Re: Freeze break request: Fixing varnish purge requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


It looks extremely easy to back out and looks correct. +1

On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
Hi,

This should fix tickets like https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening,
since wiki can (and will) send a PURGE request whenever someone updates a page.
I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and their VPN IPs.

Any +1s?


commit 621c373b1714f76b933b5b41253941586ea9136d
Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date:   Wed Mar 4 21:31:18 2015 +0000

    Fix varnish PURGE requests

    These are used by the wiki to purge updated pages

    Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>

diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 549d0a1..14e8846 100644
--- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -124,33 +124,23 @@ backend mirrormanager2 {
 }


-#acl purge {
-#    "192.168.1.3";
-#    "192.168.1.4";
-#    "192.168.1.5";
-#    "192.168.1.6";
-#    "192.168.1.13";
-#    "192.168.1.24";
-#    "192.168.1.23";
-#    "192.168.1.41";
-#    "10.5.126.31";
-#    "10.5.126.32";
-#    "10.5.126.33";
-#    "10.5.126.34";
-#    "10.5.126.37";
-#    "10.5.126.38";
-#}
+acl purge {
+    "10.5.126.60"; // wiki01.stg
+    "10.5.126.63"; // wiki01
+    "10.5.126.73"; // wiki02
+    "10.5.126.23"; // lockbox01
+    "192.168.1.129"; // wiki01.vpn
+    "192.168.1.130"; // wiki02.vpn
+    "192.168.1.58"; //lockbox01.vpn
+}

 sub vcl_recv {
-#    if (req.request == "PURGE") {
-#        if (!client.ip ~ purge) {
-#            error 405 "Not allowed.";
-#        }
-#        if (req.url ~ "^http://") {
-#            set req.url = "" "http://localhost:6081","");
-#        }
-#        purge_url(req.url);
-#    }
+    if (req.method == "PURGE") {
+        if (!client.ip ~ purge) {
+            return (synth(405, "Not allowed"));
+        }
+        return(purge);
+    }

     if (req.url ~ "^/wiki/") {
         set req.backend_hint = wiki;
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure



--
Stephen J Smoogen.

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux