WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-02 14:30:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f259ca4e04884b6cdcfc8a171de41a60ac55c8c2
fedora-infra_ansible/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf
Kevin Fenzi 6abea25563 proxies: registry: let ppc64le builders directly access registry 
f39 adds flatpaks for ppc64le, so we need to allow ppc64le builders to
access the registry directly so they can install flatpaks in the ostree
install images. Without this they try and get them from the cdn and the
builder firewall blocks them and it times out and the image fails to
compose.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-10-31 13:46:57 -07:00

122 lines
4.2 KiB
Plaintext
Raw Blame History

RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
ProxyPreserveHost On
{% if env == "production" %}
#
# These conditions are ANDed together and negated, and are the list of things we
# do NOT want to use the cdn. ie, the things not going to the cdn will not match
# here and fall through to the regular registry. Everything else will go to the cdn
#
# We don't want the cdn itself to go to the cdn, it needs to get content from origin
RewriteCond %{HTTP:VIA} !cloudfront
# We have a 'registry-no-cdn' host that we don't want to use the cdn
RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject\.org$
# We don't want some methods to go to the cdn so we can update it
RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$
# osbs hosts shouldn't use the cdn
RewriteCond %{REMOTE_HOST} !^osbs-*$
# builders shouldn't use the cdn for flatpak building.
RewriteCond expr "! -R '10.3.169.0/24'"
RewriteCond expr "! -R '10.3.170.0/24'"
RewriteCond expr "! -R '10.3.171.0/24'"
RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R]
{% endif %}
# This is terible, but Docker.
RewriteCond %{REQUEST_METHOD} ^(PATCH|POST|PUT|DELETE)$
{% if env == "production" %}
RewriteRule ^/v2/(.*)$ http://oci-registry02:5000/v2/$1 [P,L]
{% elif env == "staging" %}
RewriteRule ^/v2/(.*)$ http://oci-registry01:5000/v2/$1 [P,L]
{% endif %}
RewriteRule ^/v2/(.*)$ http://localhost:10048/v2/$1 [P,L]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing-annotations.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest.json [L,PT]
RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest-annotations.json [L,PT]
DocumentRoot /srv/web/registry-index/
<Directory /srv/web/registry-index>
Require all granted
</Directory>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert
SSLOptions +FakeBasicAuth
<Location /v2>
AuthName "Registry Authentication"
AuthType Basic
AuthUserFile /etc/httpd/conf.d/registry.fedoraproject.org/passwd
<Limit GET HEAD>
Require all granted
</Limit>
</Location>
Alias "/index/" "/srv/web/registry-index/index/"
Alias "/app-icons/" "/srv/web/registry-index/icons/"
Alias "/deltas/" "/srv/web/registry-index/deltas/"
Alias "/static/" "/srv/web/registry-index/"
<Directory “/srv/web/registry-index/index/">
Options +FollowSymLinks
ExpiresActive on
ExpiresDefault "access plus 30 minutes"
AllowOverride None
Require all granted
</Directory>
<Directory "/srv/web/registry-index/icons/">
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted
</Directory>
<Directory "/srv/web/registry-index/deltas/">
ExpiresActive on
ExpiresDefault "access plus 1 year"
AllowOverride None
Options +Indexes
Require all granted
</Directory>
Reference in New Issue View Git Blame Copy Permalink