I hope I got this right. This IP is trying Little Bobby Tables
attacks on openQA and it's making the servers crash.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Moved to openshift in 2022 (see e.g. ab4db44) and was dropped from
the haproxy config in 55056c6, nothing listens on 10022 on the
proxies these days.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
See cb22afd (removed ask config in 2018). It's been gone since
then. Nothing listens on 10021 on the proxies.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
See 5413a21 (noting it was moved to openshift in 2020) and
55056c6 (removed it from haproxy config).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Was moved to openshift long ago. All of these URLs are now just
302s to bodhi.fedoraproject.org in the httpd config. Nothing
listens on port 10009 on the proxies.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
I'm pretty sure this is a vestige of FAS2. 'fas01' resolves on
*most* proxies, but to an IP address that doesn't exist. On
proxy01.stg (but not proxy02.stg for some reason?) it does not
resolve at all, and this causes varnish to fail to start up.
Let's just get rid of it.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is a bit ugly, but can't think of a better way right now.
Since @kparal is using this migration of testdays-web from prod
pagure to staging forgejo as a test case for prod migrations in
general, let's make sure it works properly by proxying attachment
requests to prod pague instead of staging.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This should 'fix' broken redirects in the elections UI, see
https://pagure.io/fedora-infrastructure/issue/12997 .
This probably isn't ultimately the correct fix but it should make
things work for now. The real issue seems to be that elections'
custom WSGI app wrapper which attempts to handle the app being
reverse-proxied doesn't handle all proxied headers and/or doesn't
handle comma-separated list values. The long-term fix is likely
to be using werkzeug/middleware/proxy_fix.py instead, see
https://pagure.io/elections/issue/106 .
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This turned out to be a bit complicated, see
https://codeberg.org/forgejo/forgejo/issues/6360#issuecomment-9010932 . Pagure
images in comments use root-relative Markdown links, like this:
but Forgejo renders those relative to *the repo*, not the server root, so
they get rendered as something like:
<img src="/forgejoorg/forgejorepo/group/repo/issue/raw/files/image.png">
However, it does *not* do this for *non-image* root-relative links, so those
aren't 'broken'. This means we need to handle *both* cases in the proxying,
and we also need to keep in mind that Pagure allows repos without a group.
So we can wind up with one, two, three or four folders before /issue.
I did some testing and I *think* this should cover all cases. I've tested
this does fix images, I haven't tested on a non-image attachment yet (need
to find one).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The attachment reverse proxy was failing for several reasons, one
of which is that SSL options weren't set up correctly so the SSL
connection to pagure.io failed. This adds a Proxy section for
stg.pagure.io with the appropriate settings to make it work.
There are still several other issues, but this at least fixes the
SSL problem.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
