Task #1190
closed
Story #1150: As a user, I can lazily fetch repositories
Create a httpd config for the lazy streamer
Status:
CLOSED - CURRENTRELEASE
Description
Part of the lazy component set is an Apache server that acts as an SSL termination point (since squid can't cache encrypted traffic) and enforces content protection. The client is redirected to this Apache server (by way of story #1180) when the content is missing from the Pulp server, but is part of a lazy-loaded repository. When a client connects Apache will need to check the presented client certificate (if any) to ensure they have access to the content. Apache will then keep the connection to the client open while it connects to Squid on localhost:3128 and requests the content on behalf of the client.
To achieve this, a new Apache configuration file needs to be created.
Some inline documentation should be included in the configuration file explaining the purpose of each directive and any other settings the user may want to tweak or look into. A release note should be added for this change.
This new configuration file will be packaged as part of the pulp-streamer and is completely separate from the main Apache configuration for Pulp.
- Parent issue set to #1150
- Subject changed from Add SSL termination Location example to httpd config to Add SSL and non-SSL Location examples to httpd config
- Description updated (diff)
- Subject changed from Add SSL and non-SSL Location examples to httpd config to Create a httpd config with SSL and non-SSL Location settings for Lazy Apache
- Description updated (diff)
Secured by signed URL instead.
- Status changed from NEW to ASSIGNED
- Assignee set to jcline@redhat.com
- % Done changed from 0 to 50
The required Apache configuration has been documented as part of story #1198, but we have not yet decided how/if to package the configuration.
- Status changed from ASSIGNED to POST
- % Done changed from 50 to 100
The Apache configuration PR against the feature branch: https://github.com/pulp/pulp/pull/2104
Since we use URL signatures, there is a new WSGI application that checks signatures and is turned on as part of the streamer 'Directory' statement.
- Subject changed from Create a httpd config with SSL and non-SSL Location settings for Lazy Apache to Create a httpd config for the lazy streamer
- Description updated (diff)
- Status changed from POST to MODIFIED
- Status changed from MODIFIED to ASSIGNED
- Platform Release set to 2.8.0
Release notes are still needed.
- Status changed from ASSIGNED to 5
- Status changed from 5 to CLOSED - CURRENTRELEASE
Also available in: Atom
PDF
.