On Tue, 2007-02-13 at 15:36 -0600, Matt Domsch wrote: > On Tue, Feb 13, 2007 at 11:29:35AM -0600, Mike McGrath wrote: > > I'm going to buy some certs. > > > > admin.fedoraproject.org > > fedoraproject.org > > hosted.fedoraproject.org > > cvs.fedoraproject.org > > > > Can anyone else think of any we need? I'm debating > > cvs.fedoraproject.org because in a few months that might not make sense. > > mirrormanager.fedoraproject.org will soonish. > > Anything stand-alone that authenticates to the FAS will so we aren't passing those > passwords across the web plaintext. Toshio wondered if we would be > running all those apps off of admin.fp.o as subdirectories > (e.g. admin.fp.o/mirrormanager) so we could avoid the need for more > DNS names and more certs. Doesn't matter to me for mirrormanager > alone, but chances are we will outgrow one machine for all the tools > that may want to authenticate to the FAS. We can ProxyPass out to other machines if we need the resources (The pkgdb is accessible from admin.fedoraproject.org/pkgdb but it resides on the internal test3.fedora.phx.redhat.com xen guest.) Although it might be better to simply use the load balancers to spread the requests for the apps to several servers. (The dynamic information is all kept in a networked database, after all.) -Toshio
Attachment:
signature.asc
Description: This is a digitally signed message part
