
timeout connect 10s
timeout client 10s
timeout server 30s
timeout tunnel 1h
retries 3
errorfile 502 /srv/newsblur/templates/502.http
errorfile 503 /srv/newsblur/templates/502.http
errorfile 504 /srv/newsblur/templates/502.http
# balance roundrobin
frontend public
bind :80
bind :443 ssl crt /srv/newsblur/config/certificates/newsblur.com.pem ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
http-response add-header Strict-Transport-Security max-age=0;\ includeSubDomains
option http-server-close
acl gunicorn_dead nbsrv(app_django) lt 1
acl nginx_dead nbsrv(nginx) lt 1
acl mx_mode nbsrv(maintenance) lt 1
acl is_unread_count url_beg /reader/feed_unread_count
acl is_discover url_beg /discover/feed
acl is_refresh_feeds url_beg /reader/refresh_feed
acl is_original_text url_beg /rss_feeds/original_text
acl is_river url_beg /reader/river_stories
acl is_automated_river urlp(h) -m found
acl is_dashboard url_param(dashboard) -i true
monitor-uri /status
monitor fail if gunicorn_dead
monitor fail if nginx_dead
monitor fail if mx_mode
# Redirect all HTTP traffic to HTTPS
acl is_root path /
redirect scheme https if is_root !{ ssl_fc }
use_backend app_push if { hdr_end(host) -i push.newsblur.com }
use_backend node_socket if { path_beg /v3/socket.io/ }
use_backend node_favicons if { path_beg /rss_feeds/icon/ }
use_backend node_text if { path_beg /rss_feeds/original_text_fetcher }
use_backend node_images if { hdr_end(host) -i imageproxy.newsblur.com }
use_backend node_images if { hdr_end(host) -i imageproxy2.newsblur.com }
use_backend node_page if { path_beg /original_page/ }
use_backend blog if { hdr_end(host) -i blog.newsblur.com }
use_backend sentry if { hdr_end(host) -i sentry.newsblur.com }
use_backend nginx if { path_beg /media/ }
use_backend nginx if { path_beg /static/ }
use_backend nginx if { path_beg /favicon }
use_backend nginx if { path_beg /crossdomain/ }
use_backend nginx if { path_beg /robots }
use_backend metrics if { path_beg /metrics }
#use_backend self if { path_beg /munin/ }
use_backend db_metrics if { hdr_end(host) -i metrics.newsblur.com }
use_backend consul_manager if { hdr_end(host) -i consul.newsblur.com }
use_backend nginx if mx_mode
use_backend app_count if is_unread_count
use_backend app_count if is_discover
use_backend app_refresh if is_refresh_feeds
use_backend app_refresh if is_dashboard
use_backend app_refresh if is_original_text
use_backend app_refresh if is_river is_automated_river
use_backend app_django unless gunicorn_dead || nginx_dead
backend nginx
option httpchk GET /_nginxchk
http-check expect rstatus 200|503
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hweb %}
server nginx-{{host}} {{host}}.node.nyc1.consul:80
{% endfor %}
backend app_django
option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hdjango %}
server {{host}} {{host}}.node.nyc1.consul:8000
{% endfor %}
backend app_count
balance roundrobin
option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hcount %}
server {{host}} {{host}}.node.nyc1.consul:8000
{% endfor %}
# server-template app-counts 1 _app-counts._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
backend app_refresh
balance roundrobin
option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hrefresh %}
server {{host}} {{host}}.node.nyc1.consul:8000
{% endfor %}
# server-template app-refresh 1 _app-refresh._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
backend app_push
balance roundrobin
option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hpush %}
server {{host}} {{host}}.node.nyc1.consul:8000
{% endfor %}
# server-template app-push 1 _app-push._tcp.service.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
backend node_images
option httpchk HEAD /sc,seLJDaKBog3LLEMDe8cjBefMhnVSibO4RA5boZhWcVZ0=/https://samuelclay.com/static/images/2019%20-%20Cuba.jpg
http-check expect rstatus 200|301
default-server check inter 10000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hnode_images %}
server {{host}} {{host}}.node.nyc1.consul:8088
{% endfor %}
backend node_socket
balance roundrobin
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hnode_socket %}
server {{host}} {{host}}.node.nyc1.consul:8008
{% endfor %}
backend node_favicons
http-check expect rstatus 200|503
option httpchk GET /rss_feeds/icon/1
balance roundrobin
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hnode_favicons %}
server {{host}} {{host}}.node.nyc1.consul:8008
{% endfor %}
backend node_text
http-check expect rstatus 200|503
option httpchk GET /rss_feeds/original_text_fetcher?test=1
balance roundrobin
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hnode_text %}
server {{host}} {{host}}.node.nyc1.consul:8008
{% endfor %}
backend node_page
http-check expect rstatus 200|503
option httpchk GET /original_page/1?test=1
balance roundrobin
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.hnode_page %}
server {{host}} {{host}}.node.nyc1.consul:8008
{% endfor %}
backend staging
balance roundrobin
option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.staging %}
server {{host}} {{host}}.node.nyc1.consul:8000
{% endfor %}
backend blog
balance roundrobin
option httpchk GET /_nginxchk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.blogs %}
server {{host}} {{host}}.node.nyc1.consul:80
{% endfor %}
backend sentry
balance roundrobin
option httpchk GET /_health
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.sentry %}
server {{host}} {{host}}.node.nyc1.consul:9000
{% endfor %}
backend db_metrics
balance roundrobin
# option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
server db-grafana grafana.service.nyc1.consul:3000
backend metrics
option httpchk GET /_haproxychk
http-check expect rstatus 200|301
server happ-web-01 happ-web-01.node.nyc1.consul:8000 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
backend postgres
option httpchk GET /db_check/postgres
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.postgres %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
# server hdb-postgres-secondary hdb-redis-secondary.node.nyc1.consul:5579
backend mongo
option httpchk GET /db_check/mongo
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.mongo %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
backend mongo_analytics
option httpchk GET /db_check/mongo_analytics
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.mongo_analytics %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
backend db_redis_user
option httpchk GET /db_check/redis_user
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.redis_user %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
server hdb-redis-secondary hdb-redis-secondary.node.nyc1.consul:5579
backend db_redis_story
option httpchk GET /db_check/redis_story
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.redis_story %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
server db-redis-secondary hdb-redis-secondary.node.nyc1.consul:5579
backend db_redis_sessions
option httpchk GET /db_check/redis_sessions
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.redis_session %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
server db-redis-secondary hdb-redis-secondary.node.nyc1.consul:5579
backend db_redis_pubsub
option httpchk GET /db_check/redis_pubsub
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
server hdb-redis-pubsub db-redis-pubsub.service.nyc1.consul:5579
backend db_elasticsearch
option httpchk GET /db_check/elasticsearch
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
{% for host in groups.elasticsearch %}
server {{host}} {{host}}.node.nyc1.consul:5579
{% endfor %}
backend consul_manager
balance roundrobin
# option httpchk GET /_haproxychk
default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
server db-consul-manager consul-manager.service.nyc1.consul:8500
backend maintenance
option httpchk HEAD /maintenance
http-check expect status 404
http-check send-state
# server maintenance app-django1.node.nyc1.consul:80 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
server maintenance happ-web-01.node.nyc1.consul:80 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
listen stats
bind :1936 ssl crt {{ ssl_certificate }}
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth gimmiestats:StatsGiver
stats refresh 15s
Reference in a new issue View git blame Copy permalink