diff --git a/README.md b/README.md index 4c55ff8..c7331fa 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,11 @@ [Patroni](https://github.com/zalando/patroni) uses the built-in Python HTTP server to expose database states. It's perfect to be used by a load balancer like HAProxy to achieve high-availability. But, sometimes, this interface freezes. There's an [open issue](https://github.com/zalando/patroni/issues/857) we are trying to close actively. As production doesn't wait, `patroniglue` was created to offload those checks and release pressure by adding a little response cache. +## Deprecated + +We now use **nginx**. See [configuration example](extra/nginx.conf). + + ## Usage Start process using a configuration file: ``` diff --git a/extra/nginx.conf b/extra/nginx.conf new file mode 100644 index 0000000..3d1b73b --- /dev/null +++ b/extra/nginx.conf @@ -0,0 +1,38 @@ +server { + listen *: ssl; + + server_name _; + + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + ssl_protocols TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA; + ssl_prefer_server_ciphers on; + + location ~ /\. { + # Protection against versioning tools parsing + return 404; + } + + location ~ /(LICENSE|INSTALL|README|CHANGELOG|LASTGEN|MAINTAINERS|UPGRADE|AUTHORS|COPYRIGHT) { + # Protection against auto generation + return 404; + } + + location / { + limit_except GET { + deny all; + } + proxy_pass https://127.0.0.1:/; + proxy_read_timeout 10s; + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } +}