####################################################################### ## ## /etc/lighttpd/lighttpd.conf ## ## check /etc/lighttpd/conf.d/*.conf for the configuration of modules. ## ####################################################################### ####################################################################### ## ## Some Variable definition which will make chrooting easier. ## ## if you add a variable here. Add the corresponding variable in the ## chroot example aswell. ## var.log_root = "/var/log/lighttpd" var.server_root = "/var/www" var.state_dir = "/var/run" var.home_dir = "/var/lib/lighttpd" var.conf_dir = "/etc/lighttpd" ## ## run the server chrooted. ## ## This requires root permissions during startup. ## ## If you run Chrooted set the the variables to directories relative to ## the chroot dir. ## ## example chroot configuration: ## #var.log_root = "/logs" #var.server_root = "/" #var.state_dir = "/run" #var.home_dir = "/lib/lighttpd" #var.vhosts_dir = "/vhosts" #var.conf_dir = "/etc" # #server.chroot = "/srv/www" ## ## Some additional variables to make the configuration easier ## ## ## Base directory for all virtual hosts ## ## used in: ## conf.d/evhost.conf ## conf.d/simple_vhost.conf ## vhosts.d/vhosts.template ## var.vhosts_dir = server_root + "/vhosts" ## ## Cache for mod_compress ## ## used in: ## conf.d/compress.conf ## var.cache_dir = "/var/cache/lighttpd" ## ## Base directory for sockets. ## ## used in: ## conf.d/fastcgi.conf ## conf.d/scgi.conf ## var.socket_dir = home_dir + "/sockets" ## ####################################################################### ####################################################################### ## ## Load the modules. include "modules.conf" ## ####################################################################### ####################################################################### ## ## Basic Configuration ## --------------------- ## server.port = 80 ## ## Use IPv6? ## server.use-ipv6 = "disable" ## ## bind to a specific IP ## #server.bind = "localhost" ## ## Run as a different username/groupname. ## This requires root permissions during startup. ## server.username = "lighttpd" server.groupname = "lighttpd" ## ## enable core files. ## #server.core-files = "disable" ## ## Document root ## #server.document-root = server_root + "/lighttpd" ## ## The value for the "Server:" response field. ## ## It would be nice to keep it at "lighttpd". ## #server.tag = "lighttpd" ## ## store a pid file ## server.pid-file = state_dir + "/lighttpd.pid" ## ####################################################################### ####################################################################### ## ## Logging Options ## ------------------ ## ## all logging options can be overwritten per vhost. ## ## Path to the error log file ## server.errorlog = log_root + "/error.log" ## ## If you want to log to syslog you have to unset the ## server.errorlog setting and uncomment the next line. ## #server.errorlog-use-syslog = "enable" ## ## Access log config ## include "conf.d/access_log.conf" ## ## The debug options are moved into their own file. ## see conf.d/debug.conf for various options for request debugging. ## include "conf.d/debug.conf" ## ####################################################################### ####################################################################### ## ## Tuning/Performance ## -------------------- ## ## corresponding documentation: ## http://www.lighttpd.net/documentation/performance.html ## ## set the event-handler (read the performance section in the manual) ## ## possible options on linux are: ## ## select ## poll ## linux-sysepoll ## ## linux-sysepoll is recommended on kernel 2.6. ## server.event-handler = "linux-sysepoll" ## ## The basic network interface for all platforms at the syscalls read() ## and write(). Every modern OS provides its own syscall to help network ## servers transfer files as fast as possible ## ## linux-sendfile - is recommended for small files. ## writev - is recommended for sending many large files ## server.network-backend = "linux-sendfile" ## ## As lighttpd is a single-threaded server, its main resource limit is ## the number of file descriptors, which is set to 1024 by default (on ## most systems). ## ## If you are running a high-traffic site you might want to increase this ## limit by setting server.max-fds. ## ## Changing this setting requires root permissions on startup. see ## server.username/server.groupname. ## ## By default lighttpd would not change the operation system default. ## But setting it to 2048 is a better default for busy servers. ## ## With SELinux enabled, this is denied by default and needs to be allowed ## by running the following once : setsebool -P httpd_setrlimit on #server.max-fds = 2048 ## ## Stat() call caching. ## ## lighttpd can utilize FAM/Gamin to cache stat call. ## ## possible values are: ## disable, simple or fam. ## server.stat-cache-engine = "simple" ## ## Fine tuning for the request handling ## ## max-connections == max-fds/2 (maybe /3) ## means the other file handles are used for fastcgi/files ## #server.max-connections = 1024 ## ## How many seconds to keep a keep-alive connection open, ## until we consider it idle. ## ## Default: 5 ## #server.max-keep-alive-idle = 5 ## ## How many keep-alive requests until closing the connection. ## ## Default: 16 ## #server.max-keep-alive-requests = 16 ## ## Maximum size of a request in kilobytes. ## By default it is unlimited (0). ## ## Uploads to your server cant be larger than this value. ## #server.max-request-size = 0 ## ## Time to read from a socket before we consider it idle. ## ## Default: 60 ## #server.max-read-idle = 60 ## ## Time to write to a socket before we consider it idle. ## ## Default: 360 ## #server.max-write-idle = 360 ## ## Traffic Shaping ## ----------------- ## ## see /usr/share/doc/lighttpd/traffic-shaping.txt ## ## Values are in kilobyte per second. ## ## Keep in mind that a limit below 32kB/s might actually limit the ## traffic to 32kB/s. This is caused by the size of the TCP send ## buffer. ## ## per server: ## #server.kbytes-per-second = 128 ## ## per connection: ## #connection.kbytes-per-second = 32 ## ####################################################################### ####################################################################### ## ## Filename/File handling ## ------------------------ ## ## files to check for if .../ is requested ## index-file.names = ( "index.php", "index.rb", "index.html", ## "index.htm", "default.htm" ) ## index-file.names += ( "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" ) ## ## deny access the file-extensions ## ## ~ is for backupfiles from vi, emacs, joe, ... ## .inc is often used for code includes which should in general not be part ## of the document-root url.access-deny = ( "~", ".inc" ) ## ## disable range requests for pdf files ## workaround for a bug in the Acrobat Reader plugin. ## $HTTP["url"] =~ "\.pdf$" { server.range-requests = "disable" } ## ## url handling modules (rewrite, redirect) ## #url.rewrite = ( "^/$" => "/server-status" ) #url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" ) ## ## both rewrite/redirect support back reference to regex conditional using %n ## #$HTTP["host"] =~ "^www\.(.*)" { # url.redirect = ( "^/(.