# ************************************ # Managed by Puppet # ************************************ NameVirtualHost <%= @vhost_name %>:<%= @port %> # Dedicated port for proxy caching, as not to affect afs mirrors. Listen 8080 NameVirtualHost <%= @vhost_name %>:8080 Listen 8081 NameVirtualHost <%= @vhost_name %>:8081 :<%= @port %>> ServerName <%= @srvname %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%> <%= " ServerAlias #{name}\n" %> <% end %> <% elsif @serveraliases != nil -%> <%= " ServerAlias #{@serveraliases}" -%> <% end %> DocumentRoot <%= @docroot %> > Options <%= @options %> AllowOverride None Order allow,deny allow from all Satisfy any = 2.4> Require all granted RewriteEngine On # Pypi's bandersnatch URL's are: # /pypi/simple/index.html # /pypi/simple/a/a/(index.html)? # /pypi/simple/a/a/a-etc.whl # /pypi/simple/a/abcd/(index.html)? # /pypi/simple/a/abcd/abcd-etc.whl RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*) RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L] # Wheel URL's are: # /wheel/{distro}-{distro-version}/a/a/a-etc.whl # /wheel/{distro}-{distro-version}/a/abcd/abcd-etc.whl # /wheel/{distro}-{distro-version}/a/abcde/abcde-etc.whl RewriteCond %{REQUEST_URI} ^/wheel/([^/]+)/([^/])([^/]*) RewriteCond %{DOCUMENT_ROOT}/wheel/$1/$2/$2$3 -d RewriteRule ^/wheel/([^/]+)/([^/])([^/]*)(/.*)?$ /wheel/$1/$2/$2$3$4 [L] # npm's URL's are: # /npm/-/index.json # /npm/a/aabc/index.json # /npm/a/aabc/latest/index.json # /npm/a/aabc/-/aabc-0.0.0.tgz RewriteCond %{REQUEST_URI} ^/npm/([^/])([^/]*) RewriteCond %{DOCUMENT_ROOT}/npm/$1/$1$2 -d RewriteRule ^/npm/([^/])([^/]*)(/.*)?$ /npm/$1/$1$2$3 [L] # TODO(jhesketh): Remove this after bandersnatch implements pep503 # https://bitbucket.org/pypa/bandersnatch/pull-requests/20/fully-implement-pep-503-normalization/diff # Special cases for openstack.nose_plugin & backports.* RewriteRule ^(.*)/openstack-nose-plugin(.*)$ $1/openstack.nose_plugin$2 RewriteRule ^(.*)/backports-(.*)$ $1/backports.$2 RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*) RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L] # Try again but replacing -'s with .'s RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-d RewriteRule (.*)-(.*) $1.$2 [N] RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*) RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L] \/npm\/[^/]+\/.*"> DirectoryIndex index.json AddOutputFilterByType SUBSTITUTE application/json Substitute "s|http://localhost|http://<%= @srvname %>/npm|ni" ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined ServerSignature Off :8080> ServerName <%= @srvname %>:8080 <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%> <%= " ServerAlias #{name}:8080\n" %> <% end %> <% elsif @serveraliases != nil -%> <%= " ServerAlias #{@serveraliases}:8080" -%> <% end %> # Disable directory listing by default. Order Deny,Allow Deny from all Options None AllowOverride None ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_access.log combined ServerSignature Off # Caching reverse proxy for things that don't make sense in AFS # # General cache rules CacheRoot "/var/cache/apache2/proxy" CacheDirLevels 5 CacheDirLength 2 # SSL support SSLProxyEngine on # Prevent thundering herds. CacheLock on CacheLockPath "/tmp/mod_cache-lock" CacheLockMaxAge 5 # 5GiB CacheMaxFileSize 5368709120 # Added Aug 2017 in an attempt to avoid occasional 502 errors (around # 0.05% of requests) of the type: # # End of file found: ... AH01102: error reading status line from remote server ... # # Per [1]: # # This avoids the "proxy: error reading status line from remote # server" error message caused by the race condition that the backend # server closed the pooled connection after the connection check by the # proxy and before data sent by the proxy reached the backend. # # [1] https://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html SetEnv proxy-initial-not-pooled 1 # Per site caching reverse proxy rules # Only cache specific backends, rely on afs cache otherwise. # buildlogs.centos.org (302 redirects to buildlogs.cdn.centos.org) CacheEnable disk "/buildlogs.centos" ProxyPass "/buildlogs.centos/" "https://buildlogs.centos.org/" ttl=120 disablereuse=On ProxyPassReverse "/buildlogs.centos/" "https://buildlogs.centos.org/" # buildlogs.cdn.centos.org CacheEnable disk "/buildlogs.cdn.centos" ProxyPass "/buildlogs.cdn.centos/" "https://buildlogs.cdn.centos.org/" ttl=120 disablereuse=On ProxyPassReverse "/buildlogs.cdn.centos/" "https://buildlogs.cdn.centos.org/" # rdo CacheEnable disk "/rdo" ProxyPass "/rdo/" "https://trunk.rdoproject.org/" ttl=120 keepalive=On ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/" # tarballs CacheEnable disk "/tarballs" ProxyPass "/tarballs/" "https://tarballs.openstack.org/" ttl=120 keepalive=On ProxyPassReverse "/tarballs/" "https://tarballs.openstack.org/" # pypi CacheEnable disk "/pypi" ProxyPass "/pypi/" "http://mirror.dfw.rax.openstack.org/pypi/" ttl=120 keepalive=On ProxyPassReverse "/pypi/" "http://mirror.dfw.rax.openstack.org/pypi/" # images.linuxcontainers.org CacheEnable disk "/images.linuxcontainers" ProxyPass "/images.linuxcontainers/" "http://us.images.linuxcontainers.org/" ttl=120 keepalive=On ProxyPassReverse "/images.linuxcontainers/" "http://us.images.linuxcontainers.org/" # registry.npmjs.org CacheEnable disk "/registry.npmjs" ProxyPass "/registry.npmjs/" "https://registry.npmjs.org/" ttl=120 keepalive=On ProxyPassReverse "/registry.npmjs/" "https://registry.npmjs.org/" # api.rubygems.org CacheEnable disk "/api.rubygems" ProxyPass "/api.rubygems/" "https://api.rubygems.org/" ttl=120 keepalive=On ProxyPassReverse "/api.rubygems/" "https://api.rubygems.org/" # rubygems.org CacheEnable disk "/rubygems" ProxyPass "/rubygems/" "https://rubygems.org/" ttl=120 keepalive=On ProxyPassReverse "/rubygems/" "https://rubygems.org/" :8081> ServerName <%= @srvname %>:8081 <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%> <%= " ServerAlias #{name}:8081\n" %> <% end %> <% elsif @serveraliases != nil -%> <%= " ServerAlias #{@serveraliases}:8081" -%> <% end %> # Disable directory listing by default. Order Deny,Allow Deny from all Options None AllowOverride None ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_error.log LogLevel warn CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_access.log combined ServerSignature Off # Caching reverse proxy for things that don't make sense in AFS # # General cache rules CacheRoot "/var/cache/apache2/proxy" CacheDirLevels 5 CacheDirLength 2 # SSL support SSLProxyEngine on # Prevent thundering herds. CacheLock on CacheLockPath "/tmp/mod_cache-lock" CacheLockMaxAge 5 # 5GiB CacheMaxFileSize 5368709120 # Ignore expire headers as the urls use sha256 hashes. CacheIgnoreQueryString On CacheStoreExpired On # registry-1.docker.io CacheEnable disk "/registry-1.docker" ProxyPass "/registry-1.docker/" "https://registry-1.docker.io/" ttl=120 keepalive=On ProxyPassReverse "/registry-1.docker/" "https://registry-1.docker.io/" # dseasb33srnrn.cloudfront.net CacheEnable disk "/cloudfront" ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/" ttl=120 keepalive=On ProxyPassReverse "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"