Assume gitea reverse proxy

We now depend on the reverse proxy not only for abuse mitigation but also for serving .well-known files with specific CORS headers. To reduce complexity and avoid traps in the future, make it non-optional. Change-Id: I54760cb0907483eee6dd9707bfda88b205fa0fed
2021-08-20 14:32:27 -07:00 · 2021-08-20 14:32:27 -07:00 · ac1dd4eedd
parent 2a697f8ecd
commit ac1dd4eedd
5 changed files with 0 additions and 13 deletions
--- a/inventory/service/group_vars/gitea.yaml
+++ b/inventory/service/group_vars/gitea.yaml
@ -1,8 +1,5 @@
 gitea_root_email: infra-root@openstack.org
 gitea_gerrit_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz gerrit-replication-2014-04-25
-# NOTE(ianw) 2020-07-08 : turned on hopefully temporarily
-#  http://lists.opendev.org/pipermail/service-discuss/2020-July/000054.html
-gitea_reverse_proxy: true
 iptables_extra_public_tcp_ports:
  - 222
  - 3000
--- a/playbooks/roles/gitea/README.rst
+++ b/playbooks/roles/gitea/README.rst
@ -2,13 +2,6 @@ Install, configure, and run Gitea.

 **Role Variables**

-.. zuul:rolevar:: gitea_reverse_proxy
-   :default: False
-
-   Create an Apache reverse proxy listening on port 3081.  This can be
-   useful for OSI layer 7 filtering; e.g. matching bad User-Agent
-   fields.
-
 .. zuul:rolevar:: gitea_reverse_proxy_hostname
   :default: inventory_hostname

--- a/playbooks/roles/gitea/defaults/main.yaml
+++ b/playbooks/roles/gitea/defaults/main.yaml
@ -1,3 +1,2 @@
 gitea_no_log: true
-gitea_reverse_proxy: false
 gitea_reverse_proxy_hostname: '{{ inventory_hostname }}'
--- a/playbooks/roles/gitea/tasks/main.yaml
+++ b/playbooks/roles/gitea/tasks/main.yaml
@ -33,7 +33,6 @@

 - name: Install reverse proxy
  include_tasks: proxy.yaml
-  when: gitea_reverse_proxy

 - name: Run docker-compose pull
  shell:
--- a/playbooks/zuul/templates/group_vars/gitea.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/gitea.yaml.j2
@ -7,7 +7,6 @@ gitea_db_password: 5bfuOBKtltff0XZX
 gitea_root_password: BUbBcpToMwR05ZCB
 gitea_no_log: false
 gitea_gerrit_password: yVpMWIUIvT7f6NwA
-gitea_reverse_proxy: true
 gitea_reverse_proxy_hostname: localhost
 iptables_extra_public_tcp_ports:
  - 3081