*)" => "http://%1/$1" ) #} ## ## which extensions should not be handle via static-file transfer ## ## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi ## static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) ## ## error-handler for status 404 ## #server.error-handler-404 = "/error-handler.html" #server.error-handler-404 = "/error-handler.php" ## ## Format: .html ## -> ..../status-404.html for 'File not found' ## #server.errorfile-prefix = "/srv/www/htdocs/errors/status-" ## ## mimetype mapping ## include "conf.d/mime.conf" ## ## directory listing configuration ## include "conf.d/dirlisting.conf" ## ## Should lighttpd follow symlinks? ## server.follow-symlink = "enable" ## ## force all filenames to be lowercase? ## #server.force-lowercase-filenames = "disable" ## ## defaults to /var/tmp as we assume it is a local harddisk ## server.upload-dirs = ( "/var/tmp" ) ## ####################################################################### ####################################################################### ## ## SSL Support ## ------------- ## ## To enable SSL for the whole server you have to provide a valid ## certificate and have to enable the SSL engine.:: ## ## ssl.engine = "enable" ## ssl.pemfile = "/path/to/server.pem" ## ## The HTTPS protocol does not allow you to use name-based virtual ## hosting with SSL. If you want to run multiple SSL servers with ## one lighttpd instance you must use IP-based virtual hosting: :: ## ## $SERVER["socket"] == "10.0.0.1:443" { ## ssl.engine = "enable" ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" ## # ## # Mitigate BEAST attack: ## # ## # A stricter base cipher suite. For details see: ## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html ## # ## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" ## # ## # Make the server prefer the order of the server side cipher suite instead of the client suite. ## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms). ## # This option is enabled by default, but only used if ssl.cipher-list is set. ## # ## # ssl.honor-cipher-order = "enable" ## # ## # Mitigate CVE-2009-3555 by disabling client triggered renegotation ## # This is enabled by default. ## # ## # ssl.disable-client-renegotiation = "enable" ## # ## server.name = "www.example.com" ## ## server.document-root = "/srv/www/vhosts/example.com/www/" ## } ## ## If you have a .crt and a .key file, cat them together into a ## single PEM file: ## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ ## > /etc/ssl/private/lighttpd.pem ## #ssl.pemfile = "/etc/ssl/private/lighttpd.pem" ## ## optionally pass the CA certificate here. ## ## #ssl.ca-file = "" ## ####################################################################### ####################################################################### ## ## custom includes like vhosts. ## #include "conf.d/config.conf" #include_shell "cat /etc/lighttpd/vhosts.d/*.conf" ## ####################################################################### # TI Stuff starts here # The conf.d directory isn't automatically loaded. There are examples above # where a specific script is loaded from that directory. For these three, # the script adds the module, then includes a lot of commented out items, so # the scripts aren't very interesting. server.modules += ( "mod_expire" ) server.modules += ( "mod_proxy" ) server.modules += ( "mod_scgi" ) server.modules += ( "mod_compress" ) compress.cache-dir = "/tmp/lighttpdcompress/" compress.filetype = ("text/plain","text/css", "text/xml", "text/javascript" ) server.max-fds = 50000 server.max-connections = 25000 server.max-keep-alive-requests = 2000 server.max-keep-alive-idle = 10 server.max-read-idle = 10 server.max-write-idle = 10 # This should never be used. The rules below should send every request to # another server or another directory. I'm making this the default just in # case. If I missed a rule, people will be sent to an empty directory for # security reasons. # # I'm not using the default, /var/www/lighttpd. That's filled with old # files. As part of the transition I'm temporarily leaving the old files # in that directory, where they've always been. I've created new directories # for the new stuff. Some items exist in both places. server.document-root = server_root + "/empty" $HTTP["url"] =~ "\.nocache\." { expire.url = ( "" => "access plus 0 seconds" ) } $HTTP["url"] =~ "\.cache\." { expire.url = ( "" => "access plus 1 years" ) } # marvin.trade-ideas.com var.marketing = "69.43.145.252" # moved to pablo.trade-ideas.com marvin set for rebuild #var.marketing = "69.43.145.251" # pablo.trade-ideas.com var.marketing_test = "69.43.145.251" # will 69.43.145.248 var.will = "69.43.145.248" # bob-saget -- retiring as product web server due to disk trouble #var.product = "192.168.1.227" # comic-con var.product = "192.168.1.228" # Dana var.dana = "192.168.1.202" # Dice var.dice = "192.168.1.205" # Donbot var.donbot = "192.168.1.207" # Y2k var.y2k = "192.168.1.241" # comic-con direct alias used for test var.comic_con = "192.168.1.228" var.bob_saget = "192.168.1.227" url.access-deny += ( ".gitignore" ) # Deny access to everything in any directory named .git # https://www.cyberciti.biz/faq/lighttpd-deny-access-to-folders-directories/ $HTTP["url"] =~ "/.git/" { url.access-deny = ("") } $HTTP["url"] =~ "^/PhilTest/Completed_Logos/" { setenv.add-response-header = ("Access-Control-Allow-Origin" => "*") } $SERVER["socket"] == ":443" { #### SSL engine ssl.engine = "enable" #ssl.pemfile = "/etc/lighttpd/ssl/secure.pem" #ssl.ca-file = "/etc/lighttpd/ssl/intermediate.crt" ssl.pemfile = "/etc/lighttpd/ssl/wildcard.trade-ideas.com.pem" ssl.ca-file = "/etc/lighttpd/ssl/intermediate.wildcard.crt" ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES128+EECDH:AES128+EDH" ssl.honor-cipher-order = "enable" ssl.dh-file = "/etc/ssl/certs/dhparam.pem" ssl.ec-curve = "secp384r1" #causing oauth issue? ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" $HTTP["host"] =~ "proxy.trade-ideas.com" { proxy.server = ( "" => ( ( "host" => comic_con, "port" => "10443" ))) } else $HTTP["url"] =~ "^/Scott(/.*)$" { # I installed myPhpAdmin for scott on Marvin. I'm piping the requests # through our HTTPS address for security. proxy.server = ( "" => ( ( "host" => marketing, "port" => "8009" ))) } #else $HTTP["url"] =~ "^/Pablo(/.*)$" { # I installed myPhpAdmin for scott on Pablo (test). I'm piping the request # through our HTTPS address for security. # proxy.server = ( "" => ( ( "host" => marketing_test, "port" => "8009" ))) #} else $HTTP["url"] =~ "^/will-stats(/.*)$" { # Will's version of the /stats directory. We use this to test new scripts # sometimes before moving them to /stats on the production web servers. # Traditionally this was not protected by https. However, we are using # the same passwords. And often we copy the live data to will for testing. # So let's be consistent and protect it all the same way. proxy.server = ( "" => ( ( "host" => will, "port" => "80" ))) } else $HTTP["url"] =~ "^/will-secure(/.*)$" { proxy.server = ( "" => ( ( "host" => will, "port" => "80" ))) } else $HTTP["url"] =~ "^/will-ajax(/.