Mark Bergsma has submitted this change and it was merged.
Change subject: Don't use absolute URIs for purging
......................................................................
Don't use absolute URIs for purging
Change-Id: I50a76153055a262ec628fa437c0bf4922c0319d1
---
M manifests/role/cache.pp
M modules/varnish/manifests/htcppurger.pp
M modules/varnish/templates/vcl/wikimedia.vcl.erb
3 files changed, 8 insertions(+), 10 deletions(-)
Approvals:
Mark Bergsma: Looks good to me, approved
Faidon: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 153115b..333c7cb 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -563,7 +563,7 @@
'retry503' => 1,
'retry5xx' => 0,
'cache4xx' => "1m",
- 'purge_regex' =>
'^http://(?!upload\.wikimedia\.org)',
+ 'purge_host_regex' =>
'^(?!upload\.wikimedia\.org)',
'cluster_tier' => $cluster_tier,
'layer' => 'backend',
'ssl_proxies' => $wikimedia_networks,
@@ -602,7 +602,7 @@
'retry503' => 1,
'retry5xx' => 0,
'cache4xx' => "1m",
- 'purge_regex' =>
'^http://(?!upload\.wikimedia\.org)',
+ 'purge_host_regex' =>
'^(?!upload\.wikimedia\.org)',
'cluster_tier' => $cluster_tier,
'layer' => 'frontend',
'ssl_proxies' => $wikimedia_networks,
@@ -713,7 +713,7 @@
'default_backend' => $default_backend,
'retry5xx' => 0,
'cache4xx' => "1m",
- 'purge_regex' =>
'^http://upload\.wikimedia\.org/',
+ 'purge_host_regex' =>
'^upload\.wikimedia\.org$',
'cluster_tier' => $cluster_tier,
'layer' => 'backend',
'ssl_proxies' => $wikimedia_networks,
@@ -747,7 +747,7 @@
vcl_config => {
'retry5xx' => 0,
'cache4xx' => "1m",
- 'purge_regex' =>
'^http://upload\.wikimedia\.org/',
+ 'purge_host_regex' =>
'^upload\.wikimedia\.org$',
'cluster_tier' => $cluster_tier,
'layer' => 'frontend',
'ssl_proxies' => $wikimedia_networks,
@@ -962,7 +962,7 @@
'default_backend' => $default_backend,
'retry503' => 4,
'retry5xx' => 1,
- 'purge_regex' =>
'^http://(?!upload\.wikimedia\.org)',
+ 'purge_host_regex' =>
'^(?!upload\.wikimedia\.org)',
'cluster_tier' => $cluster_tier,
'layer' => 'backend',
'ssl_proxies' => $wikimedia_networks,
@@ -1004,7 +1004,7 @@
director_type => "chash",
vcl_config => {
'retry5xx' => 0,
- 'purge_regex' =>
'^http://(?!upload\.wikimedia\.org)',
+ 'purge_host_regex' =>
'^(?!upload\.wikimedia\.org)',
'cluster_tier' => $cluster_tier,
'layer' => 'frontend',
'ssl_proxies' => $wikimedia_networks,
diff --git a/modules/varnish/manifests/htcppurger.pp
b/modules/varnish/manifests/htcppurger.pp
index 9a348a8..f510579 100644
--- a/modules/varnish/manifests/htcppurger.pp
+++ b/modules/varnish/manifests/htcppurger.pp
@@ -11,8 +11,7 @@
mode => 0444,
require => Package["vhtcpd"], # if we go first, we get overwritten
# TODO: -r ^upload\\.wikimedia\\.org\$ (POSIX ERE, new param for
class, quoting/escaping will be tricky...)
- # TODO: remove -F when VCL updated to match (no hostname in PURGE URL)
- content => inline_template('DAEMON_OPTS="-F -m 239.128.0.112<%
varnish_instances.each do |inst| -%> -c <%= inst %><% end -%>"');
+ content => inline_template('DAEMON_OPTS="-m 239.128.0.112<%
varnish_instances.each do |inst| -%> -c <%= inst %><% end -%>"');
}
# Wikimedia used to provide vhtcpd under the name varnishhtcpd with an
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 64afa0e..ea8afef 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -179,8 +179,7 @@
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Denied.";
- } elsif (req.url ~ "<%= vcl_config.fetch("purge_regex",
"^http:") %>") {
- call rewrite_proxy_urls;
+ } elsif (req.http.Host ~ "<%=
vcl_config.fetch("purge_host_regex", ".*") %>") {
return (lookup);
} else {
error 204 "Domain not cached here.";
--
To view, visit https://gerrit.wikimedia.org/r/76895
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I50a76153055a262ec628fa437c0bf4922c0319d1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
Gerrit-Reviewer: Faidon <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
