Portal:Cloud VPS/Admin/Web proxy

From Wikitech

The web proxy (aka dynamicproxy aka novaproxy aka Yuviproxy) mechanism powers the Cloud VPS web proxy service. It's powered by Nginx, OpenResty, a Redis backend and a Python API to manage it. The setup is hosted in the project-proxy Cloud VPS project.

How to

Enable per-project subdomain delegation

To enable the use of a delegated wmcloud.org subdomain on the proxy, follow these steps:

  1. Ensure a subdomain delegation is a good idea for the specific use case.
  2. Delegate the specific subdomain in Designate to the project using wmcs-makedomain if it's not delegated already. To check, see the domain listing in Horizon or in openstack-browser for that specific project.
  3. Provision the TLS certificates in the project-proxy-acme-chief prefix hiera:
    1. Add the project ID to profile::acme_chief::cloud::designate_sync_project_names if not there already.
    2. Add the names to an existing profile::acme_chief::certificates entry if there's a related zone already configured or add a new certificate definition. By convention, custom domains have certificates with names starting with custom, e.g. customtools for Toolforge and Toolsbeta.
  4. Run Puppet on the active project-proxy acme-chief host.
  5. Add the zone to profile::wmcs::novaproxy::supported_zones in the proxy Hiera prefix.
  6. Run Puppet on the proxy instances, starting with the passive.
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Portal:Cloud_VPS/Admin/Web_proxy&oldid=2164329"