On Thu, Jul 10, 2014 at 4:58 PM, Hannes Magnusson < hannes.magnus...@gmail.com> wrote:
> On Thu, Jul 10, 2014 at 5:09 AM, Ferenc Kovacs <tyr...@gmail.com> wrote: > > Hi, > > > > First of all, I would like to ask somebody from the systems lisk to > grant me > > sudo on the php-web2 box, I can ssh into the box with my key, but I can't > > sudo (my password doesn't work at all). > > fixed > thanks! > > > > > domain) and add a simple redirect to the apache vhost config, so > requests to > > www.php.net will be redirected to php.net > > Its not apache, you need to do it in the frontend nginx I guess. > yeah, doing it the earliest point is better. > > > > when we introduced the round robin mirror domains (us.php.net for > example) > > that caused that some mirrors were incorrectly flagged as unofficial, if > > $_SERVER['SERVER_NAME'] contained cc.php.net instead of ccX.php.net > (because > > that is how we store and identify our mirrors). > > One more thing to keep in mind, we may be introducing geodns with > roundrobin for php.net too very soon. > That means all mirrors need to update their ServerNames/aliases. > Yeah, it was mentioned before, but I'm not 100% sure about the implications. php.net will resolve to the addresses to the (nearest) country based on the visitor's ip. Which means that mirrors will have to add the php.net and www.php.net aliases to the list of ServerAliases and also do the www.php.net->php.net redirect themselves. Will we keep the invidual mirror subdomains(ccx.php.net), and the option for the users to select a prefered mirror? I think we should. Will we keep the cc.php.net subdomains? Currently we also have a loadcheck in the source, which redirects to a random mirror if the average load on the mirror is above a given threshold, and that redirect is only allowed on the primary site: http://git.php.net/?p=web/php.git;a=blob;f=include/loadavg.inc;h=6fa0dce3ec5bd682a5a1e7a86c2bcbe69e47e518;hb=HEAD#l16 I think that we should revisit that if we are going to allow the mirrors to be the "primary" sites. Another thing is the account request page, which currently we always redirect to the www.php.net domain: http://git.php.net/?p=web/php.git;a=blob;f=git-php.php;h=9a73afa9901470596ab7a620a2f1b86b9df26569;hb=HEAD#l7 It is already a bad thing that we post the password through an insecure channel, but now we start allowing the mirrors to accept those passwords themselves (a rouge mirror could have done that already, but now everyone would do it). What do you think about these concerns? Maybe this should be discussed in a separate thread though. -- Ferenc Kovács @Tyr43l - http://tyrael.hu
