# this config needs haproxy-1.1.28 or haproxy-1.2.1 global log 127.0.0.1 local0 warning # Set this to 4096 + 16384 # 16384 for the fedmsg gateway and 4096 for everybody else. maxconn 20480 chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 #debug #quiet defaults log global mode http option httplog option dontlognull option httpclose option redispatch retries 3 maxconn 5000 timeout connect 5s timeout client 500s timeout server 500s errorfile 503 /etc/haproxy/503.http listen stats 0.0.0.0:8080 mode http balance hdr(appserver) stats enable stats uri / listen fp-wiki 0.0.0.0:10001 balance hdr(appserver) server wiki01 wiki01:80 check inter 15s rise 2 fall 5 server wiki02 wiki02:80 check inter 15s rise 2 fall 5 option httpchk GET /wiki/Main_Page listen mirror-lists 0.0.0.0:10002 balance hdr(appserver) timeout connect 30s server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3 server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 server mirrorlist-ibiblio mirrorlist-ibiblio:80 check inter 5s rise 2 fall 3 server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3 server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 option httpchk GET /mirrorlist option allbackups listen pkgdb 0.0.0.0:10003 balance hdr(appserver) server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3 server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3 option httpchk GET /pkgdb/collections/ listen fas 0.0.0.0:10004 # These values are set extremely low so any issues are recovered from very # quickly. Setting these higher will cause odd behavior in apps that # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas01 fas01:80 check inter 5s rise 1 fall 2 server fas02 fas02:80 check inter 5s rise 1 fall 2 server fas03 fas03:80 check inter 5s rise 1 fall 2 option httpchk GET /accounts/ listen voting 0.0.0.0:10007 balance hdr(appserver) server elections01 elections01:80 check inter 10s rise 2 fall 4 server elections02 elections02:80 check inter 10s rise 2 fall 4 option httpchk GET /voting/ listen mirrormanager 0.0.0.0:10008 balance hdr(appserver) server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3 server mm-frontend02 mm-frontend02:80 check inter 60s rise 2 fall 3 option httpchk GET /mirrormanager/static/mirrormanager2.css ## This is bodhi1.. removed for the bodhi2 migration. ##listen bodhi 0.0.0.0:10009 ## balance hdr(appserver) ## server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3 ## server bodhi02 bodhi02:80 check inter 20s rise 2 fall 3 ## option httpchk GET /updates/nagios listen bodhi2 0.0.0.0:10010 balance hdr(appserver) server bodhi03 bodhi03:80 check inter 20s rise 2 fall 3 server bodhi04 bodhi04:80 check inter 20s rise 2 fall 3 option httpchk GET / listen freemedia 0.0.0.0:10011 balance hdr(appserver) server sundries01 sundries01:80 check inter 60s rise 2 fall 3 server sundries02 sundries01:80 check inter 60s rise 2 fall 3 option httpchk GET /freemedia/FreeMedia-form.html listen packages 0.0.0.0:10016 balance hdr(appserver) server packages03 packages03:80 check inter 5s rise 2 fall 3 server packages04 packages04:80 check inter 5s rise 2 fall 3 option httpchk GET /packages/_heartbeat listen tagger 0.0.0.0:10017 balance hdr(appserver) server tagger01 tagger01:80 check inter 60s rise 2 fall 3 server tagger02 tagger02:80 check inter 60s rise 2 fall 3 option httpchk GET /tagger/_heartbeat listen totpcgiprovision 0.0.0.0:10019 balance hdr(appserver) http-check expect status 401 server fas01 fas01:8444 check inter 5s rise 1 fall 2 server fas02 fas02:8444 check inter 5s rise 1 fall 2 server fas03 fas03:8444 check inter 5s rise 1 fall 2 option httpchk GET /index.cgi listen ipsilon 0.0.0.0:10020 balance hdr(appserver) server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2 server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 2 option httpchk GET / listen askbot 0.0.0.0:10021 balance hdr(appserver) server ask01 ask01:80 check inter 10s rise 1 fall 2 server ask02 ask02:80 check inter 10s rise 1 fall 2 option httpchk GET /questions/ listen blockerbugs 0.0.0.0:10022 balance hdr(appserver) server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2 server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2 option httpchk GET /blockerbugs