# this config needs haproxy-1.1.28 or haproxy-1.2.1 global log 127.0.0.1 local0 warning # Set this to 4096 + 16384 # 16384 for the fedmsg gateway and 4096 for everybody else. maxconn 20480 chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 stats socket /var/run/haproxy-admin level admin user root group sysadmin-main mode 0660 #debug #quiet defaults log global mode http option httplog option dontlognull option httpclose option redispatch retries 3 maxconn 5000 timeout connect 5s timeout client 500s timeout server 500s errorfile 503 /etc/haproxy/503.http listen stats 0.0.0.0:8080 mode http balance hdr(appserver) stats enable stats uri / listen fp-wiki 0.0.0.0:10001 balance hdr(appserver) server wiki01 wiki01:80 check inter 15s rise 2 fall 5 {% if env == "production" %} server wiki02 wiki02:80 check inter 15s rise 2 fall 5 {% endif %} option httpchk GET /wiki/Main_Page listen mirror-lists 0.0.0.0:10002 balance hdr(appserver) timeout connect 30s {% if env == "staging" %} server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup {% endif %} {% if env == "production" %} {% if 'mirrorlist-proxies' in group_names %} server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100 server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3 backup server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 backup server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3 backup {% else %} server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3 server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3 server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup {% endif %} {% endif %} option httpchk GET /mirrorlist option allbackups listen pkgdb 0.0.0.0:10003 balance hdr(appserver) server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3 {% if env == "production" %} server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3 {% endif %} option httpchk GET /pkgdb/collections/ listen fas 0.0.0.0:10004 # These values are set extremely low so any issues are recovered from very # quickly. Setting these higher will cause odd behavior in apps that # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas01 fas01:80 check inter 5s rise 1 fall 2 {% if env == "production" %} server fas02 fas02:80 check inter 5s rise 1 fall 2 server fas03 fas03:80 check inter 5s rise 1 fall 2 {% endif %} option httpchk GET /accounts/ listen voting 0.0.0.0:10007 balance hdr(appserver) server elections01 elections01:80 check inter 10s rise 2 fall 4 {% if env == "production" %} server elections02 elections02:80 check inter 10s rise 2 fall 4 {% endif %} option httpchk GET /voting/ listen mirrormanager 0.0.0.0:10008 balance hdr(appserver) server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server mm-frontend02 mm-frontend02:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /mirrormanager/static/mirrormanager2.css listen darkserver 0.0.0.0:10009 balance hdr(appserver) {% if env == "production" %} server darkserver02 darkserver02:80 check inter 20s rise 2 fall 3 {% else %} server darkserver-web01 darkserver-web01:80 check inter 20s rise 2 fall 3 server darkserver-web02 darkserver-web02:80 check inter 20s rise 2 fall 3 {% endif %} option httpchk GET /darkserver/ listen bodhi2 0.0.0.0:10010 balance hdr(appserver) {% if env == "production" %} server bodhi03 bodhi03:80 check inter 20s rise 2 fall 3 server bodhi04 bodhi04:80 check inter 20s rise 2 fall 3 {% else %} server bodhi01 bodhi01:80 check inter 20s rise 2 fall 3 {% endif %} option httpchk GET / listen freemedia 0.0.0.0:10011 balance hdr(appserver) server sundries01 sundries01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries01:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /freemedia/FreeMedia-form.html listen packages 0.0.0.0:10016 balance hdr(appserver) server packages03 packages03:80 check inter 5s rise 2 fall 3 {% if env == "production" %} server packages04 packages04:80 check inter 5s rise 2 fall 3 {% endif %} option httpchk GET /packages/_heartbeat listen tagger 0.0.0.0:10017 balance hdr(appserver) server tagger01 tagger01:80 check inter 60s rise 2 fall 3 {% if env == "production" %} server tagger02 tagger02:80 check inter 60s rise 2 fall 3 {% endif %} option httpchk GET /tagger/_heartbeat listen totpcgiprovision 0.0.0.0:10019 balance hdr(appserver) http-check expect status 401 server fas01 fas01:8444 check inter 5s rise 1 fall 2 {% if env == "production" %} server fas02 fas02:8444 check inter 5s rise 1 fall 2 server fas03 fas03:8444 check inter 5s rise 1 fall 2 {% endif %} option httpchk GET /index.cgi listen ipsilon 0.0.0.0:10020 balance hdr(appserver) server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / listen askbot 0.0.0.0:10021 balance hdr(appserver) server ask01 