This make it much easier to compare it to upstream's version:
diff -u standalone.xml.j2 /opt/keycloak/standalone/configuration/standalone.xml

Leonidas Spyropoulos authored 3 years ago and Kristian Klausen committed 3 years ago

Update standalone.xml configuration based on documentation

https://www.keycloak.org/docs/latest/upgrading/#_install_new_version



Closes: #347

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

The arch-iso project uses QEMU for building and it uses a lot of memory
(they have crashed runner2 twice), so let's see if we can avoid that by
capping Docker's memory.

We did the revert to help a small business, but they had some time to
fix their setup, so we can revert the revert.

This reverts commit a842fbe7.

- Set "proxy_cache_lock on" to avoid sending more than one auth request
  to archweb when a cache entry doesn't exist for the credentials.
- Set "proxy_cache_use_stale updating" to prevent nginx sending multiple
  auth requests to archweb while the cache is being refreshed. [1]

[1] http://mailman.nginx.org/pipermail/nginx/2016-January/049734.html

Use $uri instead of $request_uri in proxy_cache_key to avoid caching
based on the original URI which is different for each pacman request.

The cache keys are now in the following format:

  httpsarchlinux.org/devel/mirrorauth/Basic <credentials>

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

[1] https://archlinux.org/news/move-of-official-irc-channels-to-liberachat/

This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.

Fixes: 316b8517 ("Add missing "create ssl cert" tasks")

Ex: in case the user has multiple smartcards.

Give more memory to the apps and less to postgres.

The certificate won't be valid, anyway. Synapse actually fails to send
if the server allows STARTTLS but presents an invalid certificate.

The latter can cause duplicate Content-Type headers. Thanks to strcat
for notifying me of the issue.

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Closes: #332

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Limit man.archlinux.org to reduce the impact of one potential abuser on
the availability. This returns too many request when running oha with 10
connections. This does not fully negate the issue, later the abuser
should be automatically fail2ban'd.

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

--output-delimiter="" apparently means use the NUL character[1].

[1] https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=0e46753d7c9519d7378cd3a4e0951a36ac32ffe7

The repository has been migrated to Gitlab as cgit will be removed in
due time.