- Set "proxy_cache_lock on" to avoid sending more than one auth request
  to archweb when a cache entry doesn't exist for the credentials.
- Set "proxy_cache_use_stale updating" to prevent nginx sending multiple
  auth requests to archweb while the cache is being refreshed. [1]

[1] http://mailman.nginx.org/pipermail/nginx/2016-January/049734.html

Use $uri instead of $request_uri in proxy_cache_key to avoid caching
based on the original URI which is different for each pacman request.

The cache keys are now in the following format:

  httpsarchlinux.org/devel/mirrorauth/Basic <credentials>

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

[1] https://archlinux.org/news/move-of-official-irc-channels-to-liberachat/

This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.

Fixes: 316b8517 ("Add missing "create ssl cert" tasks")

Ex: in case the user has multiple smartcards.

Give more memory to the apps and less to postgres.

The certificate won't be valid, anyway. Synapse actually fails to send
if the server allows STARTTLS but presents an invalid certificate.

The latter can cause duplicate Content-Type headers. Thanks to strcat
for notifying me of the issue.

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Closes: #332

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Limit man.archlinux.org to reduce the impact of one potential abuser on
the availability. This returns too many request when running oha with 10
connections. This does not fully negate the issue, later the abuser
should be automatically fail2ban'd.

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

--output-delimiter="" apparently means use the NUL character[1].

[1] https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=0e46753d7c9519d7378cd3a4e0951a36ac32ffe7

The repository has been migrated to Gitlab as cgit will be removed in
due time.

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Closes: #318

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Allow multiple suites to be selected as variables and respect those in
the percentage and status queries.

Also send the metrics to dashboards.archlinux.org.

Fix #323