It’s been some time since I’ve done a good ol’ infrastructure post, and the Bigdinosaur.org web stack has evolved a bit over the course of 2018. We’re still using HAProxy, Varnish, and Nginx, but the way these applications connect and how they communicate is very different from my 2017-era config. Let’s dive in!
Excellent points all. The version of HAProxy I’m using is from the Debian maintainers’ PPA and it’s unfortunately built with OpenSSL 1.0.2g; I’d rather not compile HAProxy myself with 1.1.1 because I very much prefer sticking to repos for my major infrastructure applications (just feels better to have another set of eyes on the build configuration).
The production config as-is still scores an A+ on SSL Labs’ test, but I’ll definitely be evolving it as time moves on.