Skip to content
Snippets Groups Projects
Verified Commit f5475cae authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Enable HTTP/3 for the mirrors

pacman/curl does not utilize HTTP/3, but it makes sense to enable
regardless to ensure consistency.

We self-host the authoritative nameservers for the geo domains, so the
configuration has been tweaked to add the HTTPS DNS record for each geo
domain.

Ref #606
parent 4cd41490
No related branches found
No related tags found
1 merge request!872Enable HTTP/3 for the mirrors
......@@ -3,3 +3,5 @@ archweb_db_host: "{{ hostvars['archlinux.org']['wireguard_address'] }}"
# raise tcp window limits to 32MiB
tcp_rmem: "10240 87380 33554432"
tcp_wmem: "10240 87380 33554432"
nginx_enable_http3: true
......@@ -24,6 +24,17 @@ domains:
AAAA "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
{'{{ hosts | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
- lua:
ttl: 300
content: >
HTTPS "'1 . alpn=h2,h3 ipv4hint=' ..
ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
{'{{ hosts | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})[1] ..
' ipv6hint=' ..
ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
{'{{ hosts | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})[1]"
_acme-challenge.{{ domain }}:
- ns: {{ geo_acme_dns_challenge_ns }}
{% endfor %}
......@@ -119,6 +119,7 @@ locals {
server_type = "cx22"
domain = "mirror"
zone = hetznerdns_zone.pkgbuild.id
http3 = true
}
"monitoring.archlinux.org" = {
server_type = "cx32"
......@@ -281,6 +282,7 @@ locals {
rsync = {
ipv4_address = "168.119.141.106"
ipv6_address = "2a01:4f8:251:598::"
http3 = true
}
runner1 = {
ipv4_address = "138.199.19.15"
......@@ -355,38 +357,47 @@ locals {
"america.mirror" = {
ipv4_address = "143.244.34.62"
ipv6_address = "2a02:6ea0:cc0e::2"
http3 = true
}
"america.archive" = {
ipv4_address = "143.244.34.62"
ipv6_address = "2a02:6ea0:cc0e::2"
http3 = true
}
"asia.mirror" = {
ipv4_address = "84.17.57.98"
ipv6_address = "2a02:6ea0:d605::2"
http3 = true
}
"asia.archive" = {
ipv4_address = "84.17.57.98"
ipv6_address = "2a02:6ea0:d605::2"
http3 = true
}
"europe.mirror" = {
ipv4_address = "89.187.191.12"
ipv6_address = "2a02:6ea0:c237::2"
http3 = true
}
"europe.archive" = {
ipv4_address = "89.187.191.12"
ipv6_address = "2a02:6ea0:c237::2"
http3 = true
}
"london.mirror" = {
ipv4_address = "185.73.44.89"
ipv6_address = "2001:ba8:0:4030::2"
http3 = true
}
"seoul.mirror" = {
ipv4_address = "145.40.87.75"
ipv6_address = "2604:1380:11:2600::1"
http3 = true
}
"sydney.mirror" = {
ipv4_address = "147.75.48.159"
ipv6_address = "2604:1380:40f1:6a00::1"
http3 = true
}
repro2 = {
ipv4_address = "212.102.38.209"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment