Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

proxies / reverseproxy / openqa: make openqa on non iad2 proxies send a 421

Browse source 
Due to http/2 connection reuse bugs, sometimes firefox will decide to
'reuse' a connection to fedoraproject.org for openqa.fedoraproject.org
(since they both have the same tls cert), but openqa is only available
from the 2 iad2 proxies, not all of them. This results in a 503 timeout
and it just not loading. This should make those reused connections get a
421 from proxies and reconnect to the proper ips. (we hope)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-05-11 13:07:19 -07:00
parent 7d26c4cde9
commit 63adb316a7
1 changed files with 45 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

45
roles/httpd/reverseproxy/templates/reversepassproxy.openqa.conf Normal file
View file

@ -0,0 +1,45 @@
{% if balancer_name is defined %}
SSLProxyEngine On
<Proxy "balancer://{{balancer_name}}-websocket">
{% for member in balancer_members %}
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
{% if remotepath is defined and remotepath != "/" %}
BalancerMember "ws://{{ member }}{{ remotepath }}"
{% else %}
BalancerMember "ws://{{ member }}"
{% endif %}
{% else %}
{% if remotepath is defined and remotepath != "/" %}
BalancerMember "wss://{{ member }}{{ remotepath }}"
{% else %}
BalancerMember "wss://{{ member }}"
{% endif %}
{% endif %}
{% endfor %}
</Proxy>
RewriteEngine on
RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
RewriteCond %{HTTP:Connection} Upgrade [NC]
{% if remotepath is defined and remotepath != "/" %}
RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
{% endif %}
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
<Proxy "balancer://{{balancer_name}}">
{% for member in balancer_members %}
{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
BalancerMember "http://{{ member }}"
{% else %}
BalancerMember "https://{{ member }}"
{% endif %}
{% endfor %}
</Proxy>
{% if datacenter == 'iad2' %}
ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
{% else %}
Redirect 421 /
{% endif %}