From c263fa74c5a56ebecbaf53dc13035c417804145b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 24 Aug 2020 07:58:31 -0700 Subject: [PATCH] proxies / registry: document redirect to cdn and add build* for flatpak This rewrite section is confusing, so document it more and add a rule to make builders go direct to the regesty instead of using the cdn, this should hopefully fix flatpak building. Signed-off-by: Kevin Fenzi --- .../reversepassproxy.registry-generic.conf | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf index d6aca6ea46..74aa2066ef 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.registry-generic.conf @@ -5,11 +5,21 @@ ProxyPreserveHost On {% if env == "production" %} -RewriteCond %{HTTP:VIA} !cdn77 +# +# These conditions are ANDed together and negated, and are the list of things we +# do NOT want to use the cdn. ie, the things not going to the cdn will not match +# here and fall through to the regular registry. Everything else will go to the cdn +# +# We don't want the cdn itself to go to the cdn, it needs to get content from origin RewriteCond %{HTTP:VIA} !cloudfront -RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject.org$ +# We have a 'registry-no-cdn' host that we don't want to use the cdn +RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject\.org$ +# We don't want some methods to go to the cdn so we can update it RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$ +# osbs hosts shouldn't use the cdn RewriteCond %{REMOTE_HOST} !^osbs-*$ +# builders shouldn't use the cdn for flatpak building. +RewriteCond %{REMOTE_HOST} !^build*\.iad2\.fedoraproject\.org$ RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R] {% endif %}