Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#61679 closed enhancement (fixed)

Add web server rewrite rules to Braeburn

Reported by: ryandesign (Ryan Carsten Schmidt) Owned by: neverpanic (Clemens Lang)
Priority: High Milestone:
Component: server/hosting Version:
Keywords: Cc:
Port:

Description

Currently we use MaxCDN to serve our web site. A number of web server rewrite rules are configured on the CDN:

  • Requests for /files/ports.tar.gz are redirected 301 permanent to https://distfiles.macports.org/ports.tar.gz
  • Requests for ^/guide(/.*)?$ are redirected 301 permanent to https://guide.macports.org$1
  • Requests for ^/trac(/.*)?$ are redirected 301 permanent to https://trac.macports.org$1
  • Requests for ^/t/(\d+)$ are redirected 301 permanent to https://trac.macports.org/ticket/$1
  • Requests for ^/(?:feed\.xml|(?:post|news)(?:/.*)?)$ are proxied to our GitHub Pages site at http://macports.github.io but with a forced Host header of www.macports.org
  • All other requests are handled by our old PHP-based web site hosted on Braeburn

We have been notified that on December 2 we will no longer be able to use MaxCDN for free. I am trying to find another CDN that will host us for free, but have not been successful yet. Even if we do find another CDN, they might not offer us the capability of configuring the web server rules so that different paths can be handled by different origin servers.

Therefore, please configure the web server on Braeburn with the above rules. MaxCDN uses nginx so their rules file can't be used directly on Braeburn since that uses Apache.

Change History (4)

comment:1 Changed 4 years ago by neverpanic (Clemens Lang)

Owner: changed from admin@… to neverpanic
Status: newaccepted

comment:2 Changed 4 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: acceptedclosed

And now I know what that's not the setup we originally did, because GitHub requires a SNI of macports.github.io (because we won't give them a valid certificate for macports.org), but a Host header of www.macports.org. Apache's mod_proxy just doesn't support that.

I've now forwarded that specific content through a local nginx that does.

comment:3 Changed 4 years ago by ryandesign (Ryan Carsten Schmidt)

I deliberately configured macports.github.io with the www.macports.org CNAME so that if any user happens to visit macports.github.io they will be redirected to www.macports.org.

GitHub Pages doesn't require https, so if you wanted to proxy it through Apache without https that could work. But we might prefer to use https at this point.

comment:4 Changed 4 years ago by neverpanic (Clemens Lang)

I don't want the connection between our server and GitHub to be unencrypted. Anybody in a position to MitM that connection could inject JavaScript under macports.org and, for example, grab cookies that might work for Trac.

Note: See TracTickets for help on using tickets.