Skip to content

Instantly share code, notes, and snippets.

@releu

releu/haproxy Secret

Created December 5, 2014 12:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save releu/59b7f1d649c681856320 to your computer and use it in GitHub Desktop.
Save releu/59b7f1d649c681856320 to your computer and use it in GitHub Desktop.
Download ZIP
Dropped connections
Raw
haproxy
global
maxconn 4096
user haproxy
group haproxy
daemon
defaults
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 50000
clitimeout 50000
srvtimeout 50000
frontend all_80 0.0.0.0:80
mode http
default_backend www_backend
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
use_backend socket_backend if is_websocket
frontend all_443 0.0.0.0:443
mode tcp
default_backend www_backend_ssl
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
use_backend socket_backend_ssl if is_websocket
frontend all_8080 0.0.0.0:8080
mode http
default_backend socket_backend
frontend all_8443 0.0.0.0:8443
mode tcp
default_backend socket_backend_ssl
backend www_backend
mode http
stats enable
stats auth xxx:xxx
balance roundrobin
option httpchk HEAD / HTTP/1.0
option forwardfor
cookie LSW_WEB insert
option httpclose
timeout server 30000
timeout connect 4000
server web1 xxx:80 cookie "LSW_WEB1" check
server web2 xxx:80 cookie "LSW_WEB2" check
backend socket_backend
mode http
stats enable
stats auth cloud66:LVSnjobcaR
balance roundrobin
option forwardfor # This sets X-Forwarded-For
timeout queue 5000
timeout client 86400000
timeout server 86400000
timeout connect 86400000
server web1 xxx:8080
server web2 xxx:8080
backend www_backend_ssl
mode tcp
balance roundrobin
server web1 xxx:443
server web2 xxx:443
backend socket_backend_ssl
mode tcp
balance roundrobin
timeout queue 5000
timeout client 86400000
timeout server 86400000
timeout connect 86400000
server web1 xxx:8443
server web2 xxx:8443
Raw
nginx
user nginx;
worker_processes 2;
error_log /var/deploy/xxx/web_head/shared/log/nginx_error.log;
events
{
worker_connections 1024;
accept_mutex off;
}
http
{
gzip on;
gzip_min_length 100;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml text/css application/x-javascript text/javascript;
gzip_disable "MSIE [1-6]\.";
add_header X-Powered-By cloud66;
set_real_ip_from xxx;
real_ip_header X-Forwarded-For;
tcp_nopush on;
tcp_nodelay off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
underscores_in_headers on;
types_hash_max_size 2048;
include mime.types;
default_type application/octet-stream;
client_max_body_size 50m;
sendfile on;
server_tokens off;
keepalive_timeout 65;
upstream socket_server
{
server unix:/tmp/web_server.sock fail_timeout=0;
}
server
{
listen 80 default_server;
server_name _;
keepalive_timeout 5;
root /var/deploy/xxx/web_head/current/public;
# ban known tor ip address ranges
include /etc/cloud66/nginx_tor*.conf;
client_max_body_size 50m;
# redirect to 503 if maintenance page present
if (-f $document_root/cloud66_maintenance.html)
{
return 503;
}
# redirect on errors
error_page 500 502 504 /50x.html;
error_page 503 @maintenance;
# handle error redirect
location = /50x.html
{
root html;
}
location @maintenance
{
error_page 405 = /cloud66_maintenance.html;
if (-f $document_root/cloud66_maintenance.html)
{
rewrite ^(.*)$ /cloud66_maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
location /
{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename)
{
proxy_pass http://socket_server;
break;
}
}
location ~ \.php$
{
deny all;
}
}
server
{
listen 443;
ssl on;
ssl_certificate_key /etc/ssl/localcerts/xxx.key;
ssl_certificate /etc/ssl/localcerts/xxx.crt;
server_name gistroll.com;
client_max_body_size 50m;
root /var/deploy/xxx/web_head/current/public;
# ban known tor ip address ranges
include /etc/cloud66/nginx_tor*.conf;
# redirect to 503 if maintenance page present
if (-f $document_root/cloud66_maintenance.html)
{
return 503;
}
# redirect on errors
error_page 500 502 504 /50x.html;
error_page 503 @maintenance;
# handle error redirect
location = /50x.html
{
root html;
}
location @maintenance
{
error_page 405 = /cloud66_maintenance.html;
if (-f $document_root/cloud66_maintenance.html)
{
rewrite ^(.*)$ /cloud66_maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
location /
{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
if (!-f $request_filename)
{
proxy_pass http://socket_server;
break;
}
}
location ~ \.php$
{
deny all;
}
}
}
Raw
unicorn
worker_processes 4
working_directory "#{ENV['STACK_PATH']}"
listen "/tmp/web_server.sock", :backlog => 1024
timeout 30
pid '/tmp/web_server.pid'
stderr_path "#{ENV['STACK_PATH']}/log/unicorn.stderr.log"
stdout_path "#{ENV['STACK_PATH']}/log/unicorn.stdout.log"
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true
check_client_connection false
before_fork do |server, worker|
old_pid = '/tmp/web_server.pid.oldbin'
if File.exists?(old_pid) && server.pid != old_pid
begin
Process.kill("QUIT", File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
end
after_fork do |server, worker|
defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment