WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 13:32:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
fedora-infra_ansible/roles/distgit/templates/lookaside-upload.conf
Kevin Fenzi a6878760ea distgit: increase cgi body to 10G from 1G default to allow larger uploads 
Fixes ticket 11001

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2022-11-23 10:13:00 -08:00

115 lines
3.7 KiB
Plaintext
Raw Blame History

Alias /repo/ /srv/cache/lookaside/
# default SSL configuration...
Listen 443
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
Mutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
Alias /robots.txt /var/www/robots-src.txt
<Location /robots.txt>
Require all granted
</Location>
<VirtualHost _default_:80>
ServerName pkgs{{ env_suffix }}.fedoraproject.org
#RewriteCond expr "! -R '192.168.0.0/16'"
#RewriteCond expr "! -R '10.0.0.0/8'"
#RewriteRule ^(.*)$ https://src.fedoraproject.org/$1 [L,R]
Alias /repo/ /srv/cache/lookaside/
<Location />
Require ip 127.0.0.1
Require ip ::1
Require ip 10.0.0.0/8
Require ip 192.168.0.0/16
</Location>
CustomLog "logs/pkgs-access.log" combined
ErrorLog "logs/pkgs-error.log"
Alias /robots.txt /var/www/robots-pkgs.txt
<Location /robots.txt>
Require all granted
</Location>
RewriteEngine on
RewriteRule "^/.well-known/acme-challenge/(.*)$" "http://src{{ env_suffix }}.fedoraproject.org/.well-known/acme-challenge/$1"
RewriteRule "^/(.*)$" "https://src{{ env_suffix }}.fedoraproject.org/$1"
RewriteRule "^/login/$" "https://src{{ env_suffix }}.fedoraproject.org/login/"
</VirtualHost>
<VirtualHost _default_:443>
# This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /var/www/bin/suexec-upload.sh
Alias /repo/ /srv/cache/lookaside/
ServerName pkgs{{ env_suffix }}.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/pkgs{{ env_suffix }}.fedoraproject.org.cert
SSLCertificateKeyFile /etc/pki/tls/private/pkgs{{ env_suffix }}.fedoraproject.org.key
SSLCertificateChainFile /etc/pki/tls/certs/pkgs{{ env_suffix }}.fedoraproject.org.intermediate.cert
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
</VirtualHost>
# Allow upload via src
<VirtualHost _default_:80>
# This alias must come before the /repo/ one to avoid being overridden.
ScriptAlias /repo/pkgs/upload.cgi /var/www/bin/suexec-upload.sh
Alias /repo/ /srv/cache/lookaside/
ServerName src{{ env_suffix }}.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
ErrorLog logs/ssl_error_log
# default in https 2.4.53 and eariler was unlimited
# In later versions it became 1gb. Thats too small for some package uploads
# So, bump it here to 10GB
LimitRequestBody 10737418240
<Location /repo/pkgs/upload.cgi>
Options +ExecCGI
AuthType GSSAPI
GssapiSSLonly Off
AuthName "GSSAPI Single Sign On Login"
GssapiCredStore keytab:/etc/httpd.keytab
Require valid-user
</Location>
# Insert the redirect rules allowing pagure to override some of its static
# files. This is pagure related not so much lookaside related but since this
# is using a VirtualHost on port 80 we need to group the configs
# Configure static files so that a custom theme can override the defaults
RewriteEngine on
# Check if the static file exists in the template directory
RewriteCond "/usr/share/pagure_dist_git/static/$1" -f
# If it does, use it
RewriteRule "^/static/(.*)" "/usr/share/pagure_dist_git/static/$1" [L]
# Otherwise back out and use the default static folder/theme
{% if env == "staging" or datacenter == "iad2" %}
RewriteRule "^/static/(.*)" "/usr/lib/python3.6/site-packages/pagure/static/$1" [L]
{% else %}
RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]
{% endif %}
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink