diff --git a/defaults/main.yml b/defaults/main.yml index 41c66ec..78bf49e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -99,12 +99,3 @@ repo_pypiserver_start_options: >- # config override var for systemd init file repo_pypiserver_init_overrides: {} -# nginx host:port for pypi reverse proxy -repo_nginx_pypi_upstream: "pypi.python.org:443" - -# Set the options for the nginx proxy_cache_path directive. -# The proxy cache is used for data downloaded from pypi. -# The default is set to cache up to 1G worth of packages -# for up to 1 month -repo_nginx_proxy_cache_path: >- - /var/lib/nginx/pypi levels=1:2 keys_zone=pypi:16m inactive=1M max_size=1G diff --git a/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml b/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml new file mode 100644 index 0000000..8ccbcf4 --- /dev/null +++ b/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml @@ -0,0 +1,10 @@ +--- +deprecations: + - | + The repo server's reverse proxy for pypi has now been removed, + leaving only the pypiserver to serve packages already on the + repo server. The attempt to reverse proxy upstream pypi turned + out to be very unstable with increased complexity for deployers + using proxies or offline installs. With this, the variables + ``repo_nginx_pypi_upstream`` and ``repo_nginx_proxy_cache_path`` + have also been removed. diff --git a/templates/nginx-pypi.conf.j2 b/templates/nginx-pypi.conf.j2 index 9e1e2b7..9beac67 100644 --- a/templates/nginx-pypi.conf.j2 +++ b/templates/nginx-pypi.conf.j2 @@ -1,12 +1,5 @@ # {{ ansible_managed }} -proxy_cache_path {{ repo_nginx_proxy_cache_path }}; - upstream pypiserver { server localhost:{{ repo_pypiserver_port }}; } - -upstream pypi { - server {{ repo_nginx_pypi_upstream }}; - keepalive 16; -} diff --git a/templates/openstack-slushee.vhost.j2 b/templates/openstack-slushee.vhost.j2 index b990be5..775ce6d 100644 --- a/templates/openstack-slushee.vhost.j2 +++ b/templates/openstack-slushee.vhost.j2 @@ -6,50 +6,18 @@ server { access_log /var/log/nginx/{{ repo_server_name }}.access.log gzip buffer=32k; error_log /var/log/nginx/{{ repo_server_name }}.error.log notice; - # Allow cached content to be used even when the upstream source is not available. - proxy_cache pypi; - proxy_cache_key $uri; - proxy_cache_lock on; - proxy_cache_revalidate on; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - - proxy_http_version 1.1; - proxy_set_header Host $host:$server_port; - proxy_set_header Connection ""; - proxy_set_header Accept-Encoding ""; - - # Rewrite any http redirects to use relative to proxy - proxy_redirect ~https?://pypi.python.org(.*) $1; - - # Fallback mechanism from: - # http://linuxplayer.org/2013/06/nginx-try-files-on-multiple-named-location-or-server - location @pypi { - proxy_set_header Host pypi.python.org; - {% if repo_nginx_pypi_upstream | match('.*:443$') %} - proxy_pass https://pypi; - {% else %} - proxy_pass http://pypi; - {% endif %} - } - location /simple { - proxy_intercept_errors on; + proxy_set_header Host $host:$server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://pypiserver; - error_page 404 = @pypi; } location /packages { - proxy_intercept_errors on; + proxy_set_header Host $host:$server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; proxy_pass http://pypiserver; - error_page 404 = @pypi; - } - - location /+f { - {% if repo_nginx_pypi_upstream | match('.*:443$') %} - proxy_pass https://pypi; - {% else %} - proxy_pass http://pypi; - {% endif %} } location / {