WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

copr-anubis: loosen policies (go through defaults), allow essentials

Browse Source
This commit is contained in:
Jiri Kyjovsky
2026-01-08 16:19:28 +01:00
parent 5765dd09b5
commit 3595436104
7 changed files with 82 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/copr/dist_git/templates/ssl.conf.j2
View File

@@ -33,13 +33,10 @@ SSLCryptoDevice builtin
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set "X-Http-Version" "%{SERVER_PROTOCOL}s"
# /{{ cgit_uri }}/ goes through Anubis (configured with BASE_PREFIX=/{{ cgit_uri }})
ProxyPass /{{ cgit_uri }}/ http://localhost:8987/{{ cgit_uri }}/
ProxyPassReverse /{{ cgit_uri }}/ http://localhost:8987/{{ cgit_uri }}/
# Everything else goes directly to backend
ProxyPass / http://localhost:8345/
ProxyPassReverse / http://localhost:8345/
# All traffic goes through Anubis for bot protection.
# Policies control which endpoints are protected vs allowed in /etc/anubis/policies.yaml
ProxyPass / http://localhost:8987/
ProxyPassReverse / http://localhost:8987/
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars

11
roles/copr/frontend/templates/httpd/coprs.conf
View File

@@ -85,13 +85,10 @@ WSGIApplicationGroup %{GLOBAL}
ProxyRequests Off
ProxyVia Off
# /coprs/ goes through Anubis (configured with BASE_PREFIX=/coprs)
ProxyPass /coprs/ http://127.0.0.1:8987/coprs/
ProxyPassReverse /coprs/ http://127.0.0.1:8987/coprs/
# Everything else goes directly to backend
ProxyPass / http://127.0.0.1:8345/
ProxyPassReverse / http://127.0.0.1:8345/
# All traffic goes through Anubis for bot protection.
# Policies control which endpoints are protected vs allowed in /etc/anubis/policies.yaml
ProxyPass / http://127.0.0.1:8987/
ProxyPassReverse / http://127.0.0.1:8987/
</VirtualHost>