Hopefully this will help the high ai scraper load and not break
anything.
In the event we need to revert, simply change the proxyurl back to the
haproxy endpoint instead of the varnish endpoint.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The scrapers are now downloading js and css files at a really high rate,
and thats causing a lot of load on pkgs01.
So, lets see if we can just move src behind the varnish on proxies.
This should allow it to return those pretty static files a lot
faster and not cause load on the backend.
However, putting varnish in the path might mess up something, so
lets just test in staging first.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Add Apache reverse proxy configuration to handle Pagure-style attachment
URLs on Fedora Forge. When users paste migrated issue comments containing
attachment links (/<project>/issue/raw/files/<hash>-<filename>), the proxy
transparently fetches them from pagure.io, ensuring attachments display
correctly after migration from Pagure to Forgejo.
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
There was a wildcard cert for id.stg.fedoraproject.org missing. It's now
available so let's use it.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This site is still pointing to iad2, and I can't find anyone who can
point it to rdu3, so I think it's going to just have to go away.
Disable for now, but if no one appears, we should delete it entirely,
as well as the openshift app that serves this website.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This should not have caused any issues, but I want to rule out it being
related to the 503 errors we have been seeing.
it also doesn't do any good to have enabled here as these proxies are
internal only and never would have browsers or crawlers hitting them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Hopefully this goes smoothly. The scrapers are hitting koji particularly
hard so this should be a big win.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is going to be a place that gets tons of load in production as more
things move over to it, so, put it behind anubis in staging to test
that everything works ok with it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This just reuses the existing copr anubis role and adds it into our
proxy setup (in staging only).
A new variable 'anubis' is set globally to false, but can be enabled on
a per site / app basis in the httpd/website role call.
I have set it for koji.stg.
The proxy playbook now should install anubis on staging proxies and then
only use it for the one site thats enabled in configuration.
Before moving to prod:
- testing in staging
- testing with some more staging apps
- perhaps moving the copr anubis role to a base role?
- adding some more bot policy
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
