WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

copr/anubis: fix configuration on frontend to protect only /coprs (same for distgit)

Browse Source 
Anubis was accidentally enabled for all traffic (/) instead of just
the /coprs/ web UI. This caused unnecessary bot challenges for API
clients, dnf/yum, and other automated tools.

Use Anubis BASE_PREFIX to cleanly protect only specific endpoints:
- Frontend: /coprs/ (web UI)
- Dist-git: /{{ cgit_uri }}/ (package browser)

https://anubis.techaro.lol/docs/admin/installation#using-base-prefix
This commit is contained in:
Jiri Kyjovsky
2026-01-07 13:51:19 +01:00
parent 66ea3d1769
commit d79d6ca487
10 changed files with 39 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/copr/frontend/templates/httpd/coprs.conf
View File

@@ -85,8 +85,13 @@ WSGIApplicationGroup %{GLOBAL}
ProxyRequests Off
ProxyVia Off
ProxyPass / http://127.0.0.1:8987/
ProxyPassReverse / http://127.0.0.1:8987/
# /coprs/ goes through Anubis (configured with BASE_PREFIX=/coprs)
ProxyPass /coprs/ http://127.0.0.1:8987/coprs/
ProxyPassReverse /coprs/ http://127.0.0.1:8987/coprs/
# Everything else goes directly to backend
ProxyPass / http://127.0.0.1:8345/
ProxyPassReverse / http://127.0.0.1:8345/
</VirtualHost>