From 8ec38b2b92197262f7954af89c88a6a3b7027516 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 26 Jul 2016 17:33:24 +0200
Subject: [PATCH] ansible-inventories/arocom#151 Configure Apache, HaProxy and
 Varnish for BigPipe

---
 tasks/configure.yml        |  9 +++++++++
 templates/haproxy_cfg      | 35 +++++++++++++++++++++++++++++++++++
 templates/use_bigpipe_list |  9 +++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 templates/use_bigpipe_list

diff --git a/tasks/configure.yml b/tasks/configure.yml
index 8a3b9d5..3038c65 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -29,6 +29,15 @@
   with_items: '{{ groups.all }}'
   notify: 'Proxy | Restart HAProxy'
 
+- name: "Proxy | Create use bigpipe host lists"
+  template:
+    src='use_bigpipe_list'
+    dest='/etc/haproxy/use_bigpipe.list'
+    owner='root'
+    group='root'
+    mode='644'
+  notify: 'Proxy | Restart HAProxy'
+
 - name: "Proxy | Create ignore varnish host lists"
   template:
     src='ignore_varnish_list'
diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index d8a1052..ee271ff 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -84,13 +84,16 @@ frontend http_in
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_redirect_ssl if kibana_present
 {% endif %}
+  acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
   acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
+  use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
 {% for host in groups['all'] %}
   acl domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
+  use_backend backend_{{host}}_bigpipe if domain_uses_bigpipe domain_in_{{host}}
   use_backend backend_{{host}} if domain_in_{{host}}
 {% if hostvars[host].proxy_crm_domains is defined %}
   acl crm_domain_in_{{host}} hdr_dom(host) -i -n -f /etc/haproxy/{{host}}.crm.list
@@ -139,13 +142,16 @@ frontend https_in_{{ cert.ip }}
   acl is_{{ external.key }} {{ external.acl }}
   use_backend backend_{{ external.key }} if is_{{ external.key }}
 {% endfor %}
+  acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
   acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
+  use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
 {% for host in groups['all'] %}
   acl ssl_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
+  use_backend backend_{{host}}_https_bigpipe if domain_uses_bigpipe ssl_domain_in_{{host}}
   use_backend backend_{{host}}_https if ssl_domain_in_{{host}}
   acl redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
   use_backend backend_redirect if redirect_{{host}}
@@ -169,6 +175,14 @@ backend backend_{{host}}
   server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
 {% endif %}
 
+backend backend_{{host}}_bigpipe
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  no option http-buffer-request
+  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
+{% endif %}
+
 backend backend_{{host}}_https
 {% if host == inventory_hostname or host == 'localhost' %}
   http-response deny
@@ -176,6 +190,15 @@ backend backend_{{host}}_https
   http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
   server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
 {% endif %}
+
+backend backend_{{host}}_https_bigpipe
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  no option http-buffer-request
+  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
+  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
+{% endif %}
 {% endfor %}
 {% if varnish_host|default(false) %}
 
@@ -189,6 +212,18 @@ backend backend_varnish
 {% else %}
   server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
 {% endif %}
+
+backend backend_varnish_bigpipe
+  no option http-buffer-request
+  option httpchk HEAD /varnishcheck
+  http-check expect status 200
+  option forwardfor
+  hash-type consistent
+{% if varnish_host == inventory_hostname %}
+  server varnish 127.0.0.1:6081 maxconn 1000
+{% else %}
+  server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
+{% endif %}
 {% endif %}
 
 backend backend_redirect_ssl
diff --git a/templates/use_bigpipe_list b/templates/use_bigpipe_list
new file mode 100644
index 0000000..39df3d1
--- /dev/null
+++ b/templates/use_bigpipe_list
@@ -0,0 +1,9 @@
+{% for item in groups.all %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.bigpipe|default(false) %}
+{{domain.domain}}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}
-- 
GitLab