ask01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server ask02 ask02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /questions/ listen blockerbugs 0.0.0.0:10022 balance hdr(appserver) server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /blockerbugs listen fedocal 0.0.0.0:10023 balance hdr(appserver) server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /calendar # IMPORTANT: 10023-10026 will NOT work because of selinux policies listen datagrepper 0.0.0.0:10028 balance hdr(appserver) server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /datagrepper/reference/ listen geoip-city 0.0.0.0:10029 balance hdr(appserver) server sundries01 sundries01:80 check inter 30s rise 2 fall 3 {% if env == "production" %} server sundries02 sundries02:80 check inter 30s rise 2 fall 3 {% endif %} option httpchk GET /city?ip=18.0.0.1 # IMPORTANT: 10031 will NOT work because of selinux policies listen badges 0.0.0.0:10032 balance hdr(appserver) server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /heartbeat listen nuancier 0.0.0.0:10035 balance hdr(appserver) server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2 server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2 option httpchk GET /nuancier/ listen notifs-web 0.0.0.0:10036 balance hdr(appserver) server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2 server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /notifications/_heartbeat listen github2fedmsg 0.0.0.0:10037 balance hdr(appserver) server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2 option httpchk GET /github2fedmsg/ listen kerneltest 0.0.0.0:10038 balance hdr(appserver) server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2 option httpchk GET /kerneltest listen koschei 0.0.0.0:10040 balance hdr(appserver) server koschei-web01 koschei-web01:80 check inter 10s rise 1 fall 2 option httpchk GET /koschei/ listen autocloud 0.0.0.0:10041 balance hdr(appserver) server autocloud-web01 autocloud-web01:80 check inter 10s rise 1 fall 2 server autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /autocloud/ listen statscache 0.0.0.0:10042 balance hdr(appserver) server statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2 server statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2 option httpchk GET /statscache/ listen mdapi 0.0.0.0:10043 balance hdr(appserver) server mdapi01 mdapi01:8080 check inter 10s rise 1 fall 2 option httpchk GET /mdapi listen openqa 0.0.0.0:10044 balance hdr(appserver) {% if env == "production" %} server openqa01 openqa01:80 check inter 10s rise 1 fall 2 {% else %} server openqa-stg01.qa.fedoraproject.org openqa-stg01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /api/v1/job_groups/1 listen pdc 0.0.0.0:10045 balance hdr(appserver) {% if env == "staging" %} server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 {% else %} ## pdc-web01 is absent because we don't currently know how to configure ## mod_auth_mellon to work when distributed across more than one app node. It ## expects to be able to share some state between requests in-process. Boo. server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET /rest_api/v1/ timeout server 3600000 timeout connect 3600000 listen zanata2fedmsg 0.0.0.0:10046 balance hdr(appserver) server zanata2fedmsg01 zanata2fedmsg01:80 check inter 10s rise 1 fall 2 listen osbs 0.0.0.0:10047 balance hdr(appserver) server osbs-master01 osbs-master01:8443 check inter 10s rise 1 fall 2 check ssl verify none listen docker-registry 0.0.0.0:10048 balance hdr(appserver) server docker-registry01 docker-registry01:5000 check inter 10s rise 1 fall 2 {% if env == "staging" %} server docker-registry02 docker-registry02:5000 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} listen retrace 0.0.0.0:10049 balance hdr(appserver) server retrace01 retrace01:80 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} listen faf 0.0.0.0:10050 balance hdr(appserver) server faf01 faf01:80 check inter 10s rise 1 fall 2 {% endif %} {% if env == "staging" %} listen pps 0.0.0.0:10051 balance hdr(appserver) server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2 option httpchk GET /pps {% endif %} {% if env == "staging" %} listen fas3 0.0.0.0:10052 # These values are set extremely low so any issues are recovered from very # quickly. Setting these higher will cause odd behavior in apps that # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas3-01.stg fas3-01.stg:80 check inter 5s rise 1 fall 2 option httpchk GET /fas3/ {% endif %} listen ipa 0.0.0.0:10053 balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% if env != "staging" %} server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% endif %} option httpchk GET /ipa/ui/ listen krb5 0.0.0.0:1088 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server ipa01 ipa01:88 weight 1 maxconn 16384 {% if env == "production" %} server ipa02 ipa02:88 weight 1 maxconn 16384 {% endif %} listen docker-candidate-registry 0.0.0.0:10054 balance hdr(appserver) server docker-candidate-registry01 docker-candidate-registry01:5000 check inter 10s rise 1 fall 2 listen modernpaste 0.0.0.0:10055 balance hdr(appserver) server modernpaste01 modernpaste01:80 check inter 10s rise 1 fall 2 {% if env == "production" %} server modernpaste02 modernpaste02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / {% if inventory_hostname_short == 'proxy01' or inventory_hostname_short == 'proxy10' %} listen koji 0.0.0.0:10056 # This needs to be massive due to koji's completeBuild with texlive (https://pagure.io/koji/issue/259) timeout server 3h balance hdr(appserver) server koji01 koji01:80 check inter 10s rise 1 fall 2 option httpchk GET / # Only enable this on proxy01 or proxy10 listen src 0.0.0.0:10057 balance hdr(appserver) {% if env == "staging" %} server pkgs01 pkgs01:80 check inter 10s rise 1 fall 2 {% else %} server pkgs02 pkgs02:80 check inter 10s rise 1 fall 2 {% endif %} option httpchk GET / {% endif %} {% if env == "production" and 'phx2' in inventory_hostname %} listen ppckoji 0.0.0.0:10058 balance hdr(appserver) server ppc-koji01.ppc.fedoraproject.org ppc-koji01.ppc.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / listen s390koji 0.0.0.0:10059 balance hdr(appserver) server s390-koji01.s390.fedoraproject.org s390-koji01.s390.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / listen armkoji 0.0.0.0:10060 balance hdr(appserver) server arm-koji01.qa.fedoraproject.org arm-koji01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / {% endif %} # This is an endpoint using only ipa01. This is used for API access, since sessions # are not synchronized. listen ipa01 0.0.0.0:10061 balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem option httpchk GET /ipa/ui/ {% if env == "production" and 'phx2' in inventory_hostname %} listen kojipkgs 0.0.0.0:10062 balance hdr(appserver) server kojipkgs01.phx2.fedoraproject.org kojipkgs01.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2 server kojipkgs02.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2 option httpchk GET / {% endif %} listen mbs 0.0.0.0:10063 balance hdr(appserver) server mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3 server mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3 option httpchk GET /module-build-service/1/module-builds/ {% if env == "staging" %} listen os-master 0.0.0.0:10064 balance hdr(appserver) server os-master01 os-master01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem server os-master02 os-master02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem server os-master03 os-master02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem option httpchk GET / listen os-nodes 0.0.0.0:10065 balance hdr(appserver) server os-node01 os-node01:443 check inter 10s rise 1 fall 2 ssl verify none server os-node02 os-node02:443 check inter 10s rise 1 fall 2 ssl verify none option httpchk GET / http-check expect status 503 {% endif %} # Apache doesn't handle the initial connection here like the other proxy # entries. This proxy also doesn't use the http mode like the others. # stunnel should be sitting on port 9939 (public) and redirecting # connections from there to here, port 9938. This then proxies to the # fedmsg-hub's websocket server on busgateway01, port 9919. listen fedmsg-websockets 0.0.0.0:9938 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9919 weight 1 maxconn 16384 # This, unlike the websockets entry just above, is listening directly to the # outside world with no stunnel inbetween. # Simply redirect tcp connections to a local fedmsg-gateway slave. It should be # forwarding messages from the master gateway on busgateway01. listen fedmsg-raw-zmq-outbound 0.0.0.0:9940 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server localhost localhost:9942 weight 1 maxconn 16384 # While the above fedmsg-raw-zmq-outbound forwards incoming connections to an # instance of the "fedmsg-gateway" daemon (which pushes internal messages out), # this entry forwards incoming connections to a secondary instance of the # "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We # have a primary instance of fedmsg-relay running on app01 for most internal # use. Here we forward to a secondary one on busgateway01. listen fedmsg-raw-zmq-inbound 0.0.0.0:9941 mode tcp option tcplog balance roundrobin maxconn 16384 timeout queue 5000 timeout server 86400000 timeout connect 86400000 server busgateway01 busgateway01:9941 weight 1 maxconn 16384