diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 54f2ffd111..d642a343ac 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -550,6 +550,13 @@ website: registry.fedoraproject.org destname: registry proxyurl: http://localhost:10048 + when: env == "production" + + - role: httpd/reverseproxy + website: registry.fedoraproject.org + destname: registry + proxyurl: "{{ varnish_url }}" + when: env == "staging" - role: httpd/reverseproxy website: candidate-registry.fedoraproject.org diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf index f98e5eaae2..ed1e685589 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry.conf @@ -3,6 +3,10 @@ RequestHeader set X-Scheme https early RequestHeader set X-Forwarded-Proto https early ProxyPreserveHost On +{% if env == "staging" %} +RewriteRule ^/v2/([a-zA-Z]*)/blobs/([a-zA-Z]*) https://ourregistry/v2/$1/blobs/$2 [R] +{% endif %} + ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} diff --git a/roles/varnish/templates/proxy.vcl.j2 b/roles/varnish/templates/proxy.vcl.j2 index 81eac70a2b..563383c337 100644 --- a/roles/varnish/templates/proxy.vcl.j2 +++ b/roles/varnish/templates/proxy.vcl.j2 @@ -140,6 +140,11 @@ backend koschei { .port = "10040"; } +backend registry { + .host = "localhost"; + .port = "10048"; +} + acl purge { "192.168.1.129"; // wiki01.vpn @@ -186,6 +191,9 @@ sub vcl_recv { return(purge); } + if (req.http.X-Forwarded-Server ~ "^registry.fedoraproject.org" || req.http.X-Forwarded-Server ~ "^registry.stg.fedoraproject.org") { + set req.backend_hint = registry; + } if (req.url ~ "^/wiki/") { set req.backend_hint = wiki; }