Remove the upstream pypi reverse proxy

Trying to reverse proxy upstream pypi has not turned out to
be very stable, or very useful. We've had many, many reports
of stability issues and the additional complexity for offline
and proxy usage is just not worth it.

Given we already have a mechanism in place to handle using
upstream pypi if the repo server is not there yet, disabling
this should just result in that mechanism kicking in and all
will be well again.

Once the repo is built, the reverse proxy to pypiserver will
then be exclusively used and the upstream pypi proxy is not
necessary anyway.

Depends-On: https://review.openstack.org/584393
Change-Id: Ie407c6a346de6b46c8f4d30caea8664a7f6bd341
This commit is contained in:
Jesse Pretorius 2018-07-20 15:04:01 +01:00 committed by Jesse Pretorius (odyssey4me)
parent 7c8e10977d
commit dab934bdb9
4 changed files with 16 additions and 54 deletions

View File

@ -99,12 +99,3 @@ repo_pypiserver_start_options: >-
# config override var for systemd init file
repo_pypiserver_init_overrides: {}
# nginx host:port for pypi reverse proxy
repo_nginx_pypi_upstream: "pypi.python.org:443"
# Set the options for the nginx proxy_cache_path directive.
# The proxy cache is used for data downloaded from pypi.
# The default is set to cache up to 1G worth of packages
# for up to 1 month
repo_nginx_proxy_cache_path: >-
/var/lib/nginx/pypi levels=1:2 keys_zone=pypi:16m inactive=1M max_size=1G

View File

@ -0,0 +1,10 @@
---
deprecations:
- |
The repo server's reverse proxy for pypi has now been removed,
leaving only the pypiserver to serve packages already on the
repo server. The attempt to reverse proxy upstream pypi turned
out to be very unstable with increased complexity for deployers
using proxies or offline installs. With this, the variables
``repo_nginx_pypi_upstream`` and ``repo_nginx_proxy_cache_path``
have also been removed.

View File

@ -1,12 +1,5 @@
# {{ ansible_managed }}
proxy_cache_path {{ repo_nginx_proxy_cache_path }};
upstream pypiserver {
server localhost:{{ repo_pypiserver_port }};
}
upstream pypi {
server {{ repo_nginx_pypi_upstream }};
keepalive 16;
}

View File

@ -6,50 +6,18 @@ server {
access_log /var/log/nginx/{{ repo_server_name }}.access.log gzip buffer=32k;
error_log /var/log/nginx/{{ repo_server_name }}.error.log notice;
# Allow cached content to be used even when the upstream source is not available.
proxy_cache pypi;
proxy_cache_key $uri;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_set_header Connection "";
proxy_set_header Accept-Encoding "";
# Rewrite any http redirects to use relative to proxy
proxy_redirect ~https?://pypi.python.org(.*) $1;
# Fallback mechanism from:
# http://linuxplayer.org/2013/06/nginx-try-files-on-multiple-named-location-or-server
location @pypi {
proxy_set_header Host pypi.python.org;
{% if repo_nginx_pypi_upstream | match('.*:443$') %}
proxy_pass https://pypi;
{% else %}
proxy_pass http://pypi;
{% endif %}
}
location /simple {
proxy_intercept_errors on;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://pypiserver;
error_page 404 = @pypi;
}
location /packages {
proxy_intercept_errors on;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://pypiserver;
error_page 404 = @pypi;
}
location /+f {
{% if repo_nginx_pypi_upstream | match('.*:443$') %}
proxy_pass https://pypi;
{% else %}
proxy_pass http://pypi;
{% endif %}
}
location / {