- Aug 11, 2024
-
-
Kristian Klausen authored
archwiki: Do page view caching[1] with nginx for improved performance Closes #315 See merge request archlinux/infrastructure!846
-
Kristian Klausen authored
This should not cause any issues as MediaWiki should purge stale content from the cache (by sending a PURGE request to the nginx-cache-purge service).
-
Kristian Klausen authored
We have used MediaWiki's file cache[2] until now, but recently the wiki has been hammered with requests from some stupid Chinese bots/crawlers. Caching at the web server level is faster as we avoid the PHP overhead and it seems to make a difference (performance wise), especially when the bots/crawlers are hitting us. This is usual done with Varnish[3], but I went with a simple Python service (30 LOC) for handling the PURGE requests as that is much simpler thn adding Varnish to our stack. [1] https://www.mediawiki.org/w/index.php?title=Manual:Performance_tuning&oldid=6670283#Page_view_caching [2] https://www.mediawiki.org/wiki/Manual:File_cache [3] https://www.mediawiki.org/wiki/Manual:Varnish_caching Fix #315
-
Kristian Klausen authored
This will be used for issue-bot[1][2]. [1] archlinux/signstar#20 (comment 201743) [2] https://gitlab.com/gitlab-org/distribution/issue-bot
-
- Aug 09, 2024
-
-
Leonidas Spyropoulos authored
-
- Aug 07, 2024
-
-
Evangelos Foutras authored
install_arch: skip UEFI partition on cloud servers See merge request archlinux/infrastructure!857
-
- Aug 06, 2024
-
-
Evangelos Foutras authored
The need for UEFI booting originates from dedicated server and it does not benefit cloud servers. It therefore makes sense to skip it on them.
-
Christian Heusel authored
The module postgresql_privs deprected the "password" parameter in favour of the "login_password" parameter, therefore replace accordingly. https://github.com/ansible-collections/community.postgresql/blob/main/CHANGELOG.rst#id19 Fixes archlinux/infrastructure#603 Signed-off-by: Christian Heusel <christian@heusel.eu>
-
- Aug 05, 2024
-
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
- Aug 04, 2024
-
-
Evangelos Foutras authored
"The user profile feature is now enabled by default." [1] [1] https://www.keycloak.org/docs/24.0.2/upgrading/#user-profile-changes
- Aug 03, 2024
-
-
Sven-Hendrik Haase authored
-
Sven-Hendrik Haase authored
This will be our backend for a Grafana-based APM. It is sorely required for gaining insights into why application such as aurweb are slow. We currently only enable the OTLP receiver as it seems to be the most modern and best supported one. We connect directly to the prometheus at localhost for the generated metrics. We're also using just storing traces locally in files instead of something like S3.
-
Evangelos Foutras authored
sudo 1.9.15.p5-2 enables secure_path by default.
-
Leonidas Spyropoulos authored
aurweb: release v6.2.12 See merge request archlinux/infrastructure!856
-
Christian Heusel authored
Signed-off-by: Christian Heusel <christian@heusel.eu>
-
- Aug 02, 2024
-
-
Christian Heusel authored
-
Christian Heusel authored
This should i.e. forbid crawlers to index all of the git diffs which put's unneccessary load on the server and is not really of benefit to be indexed anyways. Link: #610 Reviewed-by: Sven-Hendrik Haase <svenstaro@gmail.com> Reviewed-by: Levente Polyak <anthraxx@archlinux.org> Signed-off-by: Christian Heusel <christian@heusel.eu>
-
- Jul 31, 2024
-
-
Kristian Klausen authored
archwiki: Add simple challenge for Chinese IP addresses See merge request archlinux/infrastructure!851
-
Kristian Klausen authored
The wiki has been hammered with requests from some stupid Chinese bots/crawlers. Adding a simple challenge (requiring a cookie to be set), seems to be enough to throw them off. This was initially added for all pages, but as that could affect Chinese search engines (concern raised on the forum[1]), it was changed to only affect "action views", which search engines are not supposed to crawl. [1] https://bbs.archlinux.org/viewtopic.php?pid=2185963#p2185963
-
Kristian Klausen authored
This will be used for installing the geoip2 module, so we can make it more difficult for Chinese bots to crawl the wiki. The name of the shared object file can be overridden in case it is not named ngx_http_{{ module.name }}_module.so, e.g. srcache where the shared object is named ngx_http_srcache_filter_module.so.
-
- Jul 30, 2024
-
-
Jan Alexander Steffens (heftig) authored
-
- Jul 29, 2024
-
-
Jelle van der Waa authored
Archweb now exports Prometheus status via /metrics with request duration information.
-
- Jul 28, 2024
-
-
Jan Alexander Steffens (heftig) authored
Add support for "legacy" RSA 4096 certs Closes releng#22 See merge request archlinux/infrastructure!852
-
Jan Alexander Steffens (heftig) authored
To shut up the linter.
-
Jan Alexander Steffens (heftig) authored
Using a cert named after the primary domain with `_legacy` appended. However, the cert is only issued for the legacy domains, not the primary domain. Deploy for `ipxe.archlinux.org`. Fixes: releng#22
-
Jan Alexander Steffens (heftig) authored
They might conflict with the normal configuration, so we don't want these redirects to get cached.
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
With RSA 4096 instead of ECDSA.
-
Jan Alexander Steffens (heftig) authored
Don't require the cert to have the same name as the first domain.
-
- Jul 27, 2024
-
-
Kristian Klausen authored
This reverts commit f5b566fa. We no longer have cloud servers with 1-vCPU so this isn't needed.
-
- Jul 23, 2024
-
-
Evangelos Foutras authored
Simplify the role by removing the configurability of "EditionIDs", and hardcoding its value to "GeoLite2-Country GeoLite2-City". While it was originally intended for consumers to select which database(s) to fetch, it's not straightforward how to support multiple inclusions of the role.
-
Evangelos Foutras authored
This reverts commit a9b596c4. We no longer have cloud servers with 1-vCPU so this isn't needed.
-
- Jul 21, 2024
-
-
Jan Alexander Steffens (heftig) authored
dbscripts: Unbreak mirrorauth See merge request archlinux/infrastructure!849
-
Jan Alexander Steffens (heftig) authored
archlinux.org started rejecting connections without SNI because of experiments with deploying HTTP/3. See: archlinux/infrastructure!850
-
Jan Alexander Steffens (heftig) authored
nginx: Set a resolver Closes #607 See merge request archlinux/infrastructure!848
-
Jan Alexander Steffens (heftig) authored
This is required of OCSP stapling to work, or you get warnings when NGINX starts up: no resolver defined to resolve e6.o.lencr.org while requesting certificate status Let NGINX use the local systemd-resolved as its resolver. Fixes: archlinux/infrastructure#607
-
Christian Heusel authored
After fixing the cert setup on the host a working certbot installation is needed for the automatic cert renewal. Signed-off-by: Christian Heusel <christian@heusel.eu>
-