Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/160823
Change subject: tendril.wm.org - move behind misc-web
......................................................................
tendril.wm.org - move behind misc-web
tendril is another vhost on neon.
neon is already a backend for misc-varnish
since I653e1b303d76f5e3 moved ishmael behind it
do the same for tendril, and change the Apache
config so that the SSL part is removed but http
redirects to https, and ensure mod_headers is loaded
for that to work
Change-Id: Ie8f65d76d0eb28237b9caafcc8d5ea9d84ef354a
---
M manifests/role/tendril.pp
M modules/tendril/manifests/init.pp
M modules/tendril/templates/apache/tendril.wikimedia.org.erb
M templates/varnish/misc.inc.vcl.erb
4 files changed, 8 insertions(+), 22 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/23/160823/1
diff --git a/manifests/role/tendril.pp b/manifests/role/tendril.pp
index 6a9ca8a..b79939b 100644
--- a/manifests/role/tendril.pp
+++ b/manifests/role/tendril.pp
@@ -5,9 +5,6 @@
system::role { 'role::tendril': description => 'tendril server' }
- install_certificate{ 'tendril.wikimedia.org': }
- $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
-
class { '::tendril':
site_name => 'tendril.wikimedia.org',
docroot => '/srv/tendril/web',
diff --git a/modules/tendril/manifests/init.pp
b/modules/tendril/manifests/init.pp
index 3c0de9c..0e75c10 100644
--- a/modules/tendril/manifests/init.pp
+++ b/modules/tendril/manifests/init.pp
@@ -19,5 +19,5 @@
content => template("tendril/apache/${site_name}.erb");
}
-
+ include ::apache::mod::headers
}
diff --git a/modules/tendril/templates/apache/tendril.wikimedia.org.erb
b/modules/tendril/templates/apache/tendril.wikimedia.org.erb
index c918cf1..e9add45 100644
--- a/modules/tendril/templates/apache/tendril.wikimedia.org.erb
+++ b/modules/tendril/templates/apache/tendril.wikimedia.org.erb
@@ -2,20 +2,18 @@
# !! this file is managed by puppet !!
NameVirtualHost *:80
-NameVirtualHost *:443
-<VirtualHost *:443>
+<VirtualHost *:80>
ServerName <%= @site_name %>
- SSLEngine On
- SSLCertificateFile /etc/ssl/private/tendril.wikimedia.org.pem
- SSLCertificateKeyFile /etc/ssl/private/tendril.wikimedia.org.key
- SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
- <%= @ssl_settings.join("\n") %>
DocumentRoot <%= @docroot %>
+
+ RewriteEngine on
+ RewriteCond %{HTTP:X-Forwarded-Proto} !https
+ RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
[R=301,E=ProtoRedirect]
+ Header always merge Vary X-Forwarded-Proto env=ProtoRedirect
<Directory "<%= @docroot %>">
Options FollowSymLinks
- SSLRequireSSL
Options ExecCGI
DirectoryIndex index.php
AllowOverride All
@@ -31,13 +29,4 @@
Require ldap-group <%= group %>
<% end -%>
</Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
- ServerName <%= @site_name %>
- DocumentRoot <%= @docroot %>
-
- RewriteEngine on
- RewriteCond %{SERVER_PORT} !^443$
- RewriteRule ^/(.*)$ https://<%= @site_name %>/$1 [L,R]
</VirtualHost>
diff --git a/templates/varnish/misc.inc.vcl.erb
b/templates/varnish/misc.inc.vcl.erb
index 41aacc8..6a91760 100644
--- a/templates/varnish/misc.inc.vcl.erb
+++ b/templates/varnish/misc.inc.vcl.erb
@@ -34,7 +34,7 @@
set req.backend = terbium;
/* no caching of public_html dirs */
return (pass);
- } elsif (req.http.Host == "ishmael.wikimedia.org") {
+ } elsif (req.http.Host == "ishmael.wikimedia.org" || req.http.Host ==
"tendril.wikimedia.org") {
set req.backend = neon;
} elsif (req.http.Host == "racktables.wikimedia.org") {
set req.backend = magnesium;
--
To view, visit https://gerrit.wikimedia.org/r/160823
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie8f65d76d0eb28237b9caafcc8d5ea9d84ef354a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
