From 9717d920af290ff2608c9e97ed872ff66cb6c1b4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 22 Jan 2026 08:50:34 -0800 Subject: [PATCH] anubis: rename anubis-el8 to anubis-el and see about enabling on download Looks like the scrapers are hitting the download servers now. So, look at setting up an anubis pod there like we did for pagure. anubis package isn't available for epel9, so we just use the container. Will test this with dl01 and tweak until it's working. Signed-off-by: Kevin Fenzi --- playbooks/groups/download.yml | 3 +++ playbooks/groups/pagure.yml | 2 +- .../files/anubis.service | 0 .../files/botPolicy.yaml | 0 .../{anubis-el8 => anubis-el}/tasks/main.yml | 0 .../templates/httpd/dl.fedoraproject.org.conf | 25 +++++++++++++++++++ 6 files changed, 29 insertions(+), 1 deletion(-) rename roles/{anubis-el8 => anubis-el}/files/anubis.service (100%) rename roles/{anubis-el8 => anubis-el}/files/botPolicy.yaml (100%) rename roles/{anubis-el8 => anubis-el}/tasks/main.yml (100%) diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 330a019c5e..7f66d69b12 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -40,6 +40,9 @@ - collectd/base - apache - download + - role: anubis-el + tags: + - anubis - rsyncd - { role: nfs/client, when: "'download_rdu3' in group_names" , mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - { role: nfs/client, when: "'download_rdu3' in group_names" , mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' } diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index eebd6d1d31..ab2b2e4504 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -79,7 +79,7 @@ ^io\.pagure\.{{ env_short }}\..* - pagure - - role: anubis-el8 + - role: anubis-el tags: - anubis diff --git a/roles/anubis-el8/files/anubis.service b/roles/anubis-el/files/anubis.service similarity index 100% rename from roles/anubis-el8/files/anubis.service rename to roles/anubis-el/files/anubis.service diff --git a/roles/anubis-el8/files/botPolicy.yaml b/roles/anubis-el/files/botPolicy.yaml similarity index 100% rename from roles/anubis-el8/files/botPolicy.yaml rename to roles/anubis-el/files/botPolicy.yaml diff --git a/roles/anubis-el8/tasks/main.yml b/roles/anubis-el/tasks/main.yml similarity index 100% rename from roles/anubis-el8/tasks/main.yml rename to roles/anubis-el/tasks/main.yml diff --git a/roles/download/templates/httpd/dl.fedoraproject.org.conf b/roles/download/templates/httpd/dl.fedoraproject.org.conf index c55c9bd037..4376432e27 100644 --- a/roles/download/templates/httpd/dl.fedoraproject.org.conf +++ b/roles/download/templates/httpd/dl.fedoraproject.org.conf @@ -32,7 +32,32 @@ SSLProtocol {{ ssl_protocols }} SSLCipherSuite {{ ssl_ciphers }} + # proxy all requests to anubis after ssl termination + + RequestHeader set "X-Real-Ip" expr=%{REMOTE_ADDR} + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set "X-Http-Version" "%{SERVER_PROTOCOL}s" + + ProxyPreserveHost On + + ProxyRequests Off + ProxyVia Off + + ProxyPass / http://[::1]:8923/ + ProxyPassReverse / http://[::1]:8923/ + + + +# Once anubis has processed the request it sends it to port 3923 + +Listen 3923 http + + ServerName dl.fedoraproject.org + ServerAlias archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org download-ib01.fedoraproject.org download-cc-rdu01.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + Include "conf.d/dl.fedoraproject.org/*.conf" + # Prefork tuning