*)$" { proxy.server = ( "" => ( ( "host" => will, "port" => "80" ))) } else $HTTP["url"] =~ "^((/static/)|(/mapreduce/))" { # Simple files. Handle these directly. server.document-root = server_root + "/vhost/secure/" } else $HTTP["url"] =~ "^/jsproxy/" { setenv.add-request-header = ( "X-Unique_Base_Dir" => "jsproxy-" ) scgi.server = ("" => (( "host" => "127.0.0.1", "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-dice/" { scgi.server = ("" => (( "host" => dice, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-dana/" { scgi.server = ("" => (( "host" => dana, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-y2k/" { scgi.server = ("" => (( "host" => y2k, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/cms_static/" { # This is an area in the marketing server which is not controlled by the # cms. This is a convenient place for Brad to drop files. You can get # to it via http://www.trade-ideas.com/cms_static/ or # htts://secure.trade-ideas.com/cms_static/ proxy.server = ( "" => ( ( "host" => marketing, "port" => 80 ) ) ) } #else $HTTP["url"] =~ "^/eSignal/" { # # Temporarily sending this to will for testing. This will get moved to # # bob-saget eventually for deployment. We will need to be on bob-saget, # # or somewhere similar, so we can have read/write access to the database. # proxy.server = ( "" => ( ( "host" => "69.43.145.248", "port" => "80") ) ) #} else $HTTP["url"] =~ "^/eSignal/app/prototypegxt.julio/" { proxy.server = ( "" => ( ( "host" => will, "port" => "80") ) ) } else $HTTP["host"] == "hadoop.trade-ideas.com" { # Simple static files that were made to go with /jsproxy/. Mostly stuff # created by GWT with very simple HTML files to get them started. New # projects can be part of any web site that goes through this proxy. # Originally ony the hadoop domain pointed to the /jsproxy/. server.document-root = server_root + "/vhost/hadoop/" } else $HTTP["host"] == "static.trade-ideas.com" { # Simple static files like icons which don't have to go through Apache. # Serve them directly through lighttpd for effeciency. server.document-root = server_root + "/vhost/static/" } # certificate is for *.trade-ideas.com now else $HTTP["host"] =~ "(^www|^pro).trade-ideas.com" { # The main web site. The word press / CMS stuff will go to marvin. The # interesting code will go to bob-saget. We use a special port number # on bob-saget to match these requests. $HTTP["url"] =~ "^/pro[s]{0,1}$" { url.redirect = ( "" => "https://pro.trade-ideas.com/" ) url.redirect-code = 302 } proxy.server = ( "/wp-content" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-includes" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-login" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-admin" => ( ( "host" => marketing, "port" => 80 ) ), "/awtotw" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-cron.php" => ( ( "host" => marketing, "port" => 80 ) ), "/buy29awoffer" => ( ( "host" => marketing, "port" => 80 ) ), "/awtipro29" => ( ( "host" => marketing, "port" => 80 ) ), "/cta-tow-screener" => ( ( "host" => marketing, "port" => 80 ) ), "/27-scanner-offer" => ( ( "host" => marketing, "port" => 80 ) ), "/towmar112015" => ( ( "host" => marketing, "port" => 80 ) ), "/ti20" => ( ( "host" => marketing, "port" => 80 ) ), "/faqs/" => ( ( "host" => marketing, "port" => 80 ) ), "/home/phil/" => ( ( "host" => product, "port" => 9980 ) ), "/home" => ( ( "host" => marketing, "port" => 80 ) ), "/about-us" => ( ( "host" => marketing, "port" => 80 ) ), "/products" => ( ( "host" => marketing, "port" => 80 ) ), "/glossary" => ( ( "host" => marketing, "port" => 80 ) ), "/services" => ( ( "host" => marketing, "port" => 80 ) ), "/sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/faq-category/" => ( ( "host" => marketing, "port" => 80 ) ), "/go/" => ( ( "host" => marketing, "port" => 80 ) ), "/testimonial/" => ( ( "host" => marketing, "port" => 80 ) ), "/testimonials/" => ( ( "host" => marketing, "port" => 80 ) ), "/cta/" => ( ( "host" => marketing, "port" => 80 ) ), "/BigTable" => ( ( "host" => marketing, "port" => 80 ) ), "/support-and-education" => ( ( "host" => marketing, "port" => 80 ) ), "/trade-ideas-university" => ( ( "host" => marketing, "port" => 80 ) ), "/import-tags-page" => ( ( "host" => marketing, "port" => 80 ) ), "/cms_static/" => ( ( "host" => marketing, "port" => 80 ) ), "/strategy-development/" => ( ( "host" => marketing, "port" => 80 ) ), "/stocktoberfest" => ( ( "host" => marketing, "port" => 80 ) ), "/tnw" => ( ( "host" => marketing, "port" => 80 ) ), "/specials" => ( ( "host" => marketing, "port" => 80 ) ), "/barrie" => ( ( "host" => marketing, "port" => 80 ) ), "/tradingroom" => ( ( "host" => marketing, "port" => 80 ) ), "/ai" => ( ( "host" => marketing, "port" => 80 ) ), "/holly_gifs" => ( ( "host" => product, "port" => 9980 ) ), "/holly" => ( ( "host" => marketing, "port" => 80 ) ), "/project" => ( ( "host" => marketing, "port" => 80 ) ), "/preview" => ( ( "host" => marketing, "port" => 80 ) ), "/steve" => ( ( "host" => marketing, "port" => 80 ) ), "/free" => ( ( "host" => marketing, "port" => 80 ) ), "/price" => ( ( "host" => marketing, "port" => 80 ) ), "/webinar" => ( ( "host" => marketing, "port" => 80 ) ), "/beta" => ( ( "host" => marketing, "port" => 80 ) ), "/TNWS" => ( ( "host" => marketing, "port" => 80 ) ), "/testdrive" => ( ( "host" => marketing, "port" => 80 ) ), "/lightspeed" => ( ( "host" => marketing, "port" => 80 ) ), "/download" => ( ( "host" => marketing, "port" => 80 ) ), "/promos" => ( ( "host" => product, "port" => 9980 ) ), "/pro" => ( ( "host" => marketing, "port" => 80 ) ), "/web" => ( ( "host" => marketing, "port" => 80 ) ), "/openhouse" => ( ( "host" => marketing, "port" => 80 ) ), "/pricealerts" => ( ( "host" => marketing, "port" => 80 ) ), "/cyberu" => ( ( "host" => marketing, "port" => 80 ) ), "/20" => ( ( "host" => marketing, "port" => 80 ) ), "/blog" => ( ( "host" => marketing, "port" => 80 ) ), "/janetalk" => ( ( "host" => marketing, "port" => 80 ) ), "/feed" => ( ( "host" => marketing, "port" => 80 ) ), "/category" => ( ( "host" => marketing, "port" => 80 ) ), "/post-" => ( ( "host" => marketing, "port" => 80 ) ), "/page-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/qa_faqs-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/project-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/glossary-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/snp_popups-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/category-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/main-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/tag" => ( ( "host" => marketing, "port" => 80 ) ), "/referral.html" => ( ( "host" => product, "port" => 9980 ) ), "/referral" => ( ( "host" => marketing, "port" => 80 ) ), "/stocksoptions" => ( ( "host" => marketing, "port" => 80 ) ), "/new-homepage" => ( ( "host" => marketing, "port" => 80 ) ), "/assets" => ( ( "host" => marketing, "port" => 80 ) ), "/5daypreview" => ( ( "host" => marketing, "port" => 80 ) ), "/interactivebrokers" => ( ( "host" => marketing, "port" => 80 ) ), "/tiwealth" => ( ( "host" => marketing, "port" => 80 ) ), "/training" => ( ( "host" => marketing, "port" => 80 ) ), "/account" => ( ( "host" => marketing, "port" => 80 ) ), "/password" => ( ( "host" => marketing, "port" => 80 ) ), "/upgrade" => ( ( "host" => marketing, "port" => 80 ) ), "/strategies" => ( ( "host" => marketing, "port" => 80 ) ), "/tom" => ( ( "host" => marketing, "port" => 80 ) ), "/tmarks" => ( ( "host" => marketing, "port" => 80 ) ), "/eagle" => ( ( "host" => marketing, "port" => 80 ) ), "/sterling" => ( ( "host" => marketing, "port" => 80 ) ), "/startpro" => ( ( "host" => marketing, "port" => 80 ) ), "/summit" => ( ( "host" => marketing, "port" => 80 ) ), "/referralsummit" => ( ( "host" => marketing, "port" => 80 ) ), "/hollysummit" => ( ( "host" => marketing, "port" => 80 ) ), "/summersponsor" => ( ( "host" => marketing, "port" => 80 ) ), "/techgirl" => ( ( "host" => marketing, "port" => 80 ) ), "/atlanta" => ( ( "host" => marketing, "port" => 80 ) ), "/livestream" => ( ( "host" => marketing, "port" => 80 ) ), "/yourstory" => ( ( "host" => marketing, "port" => 80 ) ), "/yourvideo" => ( ( "host" => marketing, "port" => 80 ) ), "/omt" => ( ( "host" => marketing, "port" => 80 ) ), "/testimonials" => ( ( "host" => marketing, "port" => 80 ) ), "/getcertified" => ( ( "host" => marketing, "port" => 80 ) ), "/press" => ( ( "host" => marketing, "port" => 80 ) ), "/scottrademerger" => ( ( "host" => marketing, "port" => 80 ) ), "/ebook" => ( ( "host" => marketing, "port" => 80 ) ), "/pricing-table" => ( ( "host" => marketing, "port" => 80 ) ), "/l/" => ( ( "host" => marketing, "port" => 80 ) ), "/alpha" => ( ( "host" => marketing, "port" => 80 ) ), "/schwab" => ( ( "host" => marketing, "port" => 80 ) ), "/etrade" => ( ( "host" => marketing, "port" => 80 ) ), "/tda" => ( ( "host" => marketing, "port" => 80 ) ), "/sean" => ( ( "host" => marketing, "port" => 80 ) ), "/chicagosean" => ( ( "host" => marketing, "port" => 80 ) ), "/pdf" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-json" => ( ( "host" => marketing, "port" => 80 ) ), "/cloudlinks" => ( ( "host" => marketing, "port" => 80 ) ), "/brand-guide" => ( ( "host" => marketing, "port" => 80 ) ), "/centaur" => ( ( "host" => marketing, "port" => 80 ) ), "/wealth" => ( ( "host" => marketing, "port" => 80 ) ), "/brokerageplus" => ( ( "host" => marketing, "port" => 80 ) ), "/papertrade" => ( ( "host" => marketing, "port" => 80 ) ), "/ti-" => ( ( "host" => marketing, "port" => 80 ) ), "/sponsor" => ( ( "host" => marketing, "port" => 80 ) ), "/setup" => ( ( "host" => marketing, "port" => 80 ) ), "/swingtrading" => ( ( "host" => marketing, "port" => 80 ) ), "/rangebreak" => ( ( "host" => marketing, "port" => 80 ) ), "/activeinvesting" => ( ( "host" => marketing, "port" => 80 ) ), "/contact" => ( ( "host" => marketing, "port" => 80 ) ), "/chat" => ( ( "host" => marketing, "port" => 80 ) ), "/live" => ( ( "host" => marketing, "port" => 80 ) ), "/features" => ( ( "host" => marketing, "port" => 80 ) ), "/pricing" => ( ( "host" => marketing, "port" => 80 ) ), "/media" => ( ( "host" => marketing, "port" => 80 ) ), "/education" => ( ( "host" => marketing, "port" => 80 ) ), "/about" => ( ( "host" => marketing, "port" => 80 ) ), "/support" => ( ( "host" => marketing, "port" => 80 ) ), "/referral-partners" => ( ( "host" => marketing, "port" => 80 ) ), "/privacy-policy" => ( ( "host" => marketing, "port" => 80 ) ), "/disclosure" => ( ( "host" => marketing, "port" => 80 ) ), "/eula" => ( ( "host" => marketing, "port" => 80 ) ), "/billing-policies" => ( ( "host" => marketing, "port" => 80 ) ), "/tradeideas" => ( ( "host" => marketing, "port" => 80 ) ), "/fl-builder-template" => ( ( "host" => marketing, "port" => 80 ) ), "/fl-theme-layout" => ( ( "host" => marketing, "port" => 80 ) ), "/w365" => ( ( "host" => marketing, "port" => 80 ) ), "/earnings" => ( ( "host" => marketing, "port" => 80 ) ), "/addendum-sponsoreduse" => ( ( "host" => marketing, "port" => 80 ) ), "/daytradingz-com" => ( ( "host" => marketing, "port" => 80 ) ), "/partners" => ( ( "host" => marketing, "port" => 80 ) ), "/patrick-wieland" => ( ( "host" => marketing, "port" => 80 ) ), "/only-game" => ( ( "host" => marketing, "port" => 80 ) ), "/cmt" => ( ( "host" => marketing, "port" => 80 ) ), "/CM" => ( ( "host" => marketing, "port" => 80 ) ), "/onlygame" => ( ( "host" => marketing, "port" => 80 ) ), "/lessons" => ( ( "host" => marketing, "port" => 80 ) ), "/test-drive" => ( ( "host" => marketing, "port" => 80 ) ), "/ForDevelopers" => ( ( "host" => marketing, "port" => 80 ) ), "/AccountManagement/InfusionCancelSubscription.php" => ( ( "host" => marketing, "port" => 80 ) ), "/AccountManagement/InfusionChangeSubscription.php" => ( ( "host" => marketing, "port" => 80 ) ), "/AccountManagement/index.html" => ( ( "host" => marketing, "port" => 80 ) ), "/ChooseMobile.html" => ( ( "host" => marketing, "port" => 80 ) ), "/Generic2Window.html" => ( ( "host" => marketing, "port" => 80 ) ), "/author" => ( ( "host" => marketing, "port" => 80 ) ), "/bplus" => ( ( "host" => marketing, "port" => 80 ) ), "/indicators" => ( ( "host" => marketing, "port" => 80 ) ), "/strategy" => ( ( "host" => marketing, "port" => 80 ) ), "/strength" => ( ( "host" => marketing, "port" => 80 ) ), "/.well-known" => ( ( "host" => marketing, "port" => 80 ) ), "/ibkr" => ( ( "host" => marketing, "port" => 80 ) ), "/job" => ( ( "host" => marketing, "port" => 80 ) ), "/post-a-job" => ( ( "host" => marketing, "port" => 80 ) ), "/jm-ajax" => ( ( "host" => marketing, "port" => 80 ) ), "/user-guide" => ( ( "host" => marketing, "port" => 80 ) ), "/guide" => ( ( "host" => marketing, "port" => 80 ) ), "/ibkr-drive" => ( ( "host" => marketing, "port" => 80 ) ), "/nice" => ( ( "host" => marketing, "port" => 80 ) ), "/mac" => ( ( "host" => marketing, "port" => 80 ) ), "/race" => ( ( "host" => marketing, "port" => 80 ) ), "/sale" => ( ( "host" => marketing, "port" => 80 ) ), "/start" => ( ( "host" => marketing, "port" => 80 ) ), "/getstarted" => ( ( "host" => marketing, "port" => 80 ) ), "/getting-started-webinar" => ( ( "host" => marketing, "port" => 80 ) ), "/bb-" => ( ( "host" => marketing, "port" => 80 ) ), "/centerpoint" => ( ( "host" => marketing, "port" => 80 ) ), "/nauss" => ( ( "host" => marketing, "port" => 80 ) ), "/page" => ( ( "host" => marketing, "port" => 80 ) ), "/suna" => ( ( "host" => marketing, "port" => 80 ) ), "/wolf" => ( ( "host" => marketing, "port" => 80 ) ), "/story" => ( ( "host" => marketing, "port" => 80 ) ), #dave "/scottradewebtest" => ( ( "host" => will, "port" => 80 ) ), "/will" => ( ( "host" => will, "port" => 80 ) ), "/pablo" => ( ( "host" => marketing_test, "port" => 80 ) ), "" => ( ( "host" => product, "port" => 9980 ) ) ) $HTTP["url"] =~ "^[/]+$" { proxy.server = ("" => ( ( "host" => marketing, "port" => 80 ) ) ) } $HTTP["url"] =~ "^.*sitemap\.xml$" { proxy.server = ("" => ( ( "host" => marketing, "port" => 80 ) ) ) } # proxy.server = ( "" => ( ( "host" => product, "port" => "9444" ))) } else $HTTP["host"] == "test-www.trade-ideas.com" { # The test web site. The word press / CMS stuff will go to pablo. The # interesting code will go to bob-saget. We use a special port number # on bob-saget to match these requests. proxy.server = ( "/wp-content" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wp-includes" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wp-login" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wp-admin" => ( ( "host" => marketing_test, "port" => 80 ) ), "/awtotw" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wp-cron.php" => ( ( "host" => marketing_test, "port" => 80 ) ), "/buy29awoffer" => ( ( "host" => marketing_test, "port" => 80 ) ), "/awtipro29" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cta-tow-screener" => ( ( "host" => marketing_test, "port" => 80 ) ), "/27-scanner-offer" => ( ( "host" => marketing_test, "port" => 80 ) ), "/towmar112015" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ti20" => ( ( "host" => marketing_test, "port" => 80 ) ), "/faqs/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/home/phil/" => ( ( "host" => product, "port" => 9981 ) ), "/home" => ( ( "host" => marketing_test, "port" => 80 ) ), "/about-us" => ( ( "host" => marketing_test, "port" => 80 ) ), "/products" => ( ( "host" => marketing_test, "port" => 80 ) ), "/glossary" => ( ( "host" => marketing_test, "port" => 80 ) ), "/services" => ( ( "host" => marketing_test, "port" => 80 ) ), "/sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/faq-category/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/go/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/testimonial/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cta/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/BigTable" => ( ( "host" => marketing_test, "port" => 80 ) ), "/support-and-education" => ( ( "host" => marketing_test, "port" => 80 ) ), "/trade-ideas-university" => ( ( "host" => marketing_test, "port" => 80 ) ), "/import-tags-page" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cms_static/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/strategy-development/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/stocktoberfest" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tnw" => ( ( "host" => marketing_test, "port" => 80 ) ), "/specials" => ( ( "host" => marketing_test, "port" => 80 ) ), "/barrie" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tradingroom" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ai" => ( ( "host" => marketing_test, "port" => 80 ) ), "/holly_gifs" => ( ( "host" => product, "port" => 9980 ) ), "/holly" => ( ( "host" => marketing_test, "port" => 80 ) ), "/project" => ( ( "host" => marketing_test, "port" => 80 ) ), "/preview" => ( ( "host" => marketing_test, "port" => 80 ) ), "/steve" => ( ( "host" => marketing_test, "port" => 80 ) ), "/free" => ( ( "host" => marketing_test, "port" => 80 ) ), "/price" => ( ( "host" => marketing_test, "port" => 80 ) ), "/webinar" => ( ( "host" => marketing_test, "port" => 80 ) ), "/beta" => ( ( "host" => marketing_test, "port" => 80 ) ), "/TNWS" => ( ( "host" => marketing_test, "port" => 80 ) ), "/testdrive" => ( ( "host" => marketing_test, "port" => 80 ) ), "/lightspeed" => ( ( "host" => marketing_test, "port" => 80 ) ), "/download" => ( ( "host" => marketing_test, "port" => 80 ) ), "/promos" => ( ( "host" => product, "port" => 9981 ) ), "/pro" => ( ( "host" => marketing_test, "port" => 80 ) ), "/web" => ( ( "host" => marketing_test, "port" => 80 ) ), "/openhouse" => ( ( "host" => marketing_test, "port" => 80 ) ), "/pricealerts" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cyberu" => ( ( "host" => marketing_test, "port" => 80 ) ), "/20" => ( ( "host" => marketing_test, "port" => 80 ) ), "/blog" => ( ( "host" => marketing_test, "port" => 80 ) ), "/janetalk" => ( ( "host" => marketing_test, "port" => 80 ) ), "/feed" => ( ( "host" => marketing_test, "port" => 80 ) ), "/category" => ( ( "host" => marketing_test, "port" => 80 ) ), "/post-" => ( ( "host" => marketing_test, "port" => 80 ) ), "/page-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/qa_faqs-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/project-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/glossary-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/snp_popups-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/category-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/main-sitemap" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tag" => ( ( "host" => marketing_test, "port" => 80 ) ), "/referral.html" => ( ( "host" => product, "port" => 9981 ) ), "/referral" => ( ( "host" => marketing_test, "port" => 80 ) ), "/stocksoptions" => ( ( "host" => marketing_test, "port" => 80 ) ), "/new-homepage" => ( ( "host" => marketing_test, "port" => 80 ) ), "/assets" => ( ( "host" => marketing_test, "port" => 80 ) ), "/5daypreview" => ( ( "host" => marketing_test, "port" => 80 ) ), "/interactivebrokers" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tiwealth" => ( ( "host" => marketing_test, "port" => 80 ) ), "/training" => ( ( "host" => marketing_test, "port" => 80 ) ), "/account" => ( ( "host" => marketing_test, "port" => 80 ) ), "/password" => ( ( "host" => marketing_test, "port" => 80 ) ), "/upgrade" => ( ( "host" => marketing_test, "port" => 80 ) ), "/strategies" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tom" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tmarks" => ( ( "host" => marketing_test, "port" => 80 ) ), "/eagle" => ( ( "host" => marketing_test, "port" => 80 ) ), "/sterling" => ( ( "host" => marketing_test, "port" => 80 ) ), "/startpro" => ( ( "host" => marketing_test, "port" => 80 ) ), "/summit" => ( ( "host" => marketing_test, "port" => 80 ) ), "/referralsummit" => ( ( "host" => marketing_test, "port" => 80 ) ), "/hollysummit" => ( ( "host" => marketing_test, "port" => 80 ) ), "/summitsponsor" => ( ( "host" => marketing_test, "port" => 80 ) ), "/techgirl" => ( ( "host" => marketing_test, "port" => 80 ) ), "/atlanta" => ( ( "host" => marketing_test, "port" => 80 ) ), "/livestream" => ( ( "host" => marketing_test, "port" => 80 ) ), "/yourstory" => ( ( "host" => marketing_test, "port" => 80 ) ), "/yourvideo" => ( ( "host" => marketing_test, "port" => 80 ) ), "/omt" => ( ( "host" => marketing_test, "port" => 80 ) ), "/testimonials" => ( ( "host" => marketing_test, "port" => 80 ) ), "/getcertified" => ( ( "host" => marketing_test, "port" => 80 ) ), "/press" => ( ( "host" => marketing_test, "port" => 80 ) ), "/scottrademerger" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ebook" => ( ( "host" => marketing_test, "port" => 80 ) ), "/pricing-table" => ( ( "host" => marketing_test, "port" => 80 ) ), "/l/" => ( ( "host" => marketing_test, "port" => 80 ) ), "/alpha" => ( ( "host" => marketing_test, "port" => 80 ) ), "/schwab" => ( ( "host" => marketing_test, "port" => 80 ) ), "/etrade" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tda" => ( ( "host" => marketing_test, "port" => 80 ) ), "/sean" => ( ( "host" => marketing_test, "port" => 80 ) ), "/chicagosean" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wp-json" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cloudlinks" => ( ( "host" => marketing_test, "port" => 80 ) ), "/brand-guide" => ( ( "host" => marketing_test, "port" => 80 ) ), "/centaur" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wealth" => ( ( "host" => marketing_test, "port" => 80 ) ), "/brokerageplus" => ( ( "host" => marketing_test, "port" => 80 ) ), "/papertrade" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ti-" => ( ( "host" => marketing_test, "port" => 80 ) ), "/sponsor" => ( ( "host" => marketing_test, "port" => 80 ) ), "/setup" => ( ( "host" => marketing_test, "port" => 80 ) ), "/swingtrading" => ( ( "host" => marketing_test, "port" => 80 ) ), "/rangebreak" => ( ( "host" => marketing_test, "port" => 80 ) ), "/activeinvesting" => ( ( "host" => marketing_test, "port" => 80 ) ), "/contact" => ( ( "host" => marketing_test, "port" => 80 ) ), "/chat" => ( ( "host" => marketing_test, "port" => 80 ) ), "/live" => ( ( "host" => marketing_test, "port" => 80 ) ), "/features" => ( ( "host" => marketing_test, "port" => 80 ) ), "/pricing" => ( ( "host" => marketing_test, "port" => 80 ) ), "/media" => ( ( "host" => marketing_test, "port" => 80 ) ), "/education" => ( ( "host" => marketing_test, "port" => 80 ) ), "/about" => ( ( "host" => marketing_test, "port" => 80 ) ), "/support" => ( ( "host" => marketing_test, "port" => 80 ) ), "/referral-partners" => ( ( "host" => marketing_test, "port" => 80 ) ), "/privacy-policy" => ( ( "host" => marketing_test, "port" => 80 ) ), "/disclosure" => ( ( "host" => marketing_test, "port" => 80 ) ), "/eula" => ( ( "host" => marketing_test, "port" => 80 ) ), "/billing-policies" => ( ( "host" => marketing_test, "port" => 80 ) ), "/tradeideas" => ( ( "host" => marketing_test, "port" => 80 ) ), "/fl-builder-template" => ( ( "host" => marketing_test, "port" => 80 ) ), "/fl-theme-layout" => ( ( "host" => marketing_test, "port" => 80 ) ), "/w365" => ( ( "host" => marketing_test, "port" => 80 ) ), "/earnings" => ( ( "host" => marketing_test, "port" => 80 ) ), "/addendum-sponsoreduse" => ( ( "host" => marketing_test, "port" => 80 ) ), "/daytradingz-com" => ( ( "host" => marketing_test, "port" => 80 ) ), "/partners" => ( ( "host" => marketing_test, "port" => 80 ) ), "/patrick-wieland" => ( ( "host" => marketing_test, "port" => 80 ) ), "/only-game" => ( ( "host" => marketing_test, "port" => 80 ) ), "/cmt" => ( ( "host" => marketing_test, "port" => 80 ) ), "/CM" => ( ( "host" => marketing_test, "port" => 80 ) ), "/onlygame" => ( ( "host" => marketing_test, "port" => 80 ) ), "/lessons" => ( ( "host" => marketing_test, "port" => 80 ) ), "/test-drive" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ForDevelopers" => ( ( "host" => marketing_test, "port" => 80 ) ), "/AccountManagement/InfusionCancelSubscription.php" => ( ( "host" => marketing_test, "port" => 80 ) ), "/AccountManagement/InfusionChangeSubscription.php" => ( ( "host" => marketing_test, "port" => 80 ) ), "/AccountManagement/index.html" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ChooseMobile.html" => ( ( "host" => marketing_test, "port" => 80 ) ), "/Generic2Window.html" => ( ( "host" => marketing_test, "port" => 80 ) ), "/author" => ( ( "host" => marketing_test, "port" => 80 ) ), "/bplus" => ( ( "host" => marketing_test, "port" => 80 ) ), "/indicators" => ( ( "host" => marketing_test, "port" => 80 ) ), "/strategy" => ( ( "host" => marketing_test, "port" => 80 ) ), "/strength" => ( ( "host" => marketing_test, "port" => 80 ) ), "/.well-known" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ibkr" => ( ( "host" => marketing_test, "port" => 80 ) ), "/job" => ( ( "host" => marketing_test, "port" => 80 ) ), "/post-a-job" => ( ( "host" => marketing_test, "port" => 80 ) ), "/jm-ajax" => ( ( "host" => marketing_test, "port" => 80 ) ), "/user-guide" => ( ( "host" => marketing_test, "port" => 80 ) ), "/guide" => ( ( "host" => marketing_test, "port" => 80 ) ), "/ibkr-drive" => ( ( "host" => marketing_test, "port" => 80 ) ), "/nice" => ( ( "host" => marketing_test, "port" => 80 ) ), "/mac" => ( ( "host" => marketing_test, "port" => 80 ) ), "/race" => ( ( "host" => marketing_test, "port" => 80 ) ), "/sale" => ( ( "host" => marketing_test, "port" => 80 ) ), "/start" => ( ( "host" => marketing_test, "port" => 80 ) ), "/getstarted" => ( ( "host" => marketing_test, "port" => 80 ) ), "/getting-started-webinar" => ( ( "host" => marketing_test, "port" => 80 ) ), "/bb-" => ( ( "host" => marketing_test, "port" => 80 ) ), "/centerpoint" => ( ( "host" => marketing_test, "port" => 80 ) ), "/nauss" => ( ( "host" => marketing_test, "port" => 80 ) ), "/page" => ( ( "host" => marketing_test, "port" => 80 ) ), "/suna" => ( ( "host" => marketing_test, "port" => 80 ) ), "/wolf" => ( ( "host" => marketing_test, "port" => 80 ) ), "/story" => ( ( "host" => marketing_test, "port" => 80 ) ), "" => ( ( "host" => bob_saget, "port" => 9981 ) ) ) $HTTP["url"] =~ "^[/]+$" { proxy.server = ("" => ( ( "host" => marketing_test, "port" => 80 ) ) ) } $HTTP["url"] =~ "^.*sitemap\.xml$" { proxy.server = ("" => ( ( "host" => marketing_test, "port" => 80 ) ) ) } # proxy.server = ( "" => ( ( "host" => product, "port" => "9444" ))) } else $HTTP["host"] == "secure.trade-ideas.com" { # Explicitly adding secure here so that I can redirect munin to donbot # it should move to the real web server at some point but for now I am # constantly reconfiguring and restarting so this minimizes impact on # our regular web traffic proxy.server = ( "/munin" => ( ( "host" => bob_saget, "port" => 9443 ) ), "/proxy/" => ( ( "host" => bob_saget, "port" => 9443 ) ), "" => ( ( "host" => product, "port" => 9443 ) ) ) } else $SERVER["socket"] != "else" { # Everything else goes to our normal apache server. This port is reserved # for forwarded https requests. proxy.server = ( "" => ( ( "host" => product, "port" => "9443" ))) } # $HTTP["url"] =~ "^/Lightspeed(/.*)$" { # # This will go to will for testing. This will eventually be moved to # # Bob saget, with our back office and most of our other PHP scripts. # proxy.server = ( "" => ( ( "host" => "69.43.145.248", "port" => "80") # } } else $SERVER["socket"] != ":443" { # Not HTTPS. $HTTP["host"] == "js-proxy-test.trade-ideas.com" { # More or less a clone of hadoop.trade-ideas.com # http://js-proxy-test.trade-ideas.com/TIProWeb/TIPro.html is a good place to set your browser. server.document-root = server_root + "/vhost/hadoop/" # But the jsproxy logic goes to morbo, a test server. $HTTP["url"] =~ "^/jsproxy/" { # For simplicity we're currently skipping X-Unique_Base_Dir # For a test environment it's usually best to send everyone to the same server. scgi.server = ("" => (( "host" => "192.168.1.254", "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } } else $HTTP["url"] =~ "^/jsproxy/" { setenv.add-request-header = ( "X-Unique_Base_Dir" => "jsproxy-" ) scgi.server = ("" => (( "host" => "127.0.0.1", "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-dice/" { scgi.server = ("" => (( "host" => dice, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-dana/" { scgi.server = ("" => (( "host" => dana, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["url"] =~ "^/jsproxy-y2k/" { scgi.server = ("" => (( "host" => y2k, "port" => 4433, "disable-time" => 2, "check-local" => "disable")) ) } else $HTTP["host"] == "hadoop.trade-ideas.com" { url.redirect-code = 307 url.redirect = (".*" => "https://hadoop.trade-ideas.com$0") # Simple static files that were made to go with /jsproxy/. Mostly stuff # created by GWT with very simple HTML files to get them started. New # projects can be part of any web site that goes through this proxy. # Originally ony the hadoop domain pointed to the /jsproxy/. #server.document-root = server_root + "/vhost/hadoop/" } else $HTTP["host"] == "static.trade-ideas.com" { # Simple static files like icons which don't have to go through Apache. # Serve them directly through lighttpd for effeciency. server.document-root = server_root + "/vhost/static/" } else $HTTP["host"] == "scott-staging.trade-ideas.com" { # The original test set up. This will go away soon. We don't plan # to support this long term. proxy.server = ( "/wp-content" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-includes" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-login" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-admin" => ( ( "host" => marketing, "port" => 80 ) ), "/faqs/" => ( ( "host" => marketing, "port" => 80 ) ), "/home" => ( ( "host" => marketing, "port" => 80 ) ), "/about-us" => ( ( "host" => marketing, "port" => 80 ) ), "/products" => ( ( "host" => marketing, "port" => 80 ) ), "/services" => ( ( "host" => marketing, "port" => 80 ) ), "/support-and-education" => ( ( "host" => marketing, "port" => 80 ) ), "/trade-ideas-university" => ( ( "host" => marketing, "port" => 80 ) ), "/import-tags-page" => ( ( "host" => marketing, "port" => 80 ) ), "" => ( ( "host" => marketing, "port" => 80 ) ) ) $HTTP["url"] =~ "^[/]+$" { proxy.server = ("" => ( ( "host" => marketing, "port" => 80 ) ) ) } } else $HTTP["host"] == "pro.trade-ideas.com" { url.redirect = (".