Right now there's a issue in the docs pipeline where it's not handling
the main branch right, add this temp redirect to work around that until
it's fixed properly in docs.
See https://pagure.io/fedora-infrastructure/issue/10243
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The old packages app (which was before that the old community app) lived
on https://apps.fedoraproject.org/packages/ It hasn't been active there
since the datacenter move last year (we retired it). A new openshift app
has been created that lives on https://packages.fedoraproject.org now.
We want to redirect the old path to the new one and remove the old
reverseproxy to nowhere.
Fixes infra ticket #10212
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The cert here is gotten from centos.org folks and checked into private.
At some point we will get a longer term cert here so there's less manual
churn. Otherwise we just make a new mirrors.stg.centos.org and proxy it
to mirrorlists just like mirrors.stg.fedoraproject.org.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Matrix can use some well-known uri's for configuration (rfc 8615).
This commit:
* Sets up fedora.im as a seperate side on proxies that redirects to
getfedora.org and serves a server and client static matrix file.
* gets fedora.im it's own ssl cert via letsencrypt so it's all valid
(currently it points to proxies generically and gets the
fedoraproject.org cert)
* Adds config to serve matrix client/server well-known static files for
fedoraproject.org site.
Note that all the acutal contents of these files are empty for now, but
once our matrix server is up we can fill them in properly and re-run the
playbook. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Apache httpd by default blocks URL-encoded / (%2F) characters in the
URL path, even though these are RFC-compliant. Enable them and permit
their safe passage to the debuginfod servers.
See also https://stackoverflow.com/a/9933890/661150
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files
Signed-off-by: David Kirwan <dkirwan@redhat.com>
We first add a website to proxies-websites, then information to
proxies-reverseproxy about the load-balancer/site, then finally vars
about which hosts are in which blanacer.
We still need to get ssl certs issued, which we can do via dns challenge
and certbot.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This should make sure that Ipsilon is aware it's reached over HTTPS from
external, and should make it use HTTPS for redirects
Related: https://pagure.io/fedora-infrastructure/issue/9943
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Our ansible default ansible scripts don't like multiple /suburls being
individually proxied, so we ended up losing /buildid/* and keeping
/metrics.
Switch to using single /-level reverse-proxying AND wiki-redirection
clauses, and use a new template .conf file to break the tie with a
"ProxyPass / !" directive.
Codify a few debuginfod process parameters that appear to be working well.
Adjust incoming proxies to redirect the "/" URL to a wiki page, as
requested by FESCO.
