add backend serveraliases to debian vhosts #2124
Conversation
| @@ -70,6 +70,7 @@ | |||
| include apache::mod::mime | |||
|
|
|||
| web::vhost { $vhost: | |||
| serveraliases => [ "${vhost}-backend.theforeman.org", "${vhost}.${facts['networking']['fqdn']}" ], | |||
There was a problem hiding this comment.
gotta add the right DNS entries before deploying this, or LE will freak out
There was a problem hiding this comment.
Can we make the servername deb-backend? I don't mind adding the $vhost.$fqdn as an alias.
There was a problem hiding this comment.
no, because then stagingdeb and archivedeb will also have this alias, which is not what I wanted :)
There was a problem hiding this comment.
So we can't make $vhost deb-backend instead?
My reasoning is that I'd like to use mod_md to get the certificate (based on the servername) instead of the current letsencrypt module we use, but we don't have to pull that in scope here.
There was a problem hiding this comment.
We have 3 instances of freight::user: main, archive and staging which create deb, archivedeb and stagingdeb vhosts.
We should switch those to produce deb-backend, archivedeb-backend and stagingdeb-backend at some point, yes.
But I first wanted to introduce the alias, have time to play with the CDN and then drop the non-backend vhosts.
There was a problem hiding this comment.
FWIW, I think I miss-read your first comment "can we make the servername deb-backend" as "can we always use "deb-backend" -- which we can't because we need three separate "backends" (served by the same httpd).
What we can do is use ${vhost}-backend as the servername in the future.
|
I am guessing the same will need to happen for the rpm serving and thus I should copy this model? |
|
Need? No. |
ekohl
changed the title
deb.tfm.o (and friends) do not point to our host these days, but to a
CDN, thus, using deb.tfm.o as the vhost name is a tad wrong.
this change introduces two aliases for the vhost: deb-backend.tfm.o and
deb.${fqdn}, which in my test environment results in:
ServerName deb.theforeman.org
ServerAlias deb-backend.theforeman.org
ServerAlias deb.repo-deb.tanso.example.com
This has the benefit that the right vhost is reachable without any
tricks, and will allow us to switch the CDN config to a "more correct"
naming scheme, later dropping deb.tfm.o from the vhost here totally.
(This has the side-benefit that deb.tfm LE requests go via the CDN and
only then hit our box, which is confusing to say the least and that
would stop)
deb.tfm.o (and friends) do not point to our host these days, but to a
CDN, thus, using deb.tfm.o as the vhost name is a tad wrong.
this change introduces two aliases for the vhost: deb-backend.tfm.o and
deb.${fqdn}, which in my test environment results in:
This has the benefit that the right vhost is reachable without any
tricks, and will allow us to switch the CDN config to a "more correct"
naming scheme, later dropping deb.tfm.o from the vhost here totally.
(This has the side-benefit that deb.tfm LE requests go via the CDN and
only then hit our box, which is confusing to say the least and that
would stop)