Use Fedora proxies as only proxy for Docker Registry

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-04-12 13:56:13 +00:00 · 2016-04-12 13:56:13 +00:00 · 97b00e90ab
commit 97b00e90ab
parent ea803c6b2c
4 changed files with 22 additions and 1 deletions
--- a/playbooks/include/proxies-fedora-web.yml
+++ b/playbooks/include/proxies-fedora-web.yml
@ -41,6 +41,8 @@
    website: arm.fedoraproject.org
  - role: fedora-web/budget
    website: budget.fedoraproject.org
+  - role: fedora-web/registry
+    website: registry.fedoraproject.org

  # Some other static content, not strictly part of "fedora-web" goes below here
  - role: fedora-docs/proxy
--- a/roles/fedora-web/registry/tasks/main.yml
+++ b/roles/fedora-web/registry/tasks/main.yml
@ -0,0 +1,8 @@
+- name: Copy over the Fedora Server CA cert
+  copy: src="{{koji_pki_dir}}/fedora-server-ca.cert" dest=/etc/httpd/pki/fedora-server-ca.cert
+        owner=root group=root mode=0644
+  notify:
+  - reload httpd
+  tags:
+  - fedora-web
+  - fedora-web/registry
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@ -304,7 +304,7 @@ listen osbs 0.0.0.0:10047
 {% if env == "staging" %}
 listen docker-registry 0.0.0.0:10048
    balance hdr(appserver)
-    server docker-registry01 docker-registry01:443 check inter 10s rise 1 fall 2 check ssl verify none
+    server docker-registry01 docker-registry01:5000 check inter 10s rise 1 fall 2
 {% endif %}

 {% if env == "staging" %}
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf
@ -0,0 +1,11 @@
+RequestHeader set X-Forwarded-Scheme https early
+RequestHeader set X-Scheme https early
+RequestHeader set X-Forwarded-Proto https early
+ProxyPreserveHost On
+
+ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
+ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
+
+SSLVerifyClient optional
+SSLVerifyDepth 1
+SSLCACertificateFile /etc/httpd/pki/fedora-server-ca.cert