Verified Commit d0270fac authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add redirection-based load balancer

parent 2b1ba2f3
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
--- ---
- name: install nginx-mod-geoip2 - name: install nginx-mod-geoip2
pacman: name=nginx-mod-geoip2 state=present pacman: name=nginx-mod-geoip2,geoip2-database state=present
- name: install mirror.pkgbuild.com.conf - name: install mirror.pkgbuild.com.conf
template: src=mirror.pkgbuild.com.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644 template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
notify: notify:
- reload nginx - reload nginx
tags: ['nginx'] tags: ['nginx']
- name: install toplevel-snippet
copy: src=load-geoip.conf dest=/etc/nginx/toplevel-snippets/load-geoip.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
geoip2 GeoLite2-City.mmdb { geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
$geoip2_data_continent_name source=$remote_addr continent names en; $geoip2_data_continent_name continent names en;
} }
map $geoip2_data_continent_name $preferred_upstream { map $geoip2_data_continent_name $preferred_upstream {
default EU_upstream; default ger.mirror.pkgbuild.com;
'Europe' EU_upstream; 'Africa' ger.mirror.pkgbuild.com;
'North America' US_upstream; 'Asia' jpn.mirror.pkgbuild.com;
'Oceania' OC_upstream; 'Europe' ger.mirror.pkgbuild.com;
'Asia' AS_upstream; 'North America' mex.mirror.pkgbuild.com;
'Oceania' sgp.mirror.pkgbuild.com;
'South America' mex.mirror.pkgbuild.com;
} }
upstream EU_upstream { log_format loadbalancer
server ger.mirror.pkgbuild.com max_fails=3 fail_timeout=600s; '$host [$time_local] "$request" '
server mex.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s; '$status $body_bytes_sent "$http_referer" '
} '"$http_user_agent" dispatched to $scheme://$preferred_upstream$request_uri';
upstream US_upstream {
server mex.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server ger.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
upstream OC_upstream {
server sgp.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server ind.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
upstream AS_upstream {
server jpn.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server sgp.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
server { server {
listen 80; listen 80;
...@@ -36,9 +23,8 @@ server { ...@@ -36,9 +23,8 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ mirror_domain }}; server_name {{ mirror_domain }};
root /srv/ftp;
access_log /var/log/nginx/{{ mirror_domain }}/access.log reduced; access_log /var/log/nginx/{{ mirror_domain }}/access.log loadbalancer;
error_log /var/log/nginx/{{ mirror_domain }}/error.log; error_log /var/log/nginx/{{ mirror_domain }}/error.log;
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
...@@ -47,5 +33,7 @@ server { ...@@ -47,5 +33,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
autoindex on; location / {
return $scheme://$preferred_upstream$request_uri;
}
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment