diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 8f81c83fea..023f8952a2 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -5,12 +5,6 @@ num_cpus: 4 tcp_ports: [ 9418 ] -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 443 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT' ] - # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. fedmsg_active: True diff --git a/inventory/group_vars/pkgs-stg b/inventory/group_vars/pkgs-stg index 0172ca45ac..708d8b4406 100644 --- a/inventory/group_vars/pkgs-stg +++ b/inventory/group_vars/pkgs-stg @@ -4,12 +4,6 @@ mem_size: 4096 num_cpus: 4 tcp_ports: [ 9418 ] -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.0.0.0/8 --dport 443 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT' ] - # Definining these vars has a number of effects # 1) mod_wsgi is configured to use the vars for its own setup # 2) iptables opens enough ports for all threads for fedmsg diff --git a/roles/distgit/templates/lookaside-upload.conf b/roles/distgit/templates/lookaside-upload.conf index eab5f169f1..ec9afabc35 100644 --- a/roles/distgit/templates/lookaside-upload.conf +++ b/roles/distgit/templates/lookaside-upload.conf @@ -14,8 +14,9 @@ SSLCryptoDevice builtin ServerName pkgs{{ env_suffix }}.fedoraproject.org - #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" - # This is temporary for fixing Kojid because of firewall rules + RewriteCond expr "! -R '192.168.0.0/16'" + RewriteCond expr "! -R '10.0.0.0/8'" + RewriteRule ^(.*)$ https://src.fedoraproject.org/$1 [L,R] Alias /repo/ /srv/cache/lookaside/ RewriteEngine on