WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-24 10:31:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
29,157 Commits 9 Branches 0 Tags
3183265df60969fca63d9575e1b99d2d646de1e2
Commit Graph

317 Commits

Author SHA1 Message Date
Kevin Fenzi
84d985d2b9 proxies: drop unneeded [OR] 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
713979b3a0 proxies: add registry-no-cdn host to proxies 
This host shares with registry vhost, but if it's used it bypasses downloading from the cdn.
We need this internally on composes that download flatpaks. They need to get them direct
from our registry and not from an external cdn.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Mikolaj Izdebski
a07dfe1c02 Remove koschei from robots.txt for apps.fp.o 2020-04-24 21:34:11 +02:00
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00
Michael Scherer
474fac15f0 Add a option to bypass certgetter01 intercept 
This permit to move, let's say,  blog to a provider
that do support LE natively, but without needing to
transfer the certificate or anything.

Just set "enable_certgetter: false", run the playbook,
do the http01 negociation, and then switch DNS.
 2020-04-24 21:34:09 +02:00
Patrick Uiterwijk
180bd2ee6e Move koji to mod_proxy_balancer 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-22 08:53:46 +02:00
Kevin Fenzi
d056090c7f websites: Disallow robots crawling fas. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-14 16:54:18 +00:00
Patrick Uiterwijk
ce69ca3a1a Swap FAS in prod over to openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-12 21:29:08 +02:00
Patrick Uiterwijk
354d53c8c2 Prepare for moving Ipsilon to openshift in prod 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 16:52:24 +02:00
Patrick Uiterwijk
cb8b0c935d Restrict Proxy server-status to localhost for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-03 20:00:53 +02:00
Mikolaj Izdebski
6fb16a4c69 proxies-redirects: Add another rewrite for cgit on src.fp.o (#7736) 2019-04-25 23:15:33 +02:00
Mikolaj Izdebski
dde66ebd39 proxies-redirects: Add rewrite for cgit on src.fp.o (#7736) 2019-04-25 05:41:58 +02:00
Patrick Uiterwijk
0af40df768 Add Request ID for fun 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-04-13 19:18:26 +00:00
Patrick Uiterwijk
0c7449ea1d Add sslciphers tags 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:41:17 +02:00
Kevin Fenzi
734d1de121 proxy prerelease redirects: try a different way to disable/enable them 
We had a messy setup that needed you to comment a block in one place
and uncomment it in the other. Instead lets try and use the template to
properly handle this and make a file without the redirect when we don't
want it enabled.

This only should affect staging now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-01 18:48:36 +00:00
Alessandro Lorenzi
3430d47412 Site src.fedoraproject.org expires 
refs: #7629
 2019-03-30 23:45:19 +00:00
Patrick Uiterwijk
38dd9cef43 Fix closing quotes and remotepath handling in the balancer members 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 11:44:01 +01:00
Patrick Uiterwijk
b70d43904d Fix broken websocket proxying by double slash in request_uri matching 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 11:39:29 +01:00
Tim Flink
16b791a146 proxies: adding rewritecond to reverseproxy for ws if remotepath exists 
I was hitting an issue where there were multiple reverseproxy instances
configured for a single host and some of the rewrite rules were changing
the request when they shouldn't be.