*" => "https://pro.trade-ideas.com$0") } else $HTTP["host"] == "www.trade-ideas.com" { $HTTP["url"] =~ "^/cms_static/ai_channel" { proxy.server = ( "/cms_static/ai_channel" => ( ( "host" => marketing, "port" => 80 ) ) ) } else $HTTP["scheme"] == "http" { url.redirect = (".*" => "https://www.trade-ideas.com$0") } } # We are now redirecting everything www to https above. The below code was # for the regular http site. I'm saving it for the moment in case it needs # to be reverted in the near future. After a few days of running https only # this can probably be removed. It can always be re-created by copying the # rules from the HTTPS site. It was a minor pain to keep these in rules in # sync between the two. else $HTTP["host"] == "unreachable.trade-ideas.com" { # The main web site. The word press / CMS stuff will go to marvin. The # interesting code will go to bob-saget. We use a special port number # on bob-saget to match these requests. proxy.server = ( "/wp-content" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-includes" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-login" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-admin" => ( ( "host" => marketing, "port" => 80 ) ), "/awtotw" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-cron.php" => ( ( "host" => marketing, "port" => 80 ) ), "/buy29awoffer" => ( ( "host" => marketing, "port" => 80 ) ), "/awtipro29" => ( ( "host" => marketing, "port" => 80 ) ), "/cta-tow-screener" => ( ( "host" => marketing, "port" => 80 ) ), "/27-scanner-offer" => ( ( "host" => marketing, "port" => 80 ) ), "/towmar112015" => ( ( "host" => marketing, "port" => 80 ) ), "/ti20" => ( ( "host" => marketing, "port" => 80 ) ), "/faqs/" => ( ( "host" => marketing, "port" => 80 ) ), "/home/phil/" => ( ( "host" => product, "port" => 9980 ) ), "/home" => ( ( "host" => marketing, "port" => 80 ) ), "/about-us" => ( ( "host" => marketing, "port" => 80 ) ), "/products" => ( ( "host" => marketing, "port" => 80 ) ), "/glossary" => ( ( "host" => marketing, "port" => 80 ) ), "/services" => ( ( "host" => marketing, "port" => 80 ) ), "/sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/faq-category/" => ( ( "host" => marketing, "port" => 80 ) ), "/go/" => ( ( "host" => marketing, "port" => 80 ) ), "/testimonial/" => ( ( "host" => marketing, "port" => 80 ) ), "/cta/" => ( ( "host" => marketing, "port" => 80 ) ), "/BigTable" => ( ( "host" => marketing, "port" => 80 ) ), "/support-and-education" => ( ( "host" => marketing, "port" => 80 ) ), "/trade-ideas-university" => ( ( "host" => marketing, "port" => 80 ) ), "/import-tags-page" => ( ( "host" => marketing, "port" => 80 ) ), "/cms_static/" => ( ( "host" => marketing, "port" => 80 ) ), "/strategy-development/" => ( ( "host" => marketing, "port" => 80 ) ), "/stocktoberfest" => ( ( "host" => marketing, "port" => 80 ) ), "/tnw" => ( ( "host" => marketing, "port" => 80 ) ), "/specials" => ( ( "host" => marketing, "port" => 80 ) ), "/barrie" => ( ( "host" => marketing, "port" => 80 ) ), "/tradingroom" => ( ( "host" => marketing, "port" => 80 ) ), "/ai" => ( ( "host" => marketing, "port" => 80 ) ), "/holly_gifs" => ( ( "host" => product, "port" => 9980 ) ), "/holly" => ( ( "host" => marketing, "port" => 80 ) ), "/project" => ( ( "host" => marketing, "port" => 80 ) ), "/preview" => ( ( "host" => marketing, "port" => 80 ) ), "/steve" => ( ( "host" => marketing, "port" => 80 ) ), "/free" => ( ( "host" => marketing, "port" => 80 ) ), "/price" => ( ( "host" => marketing, "port" => 80 ) ), "/webinar" => ( ( "host" => marketing, "port" => 80 ) ), "/beta" => ( ( "host" => marketing, "port" => 80 ) ), "/TNWS" => ( ( "host" => marketing, "port" => 80 ) ), "/testdrive" => ( ( "host" => marketing, "port" => 80 ) ), "/lightspeed" => ( ( "host" => marketing, "port" => 80 ) ), "/download" => ( ( "host" => marketing, "port" => 80 ) ), "/promos" => ( ( "host" => product, "port" => 9980 ) ), "/pro" => ( ( "host" => marketing, "port" => 80 ) ), "/web" => ( ( "host" => marketing, "port" => 80 ) ), "/openhouse" => ( ( "host" => marketing, "port" => 80 ) ), "/pricealerts" => ( ( "host" => marketing, "port" => 80 ) ), "/cyberu" => ( ( "host" => marketing, "port" => 80 ) ), "/20" => ( ( "host" => marketing, "port" => 80 ) ), "/blog" => ( ( "host" => marketing, "port" => 80 ) ), "/janetalk" => ( ( "host" => marketing, "port" => 80 ) ), "/feed" => ( ( "host" => marketing, "port" => 80 ) ), "/category" => ( ( "host" => marketing, "port" => 80 ) ), "/post-" => ( ( "host" => marketing, "port" => 80 ) ), "/page-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/qa_faqs-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/project-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/glossary-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/snp_popups-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/category-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/main-sitemap" => ( ( "host" => marketing, "port" => 80 ) ), "/tag" => ( ( "host" => marketing, "port" => 80 ) ), "/referral.html" => ( ( "host" => product, "port" => 9980 ) ), "/referral" => ( ( "host" => marketing, "port" => 80 ) ), "/stocksoptions" => ( ( "host" => marketing, "port" => 80 ) ), "/new-homepage" => ( ( "host" => marketing, "port" => 80 ) ), "/assets" => ( ( "host" => marketing, "port" => 80 ) ), "/5daypreview" => ( ( "host" => marketing, "port" => 80 ) ), "/interactivebrokers" => ( ( "host" => marketing, "port" => 80 ) ), "/tiwealth" => ( ( "host" => marketing, "port" => 80 ) ), "/training" => ( ( "host" => marketing, "port" => 80 ) ), "/account" => ( ( "host" => marketing, "port" => 80 ) ), "/password" => ( ( "host" => marketing, "port" => 80 ) ), "/upgrade" => ( ( "host" => marketing, "port" => 80 ) ), "/strategies" => ( ( "host" => marketing, "port" => 80 ) ), "/tom" => ( ( "host" => marketing, "port" => 80 ) ), "/tmarks" => ( ( "host" => marketing, "port" => 80 ) ), "/eagle" => ( ( "host" => marketing, "port" => 80 ) ), "/sterling" => ( ( "host" => marketing, "port" => 80 ) ), "/startpro" => ( ( "host" => marketing, "port" => 80 ) ), "/summit" => ( ( "host" => marketing, "port" => 80 ) ), "/referralsummit" => ( ( "host" => marketing, "port" => 80 ) ), "/hollysummit" => ( ( "host" => marketing, "port" => 80 ) ), "/summitsponsor" => ( ( "host" => marketing, "port" => 80 ) ), "/techgirl" => ( ( "host" => marketing, "port" => 80 ) ), "/atlanta" => ( ( "host" => marketing, "port" => 80 ) ), "/livestream" => ( ( "host" => marketing, "port" => 80 ) ), "/yourstory" => ( ( "host" => marketing, "port" => 80 ) ), "/yourvideo" => ( ( "host" => marketing, "port" => 80 ) ), "/omt" => ( ( "host" => marketing, "port" => 80 ) ), "/testimonials" => ( ( "host" => marketing, "port" => 80 ) ), "/getcertified" => ( ( "host" => marketing, "port" => 80 ) ), "/press" => ( ( "host" => marketing, "port" => 80 ) ), "/scottrademerger" => ( ( "host" => marketing, "port" => 80 ) ), "/ebook" => ( ( "host" => marketing, "port" => 80 ) ), "/pricing-table" => ( ( "host" => marketing, "port" => 80 ) ), "/l/" => ( ( "host" => marketing, "port" => 80 ) ), "/alpha" => ( ( "host" => marketing, "port" => 80 ) ), "/schwab" => ( ( "host" => marketing, "port" => 80 ) ), "/etrade" => ( ( "host" => marketing, "port" => 80 ) ), "/tda" => ( ( "host" => marketing, "port" => 80 ) ), "/sean" => ( ( "host" => marketing, "port" => 80 ) ), "/chicagosean" => ( ( "host" => marketing, "port" => 80 ) ), "/wp-json" => ( ( "host" => marketing, "port" => 80 ) ), "/cloudlinks" => ( ( "host" => marketing, "port" => 80 ) ), "/brand-guide" => ( ( "host" => marketing, "port" => 80 ) ), "/centaur" => ( ( "host" => marketing, "port" => 80 ) ), "/wealth" => ( ( "host" => marketing, "port" => 80 ) ), "/brokerageplus" => ( ( "host" => marketing, "port" => 80 ) ), "/papertrade" => ( ( "host" => marketing, "port" => 80 ) ), "/ti-" => ( ( "host" => marketing, "port" => 80 ) ), "/sponsor" => ( ( "host" => marketing, "port" => 80 ) ), "/setup" => ( ( "host" => marketing, "port" => 80 ) ), "/swingtrading" => ( ( "host" => marketing, "port" => 80 ) ), "/rangebreak" => ( ( "host" => marketing, "port" => 80 ) ), "/activeinvesting" => ( ( "host" => marketing, "port" => 80 ) ), "/contact" => ( ( "host" => marketing, "port" => 80 ) ), "/chat" => ( ( "host" => marketing, "port" => 80 ) ), "/live" => ( ( "host" => marketing, "port" => 80 ) ), "/page" => ( ( "host" => marketing, "port" => 80 ) ), "/suna" => ( ( "host" => marketing, "port" => 80 ) ), "/wolf" => ( ( "host" => marketing, "port" => 80 ) ), "/story" => ( ( "host" => marketing, "port" => 80 ) ), "" => ( ( "host" => product, "port" => 9980 ) ) ) $HTTP["url"] =~ "^[/]+$" { proxy.server = ("" => ( ( "host" => marketing, "port" => 80 ) ) ) } $HTTP["url"] =~ "^.*sitemap\.xml$" { proxy.server = ("" => ( ( "host" => marketing, "port" => 80 ) ) ) } } else $HTTP["host"] == "lab.trade-ideas.com" { # Test setup mirroring the live setup above. Instead of bob-saget and # marvin, this points to will and pablo. include "lab-bob-saget-test.conf" $HTTP["url"] =~ "^[/]+$" { proxy.server = ("" => ( ( "host" => marketing_test, "port" => 80 ) ) ) } $HTTP["url"] =~ "^.*sitemap\.xml$" { proxy.server = ("" => ( ( "host" => marketing_test, "port" => 80 ) ) ) } } else $HTTP["host"] == "legacy.trade-ideas.com" { # The old but current main web site. Most stuff goes to bob-saget # like normal. The BigTable directory is goes to marvin. This is # part of the migration to the new web setup. BigTable contains files # that are not part of the CMS, but are under direct control of the # marketing department. In particular, the welcome screen for E*TRADE # is here. proxy.server = ( "/BigTable" => ( ( "host" => marketing, "port" => 80 ) ), "" => ( ( "host" => product, "port" => 80 ) ) ) } else $HTTP["host"] == "secure.trade-ideas.com" { # Explicitly adding secure here so that I can redirect munin to donbot # it should move to the real web server at some point but for now I am # constantly reconfiguring and restarting so this minimizes impact on # our regular web traffic proxy.server = ( "/munin" => ( ( "host" => donbot, "port" => 80 ) ), "" => ( ( "host" => product, "port" => 80 ) ) ) } else $SERVER["socket"] != "else" { # Any other non-HTTPS virtual host goes to bob-saget. This goes to the # the normal port, port 80, to minimize the changes. Only the main # site, which was mostly redone, moves to the new port. proxy.server = ("" => ( ( "host" => product, "port" => 80 ) ) ) } } # The following has been done. I'll leave the text here until I have time to # clean it up. It does a good job of describing what I actually did. # TODO: I want the /jsproxy/ server to run more like ax_alert_server. Both # machines should be active at once. Use this for load balancing and automatic # failover. # # I've already done a lot of the work. There are two big parts to this. # # Part 1 is stickiness. The client sends a series of HTTP requests to the # server. If the initialzation message (which creates a new virtual # connection) gets forwarded to one particular server, then all other HTTPS # in that virtual connection need to go to that same server. However, when # the client sends a new initialization message, that needs to go back to the # load balancer, and that might go to a different server. That's essential # for failover. Some load balancers use the client's IP address to pick a # server. That would give us too much stickiness and would break the failover. # # We accomplish this by having different rules in the http proxy. It would # be something like: # 1) URLs matching ^/jsproxy/ go to the load balancer to pick a jsproxy # server. # 2) URLs matching ^/jsproxy-dice/ go to the jsproxy server on dice. # 3) URLs matching ^/jsproxy-dana/ go to the jsproxy server on dana. # The client would have an initial URL like # https://wwww.trade-ideas.com/jsproxy/connect.tcl, matching rule 1. The # connect logic in jsproxy always sends the client back a new URL used to # continue the conversation. Each jsproxy server would be configured slightly # differently. The jsproxy server would create a URL matching rule #2 or #3. # # The logic for part 1 is already built into the jsproxy code. But it has # barely been tested and there may still be some work involved. In particular, # we've never configured lighttpd as desribed in part 2, so we might need to # modify the requirements/interface some. # # Part 2 is the load balancing. lighttpd has some support for load balancing, # but it won't work for us. The problem is that our initialization message # is very quick. (The client sends a request and the server responds almost # immediately. No interesting communications happen until this is done.) # lighttpd thinks that the server is free because there are no outstanding # messages. Worse yet, if all servers are free, it always sends requests to # the first server in the list. Imagine the first server goes down. It might # always appear free to lighttpd. So lighttpd would send most or all requests # to the broken ever. Even if we ignore the failover issue, this logic would # do a poor job of load balancing. # # The solution is to use iptables to do the load balancing and failover. # Rules 2 and 3, will point directly to the jsproxy server. Rule 1 will point # to a virtual address, handled by iptables. # # iptables will use round robin to distribute the conneciton requests. That # works well for ax_alert_server. But there is one difference for jsproxy. # The iptables rules for ax_alert_server work if the client is inside or # outside of the firewall, but not if the client is running on the firewall. # That's never been an issue for ax_alert_server. But we typically run # lightttpd on the firewall. See http://serverfault.com/questions/211536/iptables-port-redirect-not-working-for-localhost # for instructions on how to set this up. # Note: There's a reason why we have two copies of the jsproxy logic. It # seems like maybe a bug in lighttpd. If I have an outer if that looks for # the URL, and an inner if that looks at $SERVER[socket"], and inside of that # I'm doing proxying, it seems to get confused. Doing a redirect instead of # proxy, but keeping the if's the same, seemed to work as expected. My work- # around was to move the $SERVER["socket"] to the outside and move the # $HTTP["url"] =~ "^/jsproxy/" to the inside. That required me to duplicate # some lines. # Note: lighttpd -t -f lighttpd.conf # That's a useful command. It seems that if I'm missing a } and I restart, # lighttpd will fail badly, without an error message. That command will report # any errors to the standard output without putting you in any danger.