Hello BryanDavis,
I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/323373
to review the following change.
Change subject: Tools: Remove temporary class role::toollabs::merlbot_proxy
......................................................................
Tools: Remove temporary class role::toollabs::merlbot_proxy
The class role::toollabs::merlbot_proxy was intended as a temporary
band-aid to allow MerlBot to continue to run despite connecting to
Wikipedia by plain http. This did not work without access to
MerlBot's source code, and when MerlBot's source code is available, it
should be properly amended to connect to Wikipedia by https, so this
change removes the now obsolete class.
Change-Id: I99efe3b50e0751797053d07c68ed3163bfd5f05a
---
D modules/role/manifests/toollabs/merlbot_proxy.pp
D modules/role/templates/toollabs/merlbot_proxy/nginx.conf.erb
2 files changed, 0 insertions(+), 58 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/73/323373/1
diff --git a/modules/role/manifests/toollabs/merlbot_proxy.pp
b/modules/role/manifests/toollabs/merlbot_proxy.pp
deleted file mode 100644
index ef34326..0000000
--- a/modules/role/manifests/toollabs/merlbot_proxy.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-# Class: role::toollabs::merlbot_proxy
-#
-# Provision an nginx server acting as an HTTP -> HTTPS reverse proxy.
-#
-class role::toollabs::merlbot_proxy() {
- class { '::nginx':
- variant => 'light',
- }
- nginx::site { 'merlbot_proxy':
- content => template('role/toollabs/merlbot_proxy/nginx.conf.erb'),
- }
-}
diff --git a/modules/role/templates/toollabs/merlbot_proxy/nginx.conf.erb
b/modules/role/templates/toollabs/merlbot_proxy/nginx.conf.erb
deleted file mode 100644
index dba415c..0000000
--- a/modules/role/templates/toollabs/merlbot_proxy/nginx.conf.erb
+++ /dev/null
@@ -1,46 +0,0 @@
-# This file is managed by Puppet
-# See modules/role/templates/toollabs/merlbot_proxy/nginx.conf.erb
-##
-# HTTP to HTTPS reverse proxy for MerlBot
-#
-# Copyright (c) 2016 Bryan Davis and the Wikimedia Foundation
-# License: Apache-2.0
-##
-
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name _;
-
- location / {
- # Access control
- # We only want to allow requests from internal Labs hosts.
- # Ideally we would only allow Tool Labs exec nodes, but there
- # is no easy way to find those by IP.
- allow 10.68.16.0/21; # All of Labs
- allow 127.0.0.1;
- deny all;
-
- # Only allow if User-Agent contains "MerlBot"
- if ($http_user_agent !~ (MerlBot)) {
- return 403;
- }
-
- # Use these DNS servers to resolve proxied names
- resolver <%= scope['::nameservers'].join(' ') %>;
-
- # Act as a non-caching reverse proxy
- proxy_http_version 1.1;
- proxy_cache_bypass "1";
- proxy_no_cache "1";
- proxy_read_timeout 600s;
- proxy_redirect off;
-
- # Change the protocol to https when contacting upstream
- proxy_pass https://$host$uri;
-
- # Add a header just to remind folks that this is proxied
- add_header Labs-TLS-Bandaid "on";
- }
-}
-# vim:sw=4:ts=4:sts=4:et:ft=nginx:
--
To view, visit https://gerrit.wikimedia.org/r/323373
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I99efe3b50e0751797053d07c68ed3163bfd5f05a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
