#61679 closed enhancement (fixed)
Add web server rewrite rules to Braeburn
Reported by: | ryandesign (Ryan Carsten Schmidt) | Owned by: | neverpanic (Clemens Lang) |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | server/hosting | Version: | |
Keywords: | Cc: | ||
Port: |
Description
Currently we use MaxCDN to serve our web site. A number of web server rewrite rules are configured on the CDN:
- Requests for
/files/ports.tar.gz
are redirected 301 permanent tohttps://distfiles.macports.org/ports.tar.gz
- Requests for
^/guide(/.*)?$
are redirected 301 permanent tohttps://guide.macports.org$1
- Requests for
^/trac(/.*)?$
are redirected 301 permanent tohttps://trac.macports.org$1
- Requests for
^/t/(\d+)$
are redirected 301 permanent tohttps://trac.macports.org/ticket/$1
- Requests for
^/(?:feed\.xml|(?:post|news)(?:/.*)?)$
are proxied to our GitHub Pages site at http://macports.github.io but with a forced Host header of www.macports.org - All other requests are handled by our old PHP-based web site hosted on Braeburn
We have been notified that on December 2 we will no longer be able to use MaxCDN for free. I am trying to find another CDN that will host us for free, but have not been successful yet. Even if we do find another CDN, they might not offer us the capability of configuring the web server rules so that different paths can be handled by different origin servers.
Therefore, please configure the web server on Braeburn with the above rules. MaxCDN uses nginx so their rules file can't be used directly on Braeburn since that uses Apache.
Change History (4)
comment:1 Changed 4 years ago by neverpanic (Clemens Lang)
Owner: | changed from admin@… to neverpanic |
---|---|
Status: | new → accepted |
comment:2 Changed 4 years ago by neverpanic (Clemens Lang)
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
comment:3 Changed 4 years ago by ryandesign (Ryan Carsten Schmidt)
I deliberately configured macports.github.io with the www.macports.org CNAME so that if any user happens to visit macports.github.io they will be redirected to www.macports.org.
GitHub Pages doesn't require https, so if you wanted to proxy it through Apache without https that could work. But we might prefer to use https at this point.
comment:4 Changed 4 years ago by neverpanic (Clemens Lang)
I don't want the connection between our server and GitHub to be unencrypted. Anybody in a position to MitM that connection could inject JavaScript under macports.org and, for example, grab cookies that might work for Trac.
And now I know what that's not the setup we originally did, because GitHub requires a SNI of macports.github.io (because we won't give them a valid certificate for macports.org), but a Host header of www.macports.org. Apache's mod_proxy just doesn't support that.
I've now forwarded that specific content through a local nginx that does.