opendev/system-config
Code Issues Proposed changes
ac55e08d05
system-config/playbooks/roles/zuul-web/templates/zuul.vhost.j2
Ian Wienand 8a2289f70a zuul-web: rework caching 
mod_mem_cache was removed in Apache 2.4 so all the bits of
configuration gated by the IfModule are currently irrelevant.

The replacement is socache, the in-memory version is "shmcb" (can also
hook up to memcache, etc.).  Enable the socache module, and switch the
cache matching parts to use socache and then fall-back to disk cache
(this is what it says this will do in the manual [1])

The other part of this is to turn the CacheQuickHandler off.  The
manual says about this [2]

  In the default enabled configuration, the cache operates within the
  quick handler phase. This phase short circuits the majority of
  server processing, and represents the most performant mode of
  operation for a typical server. The cache bolts onto the front of
  the server, and the majority of server processing is avoided.

I won't claim to fully understand how our mod_rewrite rules and
mod_proxy all hang together with phases and what-not.  But emperically
with this turned on (default) we do not seem to get any caching on the
tenant status pages, and with it turned off we do.

I've deliberately removed IfModule gating as well.  This actually hid
the problem and made it much more difficult to diagnose; it is much
better if these directives just fail to start Apache if we do not have
the modules we expect to have.

[1] https://httpd.apache.org/docs/2.4/mod/mod_cache_socache.html
[2] https://httpd.apache.org/docs/2.4/mod/mod_cache.html#cachequickhandler

Change-Id: I4e5f803b9d4fb6c2351cf151a085b93a7fd20f60
2020-09-14 13:59:53 +10:00

71 lines
2.0 KiB
Django/Jinja
Raw Blame History

<VirtualHost *:80>
ServerName zuul.opendev.org
ServerAdmin webmaster@openstack.org
ErrorLog ${APACHE_LOG_DIR}/zuul-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-access.log combined-cache
Redirect / https://zuul.opendev.org/
</VirtualHost>
<VirtualHost *:443>
ServerName zuul.opendev.org
ServerAdmin webmaster@openstack.org
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/zuul-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/zuul-ssl-access.log combined-cache
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul.opendev.org/zuul.opendev.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/zuul.opendev.org/ca.cer
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteRule ^/api/tenant/(.*)/console-stream ws://127.0.0.1:9000/api/tenant/$1/console-stream [P,L]
RewriteRule ^/(.*)$ http://127.0.0.1:9000/$1 [P,L]
AddOutputFilterByType DEFLATE application/json text/css text/javascript application/javascript
# Enable SHM backend for socache
CacheSocache shmcb
# Anything bigger should fall through to disk
CacheSocacheMaxSize 102400
# This is required to match on rewrites correctly
CacheQuickHandler off
# Disk cache settings
CacheRoot /var/cache/apache2/mod_cache_disk
CacheMaxFileSize 10000000
<LocationMatch "^/api/tenant/.*/status">
CacheEnable socache
CacheEnable disk
</LocationMatch>
<Location "/static">
CacheEnable socache
CacheEnable disk
</Location>
</VirtualHost>
View Git Blame Copy Permalink