listen fedocal 0.0.0.0:10023 balance hdr(appserver) server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2 server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2 option httpchk GET /calendar # IMPORTANT: 10023-10026 will NOT work because of selinux policies listen paste 0.0.0.0:10027 balance hdr(appserver) server paste01 paste01:80 check inter 10s rise 1 fall 2 server paste02 paste02:80 check inter 10s rise 1 fall 2 option httpchk GET / listen datagrepper 0.0.0.0:10028 balance hdr(appserver) server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2 server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2 option httpchk GET /datagrepper/reference/ listen geoip-city 0.0.0.0:10029 balance hdr(appserver) server sundries01 sundries01:80 check inter 30s rise 2 fall 3 server sundries02 sundries02:80 check inter 30s rise 2 fall 3 option httpchk GET /city?ip=18.0.0.1 # IMPORTANT: 10031 will NOT work because of selinux policies listen badges 0.0.0.0:10032 balance hdr(appserver) server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2 server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /heartbeat # 10033 is list # 10034 is gallery listen nuancier 0.0.0.0:10035 balance hdr(appserver) server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2 server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2 option httpchk GET /nuancier/ listen notifs-web 0.0.0.0:10036 balance hdr(appserver) server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2 server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /notifications/_heartbeat listen github2fedmsg 0.0.0.0:10037 balance hdr(appserver) server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2 option httpchk GET /github2fedmsg/ listen kerneltest 0.0.0.0:10038 balance hdr(appserver) server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2 option httpchk GET /kerneltest listen koschei 0.0.0.0:10040 balance hdr(appserver) server koschei01 koschei01:80 check inter 10s rise 1 fall 2 option httpchk GET /koschei/ listen autocloud 0.0.0.0:10041 balance hdr(appserver) server autocloud-web01 autocloud-web01:80 check inter 10s rise 1 fall 2 server autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /autocloud/ listen statscache 0.0.0.0:10042 balance hdr(appserver) server statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2 server statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /statscache/ listen mdapi 0.0.0.0:10043 balance hdr(appserver) server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2 option httpchk GET /mdapi listen openqa 0.0.0.0:10044 balance hdr(appserver) server openqa01 openqa01:80 check inter 10s rise 1 fall 2 option httpchk GET /group_overview/1 listen pdc 0.0.0.0:10045 balance hdr(appserver) server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /rest_api/v1/ # Apache doesn't handle the initial connection here like the other proxy # entries. This proxy also doesn't use the http mode like the others. # stunnel should be sitting on port 9939 (public) and redirecting # connections from there to here, port 9938. This then proxies to the # fedmsg-hub's websocket server on busgateway01, port 9919. listen fedmsg-websockets 0.0.0.0:9938 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9919 weight 1 maxconn 16384 # This, unlike the websockets entry just above, is listening directly to the # outside world with no stunnel inbetween. # Simply redirect tcp connections to a local fedmsg-gateway slave. It should be # forwarding messages from the master gateway on busgateway01. listen fedmsg-raw-zmq-outbound 0.0.0.0:9940 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server localhost localhost:9942 weight 1 maxconn 16384 # While the above fedmsg-raw-zmq-outbound forwards incoming connections to an # instance of the "fedmsg-gateway" daemon (which pushes internal messages out), # this entry forwards incoming connections to a secondary instance of the # "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We # have a primary instance of fedmsg-relay running on app01 for most internal # use. Here we forward to a secondary one on busgateway01. listen fedmsg-raw-zmq-inbound 0.0.0.0:9941 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9941 weight 1 maxconn 16384