Add redirection-based load balancer

d0270fac · Sven-Hendrik Haase · 2b1ba2f3 · d0270fac · d0270fac · d0270fac
Verified Commit d0270fac authored Oct 13, 2019 by Sven-Hendrik Haase
--- a/roles/mirror_load_balancer/files/load-geoip.conf
+++ b/roles/mirror_load_balancer/files/load-geoip.conf
+load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
--- a/roles/mirror_load_balancer/tasks/main.yml
+++ b/roles/mirror_load_balancer/tasks/main.yml
 ---

 - name: install nginx-mod-geoip2
-  pacman: name=nginx-mod-geoip2 state=present
+  pacman: name=nginx-mod-geoip2,geoip2-database state=present

 - name: install mirror.pkgbuild.com.conf
-  template: src=mirror.pkgbuild.com.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
  notify:
    - reload nginx
  tags: ['nginx']
+
+- name: install toplevel-snippet
+  copy: src=load-geoip.conf dest=/etc/nginx/toplevel-snippets/load-geoip.conf owner=root group=root mode=0644
+  notify:
+    - reload nginx
+  tags: ['nginx']
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
--- a/roles/mirror_load_balancer/templates/nginx.d.conf.j2
+++ b/roles/mirror_load_balancer/templates/nginx.d.conf.j2
-geoip2 GeoLite2-City.mmdb {
-   $geoip2_data_continent_name source=$remote_addr continent names en;
+geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
+   $geoip2_data_continent_name continent names en;
 }

 map $geoip2_data_continent_name $preferred_upstream {
-    default EU_upstream;
-    'Europe' EU_upstream;
-    'North America' US_upstream;
-    'Oceania' OC_upstream;
-    'Asia' AS_upstream;
+    default ger.mirror.pkgbuild.com;
+    'Africa' ger.mirror.pkgbuild.com;
+    'Asia' jpn.mirror.pkgbuild.com;
+    'Europe' ger.mirror.pkgbuild.com;
+    'North America' mex.mirror.pkgbuild.com;
+    'Oceania' sgp.mirror.pkgbuild.com;
+    'South America' mex.mirror.pkgbuild.com;
 }

-upstream EU_upstream {
-    server ger.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
-    server mex.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
-}
-
-upstream US_upstream {
-    server mex.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
-    server ger.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
-}
-
-upstream OC_upstream {
-    server sgp.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
-    server ind.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
-}
-
-upstream AS_upstream {
-    server jpn.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
-    server sgp.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
-}
+log_format loadbalancer
+    '$host [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" dispatched to $scheme://$preferred_upstream$request_uri';

 server {
    listen       80;
@@ -36,9 +23,8 @@ server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  {{ mirror_domain }};
-    root         /srv/ftp;

-    access_log   /var/log/nginx/{{ mirror_domain }}/access.log reduced;
+    access_log   /var/log/nginx/{{ mirror_domain }}/access.log loadbalancer;
    error_log    /var/log/nginx/{{ mirror_domain }}/error.log;

    include snippets/letsencrypt.conf;
@@ -47,5 +33,7 @@ server {
    ssl_certificate_key  /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;

-    autoindex on;
+    location / {
+        return $scheme://$preferred_upstream$request_uri;
+    }
 }