Re: FBR: Fix paste and lists flapping redirects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Plus one

On Apr 1, 2017 17:49, "Patrick Uiterwijk" <puiterwijk@xxxxxxxxxx> wrote:
Hi all,

After some debugging, I just found the reason for the issue where
paste sometimes displayed mailman et vica versa.

Here my explanation on IRC:
puiterwijk | So... It turns out that when Varnish computes the hash of
a request to see if the "primary" request HTTP headers. These being
host, path, method and then take into account anything that's
mentioned in the Vary header.
puiterwijk | It explicitly does *not* take into consideration any
"random" HTTP headers.
puiterwijk | And here comes the fun part: in our setup, the "host"
header is always localhost because we don't set apache's
PreseveHostHeader for *most* sites (I'll come back to this in a
minute).
puiterwijk | Instead, we send the hostname via X-Forwarded-Host, and
we pick the backend based on that...
puiterwijk | But since the Host header that Varnish sees is the same
between paste and lists requests, it's actually hashing them to the
same request object, returning each others responses
puiterwijk | The reason this has not impacted any other sites, is
because we actually don't depend on just the X-Forwarded-Host header
for those requests, but instead use req.url: one of the fields taken
into account in the request hash
puiterwijk | So, a very simple fix would be to just set
PreserveHostHeader in the Apache config (for lists and paste, but
maybe for all?). That'd make the host header actually get into the
request object hash
puiterwijk | Current Status:
puiterwijk |   OK
puiterwijk | Nagios agrees with me that this fixes the problem


Can I get +1s for the fix:

diff --git a/playbooks/include/proxies-reverseproxy.yml
b/playbooks/include/proxies-reverseproxy.yml
index ac65440..e5720c9 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -70,6 +70,7 @@
     localpath: /
     remotepath: /
     header_scheme: true
+    keephost: true
     proxyurl: "{{ varnish_url }}"

   - role: httpd/reverseproxy
@@ -78,6 +79,7 @@
     localpath: /
     remotepath: /
     header_scheme: true
+    keephost: true
     proxyurl: "{{ varnish_url }}"

   # The place for the raw originals
@@ -150,6 +152,7 @@
   - role: httpd/reverseproxy
     website: paste.fedoraproject.org
     destname: modernpaste
+    keephost: true
     proxyurl: "{{ varnish_url }}"

   - role: httpd/reverseproxy


Regards,
Patrick
_______________________________________________
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux