proxies: just stop exposing 8080 on proxies

This is pretty harmless. It's the haproxy stats page, but we get questions about it and people don't like that it's there. There's also no reason to keep it open as we normally access this via a proxy. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-01-24 14:32:28 -08:00 · 2024-01-24 14:32:28 -08:00 · 5c50f89d73
commit 5c50f89d73
parent 7b71471851
2 changed files with 0 additions and 12 deletions
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@ -72,12 +72,6 @@ tcp_ports: [
  6443,
  # This is for RabbitMQ internal-public access
  15671,
-  # This is for the haproxy HTML stats page
-  # TODO -- there's no need for this to be wide open to the world.  With this
-  # in place, you can visit https://apps.fedoraproject.org:8080 and get the
-  # haproxy stats page.  We should close this and just have admins go through
-  # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1
-  8080,
  # This is for TOTP
  8443,
  # For fedmsg websocket server over stunnel
--- a/inventory/group_vars/proxies_stg
+++ b/inventory/group_vars/proxies_stg
@ -61,12 +61,6 @@ tcp_ports: [
  6443,
  # This is for RabbitMQ internal-public access
  15671,
-  # This is for the haproxy HTML stats page
-  # TODO -- there's no need for this to be wide open to the world.  With this
-  # in place, you can visit https://apps.fedoraproject.org:8080 and get the
-  # haproxy stats page.  We should close this and just have admins go through
-  # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1
-  8080,
  # This is for TOTP
  8443,
  # For fedmsg websocket server over stunnel