Kevin Morris authored 2 years ago and Leonidas Spyropoulos committed 2 years ago

This commit brings in four new routes to nginx:
- /archives/metadata.git
- /archives/users.git
- /archives/pkgbases.git
- /archives/pkgnames.git

See https://gitlab.archlinux.org/archlinux/aurweb/-/blob/master/doc/git-archive.md



For now, we will be updating the repositories once every 10 minutes.

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
Co-signed by:  Kevin Morris <kevr@0cost.org>

The burst size of 300 reportedly allows ~150 git operations. This might
not always be sufficient when installing a lot of packages from the AUR.

Specify a higher burst size to cover most legit use cases, even if this
makes us more susceptible to abuse.

Some users scrape our git endpoint with quite some requests per second
(32) this is not something cgit/smartgit can handle and has caused the
AUR to go down once (http 502).

Jelle van der Waa authored 3 years ago and Jelle van der Waa committed 3 years ago

Make nginx serve static assets to offload gunicorn as for example
loading the home page is making 7 static requests out of 8 requests in
total. Set caching headers for now for 7 days, so browsers don't request
ideally this would be 30 days but let's keep it 7 days for now.

Kevin Morris authored 3 years ago and Kristian Klausen committed 3 years ago

Signed-off-by: Kevin Morris <kevr@0cost.org>

The latter can cause duplicate Content-Type headers. Thanks to strcat
for notifying me of the issue.

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Closes: #318

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

The TU-Bylaws page is now deployed as gitlab page, making all of this
unrequired, the permanent redirect can stay for a while but the wiki is
already updated.

Leonidas Spyropoulos authored 3 years ago and Jelle van der Waa committed 3 years ago

Stop uncontrolled requests before reach php backend

Closes: #276

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Closes: #278

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Kristian Klausen authored 3 years ago and Jelle van der Waa committed 3 years ago

A extra access_log entry was added with the following commands:
$ cd roles
$ grep -lr access_log | xargs -P 1 -n 1 sed -i '/access_log/ s/\(.*\)\( \)\(\(reduced\|main\);$\)/\1 \3\n\1.json json_\3/'

Added the uwsgi_modifier1 option to nginx as described on [0] and also
change the chmod option on the socket to allow nginx to connect to it.

[0] https://gist.github.com/janoliver/85b682227bd9fcb8942885e60208bd76

Added a smartgit_socket option to the defaults. Reworked the tasks package
installation to look cleaner and also separated the cgit and git package installations
so we can trigger uwsgi reloads on updates. Changed the tubylaws repo update variable
to trigger the bylaws changes only when the tubylaws repository change, not the aurweb
one. Added tasks to install the apcu configuration, cgit uwsgi ini file, cgit rc file and
smartgit uwsgi ini file. Trigger an uwsgi reload in case the cgit-aurweb or git packages
change. Also added a few missing options to the aurweb configuration file. Rework the nginx
configuration file to use the cgit and smartgit uwsgi services.

To make things consistent, rename the role to aurweb.

Jelle van der Waa authored 7 years ago and Giancarlo Razzolini committed 4 years ago

The ansible role for the Arch User Repository.

Thanks-to: Eli Schwartz <eschwartz@archlinux.org>