WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-02-03 05:03:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

riscv-kojipkgs: add a custom reversepassproxy config

Browse Source 
This will help not expose things we should not.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2026-01-15 12:36:40 -08:00
parent 5298fcbd4b
commit e5f736c308
1 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
roles/httpd/reverseproxy/templates/reversepassproxy.conf-riscv-kojipkgs.conf Normal file
View File

@@ -0,0 +1,65 @@
{% if 'rdu3' in inventory_hostname %}
{% if rewrite %}
RewriteEngine On
RewriteRule ^{{remotepath}}$ %{REQUEST_URI}/ [R=301]
{% endif %}
{% if header_scheme %}
RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
{% endif %}
{% if header_expect %}
RequestHeader unset Expect early
{% endif %}
{% if keephost %}
ProxyPreserveHost On
{% endif %}
{% if balancer_name is defined %}
SSLProxyEngine On
<Proxy "balancer://{{balancer_name}}-websocket">
{% for member in balancer_members %}
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
{% if remotepath is defined and remotepath != "/" %}
BalancerMember "ws://{{ member }}{{ remotepath }}"
{% else %}
BalancerMember "ws://{{ member }}"
{% endif %}
{% else %}
{% if remotepath is defined and remotepath != "/" %}
BalancerMember "wss://{{ member }}{{ remotepath }}"
{% else %}
BalancerMember "wss://{{ member }}"
{% endif %}
{% endif %}
{% endfor %}
</Proxy>
RewriteEngine on
RewriteRule ".*/(openh264|mozilla-openh264).*.(riscv64|x86_64|armv7hl|i686|ppc64|ppc64le|aarch64|s390x).rpm$" "https://fedoraproject.org/wiki/non-distributable-rpms" [R=302,L]
RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
RewriteCond %{HTTP:Connection} Upgrade [NC]
{% if remotepath is defined and remotepath != "/" %}
RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
{% endif %}
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
<Proxy "balancer://{{balancer_name}}">
{% for member in balancer_members %}
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
BalancerMember "http://{{ member }}"
{% else %}
BalancerMember "https://{{ member }}"
{% endif %}
{% endfor %}
</Proxy>
ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
{% endif %}
{% else %}
Redirect 421 /
{% endif %}