BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/268892
Change subject: SPDY support toggle, off for cp1008 canary ...................................................................... SPDY support toggle, off for cp1008 canary Bug: T125979 Change-Id: Ieb8dd08349d655ad32bdb905374dff6634acddac --- M hieradata/hosts/cp1008.yaml M modules/tlsproxy/manifests/localssl.pp M modules/tlsproxy/templates/localssl.erb 3 files changed, 8 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/92/268892/1 diff --git a/hieradata/hosts/cp1008.yaml b/hieradata/hosts/cp1008.yaml index 0898300..83fc5db 100644 --- a/hieradata/hosts/cp1008.yaml +++ b/hieradata/hosts/cp1008.yaml @@ -1,3 +1,4 @@ debdeploy::grains: debdeploy-cp: value: canary +tlsproxy::localssl::do_spdy: false diff --git a/modules/tlsproxy/manifests/localssl.pp b/modules/tlsproxy/manifests/localssl.pp index 09b03fe..ed0c79b 100644 --- a/modules/tlsproxy/manifests/localssl.pp +++ b/modules/tlsproxy/manifests/localssl.pp @@ -27,6 +27,10 @@ # correct configuration directives in the site's nginx config file as well # as creates the OCSP data file itself and ensures a cron is running to # keep it up to date. +# +# [*do_spdy*] +# Boolean, default true. Enables SPDY/3.1 protocol support +# define tlsproxy::localssl( $certs, @@ -35,6 +39,7 @@ $default_server = false, $upstream_port = '80', $do_ocsp = false, + $do_spdy = true, $skip_private = false, ) { require tlsproxy::instance diff --git a/modules/tlsproxy/templates/localssl.erb b/modules/tlsproxy/templates/localssl.erb index ef39f6b..465522c 100644 --- a/modules/tlsproxy/templates/localssl.erb +++ b/modules/tlsproxy/templates/localssl.erb @@ -3,8 +3,8 @@ # SSL proxying server { - listen [::]:443 <%= @default_server ? "default_server deferred backlog=4096 reuseport ipv6only=on " : "" %>ssl spdy; - listen 443 <%= @default_server ? "default_server deferred backlog=4096 reuseport " : "" %>ssl spdy; + listen [::]:443 <%= @default_server ? "default_server deferred backlog=4096 reuseport ipv6only=on " : "" %>ssl <% if @do_spdy %>spdy<% end %>; + listen 443 <%= @default_server ? "default_server deferred backlog=4096 reuseport " : "" %>ssl <% if @do_spdy %>spdy<% end %>; ssl on; server_name <%= ([@server_name] + @server_aliases).join(" ") %>; -- To view, visit https://gerrit.wikimedia.org/r/268892 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ieb8dd08349d655ad32bdb905374dff6634acddac Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits