global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghost local0 info maxconn <%= node[:haproxy][:global_max_connections] %> #debug #quiet user haproxy group haproxy <% if node[:haproxy][:stats_socket_level] %> stats socket <%= node[:haproxy][:stats_socket_path] %> level <%= node[:haproxy][:stats_socket_level] %> <% else %> stats socket <%= node[:haproxy][:stats_socket_path] %> <% end %> defaults log global mode http option httplog option dontlognull retries <%= node[:haproxy][:retries] %> option redispatch maxconn <%= node[:haproxy][:default_max_connections] %> timeout client <%= node[:haproxy][:client_timeout] %> # Client and server timeout must match the longest timeout server <%= node[:haproxy][:server_timeout] %> # time we may wait for a response from the server. timeout queue <%= node[:haproxy][:queue_timeout] %> # Don't queue requests too long if saturated. timeout connect <%= node[:haproxy][:connect_timeout] %> # There's no reason to change this one. timeout http-request <%= node[:haproxy][:http_request_timeout] %> # A complete request may never take that long. <% if node[:haproxy][:httpclose] %> option httpclose # disable keepalive (HAProxy does not yet support the HTTP keep-alive mode) <% end %> <% if node[:haproxy][:http_server_close] %> option http-server-close # enable HTTP connection closing on the server side <% end %> option abortonclose # enable early dropping of aborted requests from pending queue option httpchk # enable HTTP protocol to check on servers health <% if node[:haproxy][:enable_stats] -%> stats auth <%= node[:haproxy][:stats_user] %>:<%= node[:haproxy][:stats_password] %> stats uri <%= node[:haproxy][:stats_url] %> <% end -%> # Set up application listeners here. <% if node[:haproxy][:rails_backends].blank? && node[:haproxy][:php_backends].blank? && node[:haproxy][:nodejs_backends].blank? && node[:haproxy][:static_backends].blank? && node[:haproxy][:java_backends].blank? -%> listen application 0.0.0.0:80 # configure a fake backend as long as there are no real ones # this way HAProxy will not fail on a config check balance <%= node[:haproxy][:balance] %> server localhost 127.0.0.1:8080 weight 1 maxconn 5 check <% else -%> <% if !node[:haproxy][:rails_backends].empty? -%> backend rails_app_servers balance <%= node[:haproxy][:balance] %> option redispatch option forwardfor option httpchk <%= node[:haproxy][:health_check_method] %> <%= node[:haproxy][:health_check_url] %> <% node[:haproxy][:rails_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:80 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_rails_app] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:rails_backends].empty? -%> backend rails_app_servers_ssl mode tcp balance <%= node[:haproxy][:balance] %> option redispatch option ssl-hello-chk <% node[:haproxy][:rails_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:443 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_rails_app_ssl] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:php_backends].empty? -%> backend php_app_servers balance <%= node[:haproxy][:balance] %> option redispatch option forwardfor option httpchk <%= node[:haproxy][:health_check_method] %> <%= node[:haproxy][:health_check_url] %> <% node[:haproxy][:php_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:80 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_php_app] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:php_backends].empty? -%> backend php_app_servers_ssl mode tcp balance <%= node[:haproxy][:balance] %> option redispatch option ssl-hello-chk <% node[:haproxy][:php_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:443 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_php_app_ssl] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:nodejs_backends].empty? -%> backend nodejs_app_servers balance <%= node[:haproxy][:balance] %> option redispatch option forwardfor option httpchk <%= node[:haproxy][:health_check_method] %> <%= node[:haproxy][:health_check_url] %> <% node[:haproxy][:nodejs_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:80 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_nodejs_app] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:nodejs_backends].empty? -%> backend nodejs_app_servers_ssl mode tcp balance <%= node[:haproxy][:balance] %> option redispatch option ssl-hello-chk <% node[:haproxy][:nodejs_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:443 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_nodejs_app_ssl] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:static_backends].empty? -%> backend static_servers balance <%= node[:haproxy][:balance] %> option redispatch option forwardfor option httpchk GET <%= node[:haproxy][:health_check_url] %> # Nginx doesn't understand OPTIONS <% node[:haproxy][:static_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:80 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_static] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:static_backends].empty? -%> backend static_servers_ssl mode tcp balance <%= node[:haproxy][:balance] %> option redispatch option ssl-hello-chk <% node[:haproxy][:static_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:443 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_static_ssl] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:java_backends].empty? -%> backend java_servers balance <%= node[:haproxy][:balance] %> option redispatch option forwardfor option httpchk <%= node[:haproxy][:health_check_method] %> <%= node[:haproxy][:health_check_url] %> <% node[:haproxy][:java_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:80 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_java_app] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> <% if !node[:haproxy][:java_backends].empty? -%> backend java_servers_ssl mode tcp balance <%= node[:haproxy][:balance] %> option redispatch option ssl-hello-chk <% node[:haproxy][:java_backends].each do |backend| -%> server <%= backend['name'] %> <%= backend['ip'] %>:443 weight <%= backend['backends'] || 10 %> maxconn <%= backend['backends'] * node[:haproxy][:maxcon_factor_java_app_ssl] %> check inter <%= node[:haproxy][:check_interval] %> <% end -%> <% end -%> frontend http-in bind :80 # all domains of Rails applications <% node[:haproxy][:rails_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl rails_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> hdr_end(host) -i <%= domain %> <% if app_config['mounted_at'] -%> acl rails_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %>_path path_beg <%= app_config['mounted_at'] %> <% end -%> <% end -%> <% end -%> # all domains of PHP applications <% node[:haproxy][:php_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl php_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> hdr_end(host) -i <%= domain %> <% if app_config['mounted_at'] -%> acl php_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %>_path path_beg <%= app_config['mounted_at'] %> <% end -%> <% end -%> <% end -%> # all domains of node.js applications <% node[:haproxy][:nodejs_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl nodejs_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> hdr_end(host) -i <%= domain %> <% if app_config['mounted_at'] -%> acl nodejs_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %>_path path_beg <%= app_config['mounted_at'] %> <% end -%> <% end -%> <% end -%> # all domains of static applications <% node[:haproxy][:static_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl static_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> hdr_end(host) -i <%= domain %> <% if app_config['mounted_at'] -%> acl static_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %>_path path_beg <%= app_config['mounted_at'] %> <% end -%> <% end -%> <% end -%> # choose backend <% unless node[:haproxy][:static_applications].empty? || node[:haproxy][:static_backends].empty? -%> <% node[:haproxy][:static_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> <% if app_config['mounted_at'] -%> use_backend static_servers if static_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> static_application_<%= app_name %>_domain_<%= domain %>_path <% else -%> use_backend static_servers if static_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> <% end -%> <% end -%> <% end -%> <% end -%> <% unless node[:haproxy][:nodejs_applications].empty? || node[:haproxy][:nodejs_backends].empty? -%> <% node[:haproxy][:nodejs_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> <% if app_config['mounted_at'] -%> use_backend nodejs_app_servers if nodejs_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> nodejs_application_<%= app_name %>_domain_<%= domain %>_path <% else -%> use_backend nodejs_app_servers if nodejs_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> <% end -%> <% end -%> <% end -%> <% end -%> <% unless node[:haproxy][:php_applications].empty? || node[:haproxy][:php_backends].empty? -%> <% node[:haproxy][:php_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> <% if app_config['mounted_at'] -%> use_backend php_app_servers if php_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> php_application_<%= app_name %>_domain_<%= domain %>_path <% else -%> use_backend php_app_servers if php_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> <% end -%> <% end -%> <% end -%> <% end -%> <% unless node[:haproxy][:rails_applications].empty? || node[:haproxy][:rails_backends].empty? -%> <% node[:haproxy][:rails_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> <% if app_config['mounted_at'] -%> use_backend rails_app_servers if rails_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> rails_application_<%= app_name %>_domain_<%= domain %>_path <% else -%> use_backend rails_app_servers if rails_application_<%= app_name %>_domain_<%= domain.gsub(/[^\w.:-]/, '_') %> <% end -%> <% end -%> <% end -%> <% end -%> <% if !node[:haproxy][:rails_backends].empty? -%> default_backend rails_app_servers <% elsif !node[:haproxy][:php_backends].empty? -%> default_backend php_app_servers <% elsif !node[:haproxy][:nodejs_backends].empty? -%> default_backend nodejs_app_servers <% elsif !node[:haproxy][:static_backends].empty? -%> default_backend static_servers <% elsif !node[:haproxy][:java_backends].empty? -%> default_backend java_servers <% end -%> frontend https-in mode tcp bind :443 # all domains of Rails applications <% node[:haproxy][:rails_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl rails_applications_ssl hdr_end(host) -i <%= domain %> <% end -%> <% end -%> # all domains of PHP applications <% node[:haproxy][:php_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl php_applications_ssl hdr_end(host) -i <%= domain %> <% end -%> <% end -%> # all domains of node.js applications <% node[:haproxy][:nodejs_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl nodejs_applications_ssl hdr_end(host) -i <%= domain %> <% end -%> <% end -%> # all domains of static applications <% node[:haproxy][:static_applications].each do |app_name, app_config| -%> <% app_config['domains'].each do |domain| -%> acl static_applications_ssl hdr_end(host) -i <%= domain %> <% end -%> <% end -%> <% unless node[:haproxy][:rails_applications].empty? || node[:haproxy][:rails_backends].empty? -%> use_backend rails_app_servers_ssl if rails_applications_ssl <% end -%> <% unless node[:haproxy][:php_applications].empty? || node[:haproxy][:php_backends].empty? -%> use_backend php_app_servers_ssl if php_applications_ssl <% end -%> <% unless node[:haproxy][:nodejs_applications].empty? || node[:haproxy][:nodejs_backends].empty? -%> use_backend nodejs_app_servers_ssl if nodejs_applications_ssl <% end -%> <% unless node[:haproxy][:static_applications].empty? || node[:haproxy][:static_backends].empty? -%> use_backend static_servers_ssl if static_applications_ssl <% end -%> <% if !node[:haproxy][:rails_backends].empty? -%> default_backend rails_app_servers_ssl <% elsif !node[:haproxy][:php_backends].empty? -%> default_backend php_app_servers_ssl <% elsif !node[:haproxy][:nodejs_backends].empty? -%> default_backend nodejs_app_servers_ssl <% elsif !node[:haproxy][:static_backends].empty? -%> default_backend static_servers_ssl <% elsif !node[:haproxy][:java_backends].empty? -%> default_backend java_servers_ssl <% end -%> <% end -%>