Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/258439
Change subject: varnish: allow etherpad to use websockets
......................................................................
varnish: allow etherpad to use websockets
etherpad is a software that allegedly benefits greatly from using
websockets. Allow use of it via the 2-layer misc varnish clusters via
the pipe mechanism. When detecting the Upgrade header, having already
detected the etherpad host header, and the Upgrade header contains the
word websocket, use pipe.
There are caveats with this approach:
* Using pipe with websockets creates a persistent connection from the
client to the frontend varnishes, one from the frontend varnishes to
the backend varnishes and one from the backend varnishes to etherpad
itself. That may cause some resource exhaustion in some cases
* XFF is not set on any subsequent request to the first one. That might
break our XFF processing
NOTE: This is right now an effort to fully understand/guess the
repercusions of this change. Mostly up for comments. I am surely missing
something in the caveats that could potentionally break everything
Change-Id: Ib9a09675626074b4552660f786e3367138efae40
---
M templates/varnish/misc-backend.inc.vcl.erb
M templates/varnish/misc-frontend.inc.vcl.erb
2 files changed, 25 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/39/258439/1
diff --git a/templates/varnish/misc-backend.inc.vcl.erb
b/templates/varnish/misc-backend.inc.vcl.erb
index 2b8b92a..b313076 100644
--- a/templates/varnish/misc-backend.inc.vcl.erb
+++ b/templates/varnish/misc-backend.inc.vcl.erb
@@ -59,6 +59,11 @@
set req.backend = planet1001;
} elsif (req.http.Host == "etherpad.wikimedia.org") {
set req.backend = etherpad1001;
+ // Allow etherpad to use websockets. To achieve this, look into the
Upgrade header
+ // and use pipe should it be contain the websocket string (case
insensitive)
+ if (req.http.Upgrade ~ "(?i)websocket") {
+ return(pipe);
+ }
} else {
error 404 "Domain not served here";
}
@@ -69,6 +74,12 @@
return (lookup);
}
+sub vcl_pipe {
+ if (req.http.Upgrade) {
+ set bereq.http.Upgrade = req.http.Upgrade;
+ }
+}
+
sub vcl_error {
call errorpage;
return (deliver);
diff --git a/templates/varnish/misc-frontend.inc.vcl.erb
b/templates/varnish/misc-frontend.inc.vcl.erb
index b59da37..3a9d99c 100644
--- a/templates/varnish/misc-frontend.inc.vcl.erb
+++ b/templates/varnish/misc-frontend.inc.vcl.erb
@@ -28,11 +28,25 @@
}
}
+ // Allow etherpad to use websockets. To achieve this, look into the
Upgrade header
+ // and use pipe should it be contain the websocket string (case
insensitive)
+ if (req.http.Host == "etherpad.wikimedia.org") {
+ if (req.http.Upgrade ~ "(?i)websocket") {
+ return(pipe);
+ }
+ }
+
call misc_recv_pass;
return (lookup);
}
+sub vcl_pipe {
+ if (req.http.Upgrade) {
+ set bereq.http.Upgrade = req.http.Upgrade;
+ }
+}
+
sub vcl_error {
// If status is 755, then we are forcing a redirect to https.
if (obj.status == 755) {
--
To view, visit https://gerrit.wikimedia.org/r/258439
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib9a09675626074b4552660f786e3367138efae40
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
