Paul Belanger 836cddb2f2 Add registry-1.docker.io to reverse proxy cache
To use the mirror, you'd create a /etc/docker/daemon.json file:

{
  "registry-mirrors": [
    "http://mirror.dfw.rax.openstack.org:8081/registry-1.docker/"
  ]
}

Obviously using your regional mirror.

We also use port 8081 because we need to ignore Expires headers, and
don't want to affect the rdo proxy.

Change-Id: Iba9a7580a11cdecb6a43a4fef703be2ca62d0539
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-06 15:34:37 -04:00

177 lines
5.9 KiB
Plaintext

# ************************************
# Managed by Puppet
# ************************************
NameVirtualHost <%= @vhost_name %>:<%= @port %>
# Dedicated port for proxy caching, as not to affect afs mirrors.
Listen 8080
NameVirtualHost <%= @vhost_name %>:8080
Listen 8081
NameVirtualHost <%= @vhost_name %>:8081
<VirtualHost <%= @vhost_name %>:<%= @port %>>
ServerName <%= @srvname %>
<% if @serveraliases.is_a? Array -%>
<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
<% elsif @serveraliases != nil -%>
<%= " ServerAlias #{@serveraliases}" -%>
<% end -%>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options <%= @options %>
AllowOverride None
Order allow,deny
allow from all
Satisfy any
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
RewriteEngine On
# Pypi's bandersnatch URL's are:
# /pypi/simple/index.html
# /pypi/simple/a/a/(index.html)?
# /pypi/simple/a/a/a-etc.whl
# /pypi/simple/a/abcd/(index.html)?
# /pypi/simple/a/abcd/abcd-etc.whl
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
# Wheel URL's are:
# /wheel/{distro}-{distro-version}/a/a/a-etc.whl
# /wheel/{distro}-{distro-version}/a/abcd/abcd-etc.whl
# /wheel/{distro}-{distro-version}/a/abcde/abcde-etc.whl
RewriteCond %{REQUEST_URI} ^/wheel/([^/]+)/([^/])([^/]*)
RewriteCond %{DOCUMENT_ROOT}/wheel/$1/$2/$2$3 -d
RewriteRule ^/wheel/([^/]+)/([^/])([^/]*)(/.*)?$ /wheel/$1/$2/$2$3$4 [L]
# npm's URL's are:
# /npm/-/index.json
# /npm/a/aabc/index.json
# /npm/a/aabc/latest/index.json
# /npm/a/aabc/-/aabc-0.0.0.tgz
RewriteCond %{REQUEST_URI} ^/npm/([^/])([^/]*)
RewriteCond %{DOCUMENT_ROOT}/npm/$1/$1$2 -d
RewriteRule ^/npm/([^/])([^/]*)(/.*)?$ /npm/$1/$1$2$3 [L]
# TODO(jhesketh): Remove this after bandersnatch implements pep503
# https://bitbucket.org/pypa/bandersnatch/pull-requests/20/fully-implement-pep-503-normalization/diff
# Special cases for openstack.nose_plugin & backports.*
RewriteRule ^(.*)/openstack-nose-plugin(.*)$ $1/openstack.nose_plugin$2
RewriteRule ^(.*)/backports-(.*)$ $1/backports.$2
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
# Try again but replacing -'s with .'s
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-d
RewriteRule (.*)-(.*) $1.$2 [N]
RewriteCond %{REQUEST_URI} ^/pypi/simple/([^/])([^/]*)
RewriteCond %{DOCUMENT_ROOT}/pypi/simple/$1/$1$2 -d
RewriteRule ^/pypi/simple/([^/])([^/]*)(/.*)?$ /pypi/simple/$1/$1$2$3 [L]
<DirectoryMatch "<%= @docroot %>\/npm\/[^/]+\/.*">
DirectoryIndex index.json
AddOutputFilterByType SUBSTITUTE application/json
Substitute "s|http://localhost|http://<%= @srvname %>/npm|ni"
</DirectoryMatch>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost <%= @vhost_name %>:8080>
ServerName <%= @srvname %>:8080
# Disable directory listing by default.
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_access.log combined
ServerSignature Off
# Caching reverse proxy for things that don't make sense in AFS
#
# General cache rules
CacheRoot "/opt/apache_cache"
CacheDirLevels 5
CacheDirLength 3
# SSL support
SSLProxyEngine on
# Prevent thundering herds.
CacheLock on
CacheLockPath "/tmp/mod_cache-lock"
CacheLockMaxAge 5
# 100MB
CacheMaxFileSize 104857600
# Per site caching reverse proxy rules
# Only cache specific backends, rely on afs cache otherwise.
CacheEnable disk "/rdo"
ProxyPass "/rdo/" "https://trunk.rdoproject.org/"
ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/"
</VirtualHost>
<VirtualHost <%= @vhost_name %>:8081>
ServerName <%= @srvname %>:8081
# Disable directory listing by default.
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_access.log combined
ServerSignature Off
# Caching reverse proxy for things that don't make sense in AFS
#
# General cache rules
CacheRoot "/opt/apache_cache"
CacheDirLevels 5
CacheDirLength 3
# SSL support
SSLProxyEngine on
# Prevent thundering herds.
CacheLock on
CacheLockPath "/tmp/mod_cache-lock"
CacheLockMaxAge 5
# 100MB
CacheMaxFileSize 104857600
# Ignore expire headers as the urls use sha256 hashes.
CacheIgnoreQueryString On
CacheStoreExpired On
# registry-1.docker.io
CacheEnable disk "/registry-1.docker"
ProxyPass "/registry-1.docker/" "https://registry-1.docker.io/"
ProxyPassReverse "/registry-1.docker/" "https://registry-1.docker.io/"
# dseasb33srnrn.cloudfront.net
CacheEnable disk "/cloudfront"
ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
ProxyPassReverse "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
</VirtualHost>