This patch adds a rewritecond to the websocket rewrite rule to make sure that
the REQUEST_URI starts with $remotepath before it's rewritten.
 2019-03-25 16:56:20 +00:00
Tim Flink
16c2787a56 proxies: Adding remotepath to websocket balancers 
The current template assumes that websockets are at the base of a URL
but that is not true for our buildmaster. This patch adds remotepath
to the end of the websocket url if remotepath is defined.
 2019-03-22 15:23:28 +00:00
Stephen Smoogen
11e2ff87a1 [proxies/robots.txt] Make it so that we force the proxy to use a local robots.txt 
The various openshift tools get hit by various crawlers and do not send
a robots.txt. This seems to be due to the balancer code used to send
back to the nodes. This forces the proxy robots.txt to be honored
always.
 2019-03-19 19:51:11 +00:00
Patrick Uiterwijk
bf6be45d70 Hope that curl fixed their GOAWAY HTTP/2 bug 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-02-25 16:47:23 +01:00
Rick Elrod
0b7bb3b5b3 prep for proxy03 move 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-02-11 23:14:27 +00:00
Patrick Uiterwijk
acf6f6587b Remove workaround for very old ostree 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:27:44 +01:00
Patrick Uiterwijk
f10ce98e0f Disallow cloudfront from accessing ostree refs and summray 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:17:06 +01:00
Rick Elrod
c16f040a40 this dir is needed for robots.txt stuff too 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 03:19:48 +00:00
Rick Elrod
62316d11b2 and make the template point to the new ones 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 02:00:39 +00:00
Rick Elrod
3c2e614eeb Make actual robots.txt files end with .txt so the mime-type is right since apache Alias will preserve the mime-type of the file it points to 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 01:49:44 +00:00
Rick Elrod
77644a5183 Attempt to make crawlers stop scanning stg.fp.o (infra #7514) 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-28 22:43:00 +00:00
Kevin Fenzi
a158c64f7d elections: drop no longer needed releasepassproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-01-23 14:35:36 +00:00
Kevin Fenzi
564fc0fbf1 mirrormanager: redirect 7Server to 7 for epel download redirects. 
Fixes https://pagure.io/fedora-infrastructure/issue/7444

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2018-12-28 20:15:24 +00:00
Patrick Uiterwijk
afde4968e5 And do https if not disabled 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:50:45 +01:00
Patrick Uiterwijk
158847f9b5 OpenQA is non-HTTPS for backend, sadly 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:49:46 +01:00
Patrick Uiterwijk
ee0748715a Allow the HTTP Connection header to contain more for websockets 
Firefox is hell-bent on sending "keep-alive, Upgrade", which did not match
^Upgrade$....
Let's accept either.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:38:40 +01:00
Kevin Fenzi
7c931b3c20 Remove regindexer redirects outside the directory level. 2018-11-05 17:51:55 +00:00
Kevin Fenzi
d57f891ade Fix staging oci-registry to point to 01 only since we don't have a 02 anymore. 
This commit should make no changes to production and thus shouldn't need a freeze break.
 2018-10-11 22:07:33 +00:00
Patrick Uiterwijk
646010c992 Set a default targettype 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:11:17 +02:00
Patrick Uiterwijk
7fcd6b2afd Set tags correctly on the set_fact 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:09:29 +02:00
Patrick Uiterwijk
f3bdabd73a Word ordering is hard 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:01:25 +02:00
Patrick Uiterwijk
7dc41f8f16 Let's see if it's reversed? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:55:21 +02:00
Patrick Uiterwijk
48bf3be669 Try quoting... It worked last time? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:52:05 +02:00
Patrick Uiterwijk
3ffd179216 Simplify reverseproxy for openshift and setup SSL config for it 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:46:08 +02:00
Patrick Uiterwijk
a0a625fd08 Stop overriding the reverseproxy config for bodhi 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:19:05 +02:00
Mikolaj Izdebski
735d10275c Enable proxying of copr api_2 and api_3 2018-09-27 10:12:45 +00:00
Patrick Uiterwijk
f26ac060cb Only do OCSP stapling on the proxies 
The actual cache is only set in the proxy HTTP config.
While we could set the cache path in the other servers' configs as well,
that would be a significantly larger change.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-25 21:52:12 +02:00
Stephen Smoogen
dde378de0a and this will start a long long long proxy push 2018-09-13 21:27:22 +00:00
Patrick Uiterwijk
12186da25f Fix websockets for prod openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 17:33:01 +02:00
Patrick Uiterwijk
4a385eadba Dont use h2 for (app.)os.stg.fedoraproject.org to fix websockets 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:27:39 +02:00
Patrick Uiterwijk
b97a401f57 Make WebSocket possible for (app.)os.stg.fedoraproject.org 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:24:30 +02:00
Kevin Fenzi
45184ad096 adjust config for regindexer some for testing 2018-08-30 18:27:57 +00:00