2 Commits

Author SHA1 Message Date
Jeremy Stanley
c4be87753f Set MaxConnectionsPerChild 8192 for Gitea backends
When we added Apache as a filtering proxy on our Gitea backends in
order to more easily mitigate resource starvation, we did not set
any tuning to tell it when to recycle worker processes. As a result,
backends may continue serving requests with workers which pre-date
certificate rotation. This problem has also become more broadly
prevalent throughout our services with the introduction of Let's
Encrypt's 3-month certificate expirations as compared to our
previous 2-year certificates.

Add the same MaxConnectionsPerChild tuning to our Gitea backend
proxies as we use for our static sites and mirror servers.

Change-Id: I77d89385178a30f7dc5d04bedd0ab3772865c09f
2021-04-07 15:38:35 +00:00
Ian Wienand
870f664648 gitea: Add reverse proxy option
This adds an option to have an Apache based reverse proxy on port 3081
forwarding to 3000.  The idea is that we can use some of the Apache
filtering rules to reject certain traffic if/when required.

It is off by default, but tested in the gate.

Change-Id: Ie34772878d9fb239a5f69f2d7b993cc1f2142930
2020-07-01 15:33:05 +10:00