Add deprecation note
This commit is contained in:
parent
cb4e5a19e7
commit
d041df11bb
2 changed files with 43 additions and 0 deletions
|
|
@ -3,6 +3,11 @@
|
|||
|
||||
[Patroni](https://github.com/zalando/patroni) uses the built-in Python HTTP server to expose database states. It's perfect to be used by a load balancer like HAProxy to achieve high-availability. But, sometimes, this interface freezes. There's an [open issue](https://github.com/zalando/patroni/issues/857) we are trying to close actively. As production doesn't wait, `patroniglue` was created to offload those checks and release pressure by adding a little response cache.
|
||||
|
||||
## Deprecated
|
||||
|
||||
We now use **nginx**. See [configuration example](extra/nginx.conf).
|
||||
|
||||
|
||||
## Usage
|
||||
Start process using a configuration file:
|
||||
```
|
||||
|
|
|
|||
38
extra/nginx.conf
Normal file
38
extra/nginx.conf
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
server {
|
||||
listen *:<nginx-port> ssl;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location ~ /\. {
|
||||
# Protection against versioning tools parsing
|
||||
return 404;
|
||||
}
|
||||
|
||||
location ~ /(LICENSE|INSTALL|README|CHANGELOG|LASTGEN|MAINTAINERS|UPGRADE|AUTHORS|COPYRIGHT) {
|
||||
# Protection against auto generation
|
||||
return 404;
|
||||
}
|
||||
|
||||
location / {
|
||||
limit_except GET {
|
||||
deny all;
|
||||
}
|
||||
proxy_pass https://127.0.0.1:<patroni-api-port>/;
|
||||
proxy_read_timeout 10s;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
Reference in a new issue