WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-04 20:30:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,760 Commits 9 Branches 0 Tags
ee649ba38cd2665db38e470c00a33add27ffd4e9
Commit Graph

100 Commits

Author SHA1 Message Date
Kevin Fenzi
4f2d7f0362 Just disallow /updates. Not much point in bodhi updates being in search engines. 2015-04-23 15:01:16 +00:00
Patrick Uiterwijk
88cc733244 Also tell riddler we don't like them 2015-04-23 14:50:53 +00:00
Kevin Fenzi
daf911784a Sync ssh_known_hosts to the proxies 2015-04-02 17:34:56 +00:00
Patrick Uiterwijk
141cc34862 Remove ip-specific listening 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-03-30 21:47:11 +00:00
Stephen Smoogen
7cba4be63c and we have ipv6 2015-03-30 20:40:48 +00:00
Stephen Smoogen
73d8098fc2 oh yeah.. vpn 2015-03-23 22:51:30 +00:00
Stephen Smoogen
a1b74f4caf and we try to make listspam a little less. 2015-03-23 21:56:21 +00:00
Kevin Fenzi
1e7e1ec92c Add proxy02. Drop second ip. 2015-02-21 22:28:28 +00:00
Kevin Fenzi
fdad2cd006 Drop the one ip on proxy07 to prep for moving it over to ansible 2015-02-21 16:48:39 +00:00
Patrick Uiterwijk
fa1f170788 Revert "Set HSTS on id.fp.o manually to disable subdomains" 
This reverts commit 62c73923f3.
 2015-02-20 21:41:32 +00:00
Patrick Uiterwijk
62c73923f3 Set HSTS on id.fp.o manually to disable subdomains 2015-02-20 21:32:18 +00:00
Kevin Fenzi
64d93edcd8 Lets try and get things in phx2 to use proxy10 instead of proxy01. 2015-02-18 22:53:10 +00:00
Till Maas
2ac8a57d05 Set HSTS header in TLS vhost 2015-02-12 21:52:36 +01:00
Till Maas
ce8655f7d1 Set HSTS for sslonly websites in roles/httpd/reverseproxy 2015-02-12 21:41:27 +01:00
Patrick Uiterwijk
2b1d97f004 Set the X-Scheme header as we agreed on 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-02-11 09:47:49 +00:00
Kevin Fenzi
73dee1dc7f Stab at making our lower mem proxies happier so they don't nagios flood us 2015-02-06 18:16:31 +00:00
Stephen Smoogen
4fad601cfd and we really need to make sure we use the right ip address. 2015-02-05 23:50:58 +00:00
Kevin Fenzi
c9ad5669ce Quash one of proxy06's ips so we only have 1 for it. 2015-02-05 22:38:38 +00:00
Till Maas
bd5407d679 Add HSTS header to bodhi, elections, fas, pkgdb 
Seems like this needs to be configured in the reverse proxy config as it
is done for id.
 2015-02-04 15:24:01 +01:00
Till Maas
e67081afe1 Improve HSTS header 
- always set the header to make it hopefully appear on redirect as well
  (https://fedorahosted.org/fedora-infrastructure/ticket/2888#comment:11)
- set preload, to make it more likely that subdomains can be
  added to preload list
 2015-02-04 11:49:05 +01:00
Kevin Fenzi
a5d5bfff7f Try and make proxies not replace files twice and also fix el7 python hash hotfix. 2015-02-02 00:39:49 +00:00
Kevin Fenzi
09fb09d20d Drop crawl-delay down to 1 2015-01-29 00:00:21 +00:00
Kevin Fenzi
5c03699109 more poking at nagios 2015-01-26 21:28:17 +00:00
Kevin Fenzi
ef32289804 Try and nuke .146 proxy04 second ip address. 2015-01-26 20:55:05 +00:00
Kevin Fenzi
2d8f1e4b94 Clean up httpd.conf for new 2.4 options and names. 2015-01-21 22:54:35 +00:00
Kevin Fenzi
ef0cffd7dc Lets try this. 2015-01-21 22:19:11 +00:00
Kevin Fenzi
92283b6b96 More nuking of second wildcard ip on proxy03 2015-01-21 00:13:34 +00:00
Ralph Bean
4af47a45c3 Default the ssl chain file to wildcard-2014.fedoraproject.org.intermediate.cert. 2015-01-20 14:34:02 +00:00
Ralph Bean
8320ac0165 Try to complain if ips or cert_name are not specified. 2015-01-19 19:28:33 +00:00
Ralph Bean
5e1d2fc494 Specify setype for robots.txt. 2015-01-06 21:21:31 +00:00
Ralph Bean
b9180755f4 Collapse old references to .89 over to .88. 2015-01-06 20:22:56 +00:00
Ralph Bean
968b26b882 Install libsemanage-python so we can manage selinux with python... 2015-01-06 19:26:55 +00:00
Ralph Bean
2053ae2d31 Turn on httpd_can_network_connect for reverseproxy. 2015-01-06 19:23:43 +00:00
Ralph Bean
175bf8ba1f Use conf.modules.d/ 2015-01-06 15:09:12 +00:00
Ralph Bean
2425612a6c Revert "Whitespace." 
This reverts commit 42775091aa.
 2015-01-06 14:45:42 +00:00
Ralph Bean
01cfdf12fb Revert "Trying to match whitespace......." 
This reverts commit f8733de4e5.
 2015-01-06 14:45:27 +00:00
Ralph Bean
f8733de4e5 Trying to match whitespace....... 2015-01-06 14:41:37 +00:00
Ralph Bean
42775091aa Whitespace. 2015-01-06 14:38:47 +00:00
Ralph Bean
f3bdf81c89 Whitespace and slashes. 2014-12-19 15:26:44 +00:00
Ralph Bean
1ff17f6b21 Special-case out mirrormanager2. 2014-12-19 15:25:14 +00:00
Ralph Bean
cc8e08e90b proxy config for docs-backend. 2014-12-18 19:18:00 +00:00
Ralph Bean
9712b89bc6 puppet land to jinja2. 2014-12-18 18:35:33 +00:00
Ralph Bean
7d06598fa8 Set up proxy basics first. 2014-12-18 18:34:05 +00:00
Ralph Bean
f715c99113 Special-case the apache-status rewrite. 2014-12-17 18:32:02 +00:00
Ralph Bean
89c0140ded Add whitespace to help with matching puppet. 2014-12-17 17:52:28 +00:00
Ralph Bean
4e7493ff0b Draft of a domainrewrite role. 2014-12-17 17:43:46 +00:00
Ralph Bean
f1ed898b9f Typofix. 2014-12-12 20:11:24 +00:00
Ralph Bean
f564ccfe20 Add httpd/fingerprints. 2014-12-12 20:09:53 +00:00
Ralph Bean
d585469155 Whitespace. 2014-12-12 19:29:23 +00:00
Ralph Bean
c45adc7d78 Add httpd/mime-type role. 2014-12-12 19:25:49 +00:00