ansible-inventories/arocom#151 Configure Apache, HaProxy and Varnish for BigPipe

8ec38b2b · jurgenhaas · 358f7e90 · 8ec38b2b · 8ec38b2b · 8ec38b2b
Commit 8ec38b2b authored 8 years ago by jurgenhaas
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -29,6 +29,15 @@
  with_items: '{{ groups.all }}'
  notify: 'Proxy | Restart HAProxy'

+- name: "Proxy | Create use bigpipe host lists"
+  template:
+    src='use_bigpipe_list'
+    dest='/etc/haproxy/use_bigpipe.list'
+    owner='root'
+    group='root'
+    mode='644'
+  notify: 'Proxy | Restart HAProxy'
+
 - name: "Proxy | Create ignore varnish host lists"
  template:
    src='ignore_varnish_list'

--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -84,13 +84,16 @@ frontend http_in
  acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
  use_backend backend_redirect_ssl if kibana_present
 {% endif %}
+  acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
  acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
+  use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
  acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
  use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
 {% for host in groups['all'] %}
  acl domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
+  use_backend backend_{{host}}_bigpipe if domain_uses_bigpipe domain_in_{{host}}
  use_backend backend_{{host}} if domain_in_{{host}}
 {% if hostvars[host].proxy_crm_domains is defined %}
  acl crm_domain_in_{{host}} hdr_dom(host) -i -n -f /etc/haproxy/{{host}}.crm.list
@@ -139,13 +142,16 @@ frontend https_in_{{ cert.ip }}
  acl is_{{ external.key }} {{ external.acl }}
  use_backend backend_{{ external.key }} if is_{{ external.key }}
 {% endfor %}
+  acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
  acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
+  use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
  acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
  use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
 {% for host in groups['all'] %}
  acl ssl_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
+  use_backend backend_{{host}}_https_bigpipe if domain_uses_bigpipe ssl_domain_in_{{host}}
  use_backend backend_{{host}}_https if ssl_domain_in_{{host}}
  acl redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
  use_backend backend_redirect if redirect_{{host}}
@@ -169,6 +175,14 @@ backend backend_{{host}}
  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
 {% endif %}

+backend backend_{{host}}_bigpipe
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  no option http-buffer-request
+  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
+{% endif %}
+
 backend backend_{{host}}_https
 {% if host == inventory_hostname or host == 'localhost' %}
  http-response deny
@@ -176,6 +190,15 @@ backend backend_{{host}}_https
  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
 {% endif %}
+
+backend backend_{{host}}_https_bigpipe
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  no option http-buffer-request
+  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
+  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
+{% endif %}
 {% endfor %}
 {% if varnish_host|default(false) %}

@@ -189,6 +212,18 @@ backend backend_varnish
 {% else %}
  server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
 {% endif %}
+
+backend backend_varnish_bigpipe
+  no option http-buffer-request
+  option httpchk HEAD /varnishcheck
+  http-check expect status 200
+  option forwardfor
+  hash-type consistent
+{% if varnish_host == inventory_hostname %}
+  server varnish 127.0.0.1:6081 maxconn 1000
+{% else %}
+  server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
+{% endif %}
 {% endif %}

 backend backend_redirect_ssl

--- a/templates/use_bigpipe_list
+++ b/templates/use_bigpipe_list
+{% for item in groups.all %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.bigpipe|default(false) %}
+{{domain.domain}}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}