Commit graph

281 commits

Author SHA1 Message Date
Jimmy Zelinskie
4a2b25200a nginx: make rate limiting awesome 2015-02-19 16:24:05 -05:00
Jimmy Zelinskie
01811ee793 nginx: add missing semicolon 2015-02-19 13:31:49 -05:00
Jimmy Zelinskie
11c5632121 nginx: remove blacklisted IP 2015-02-19 12:46:03 -05:00
Jimmy Zelinskie
b7159293c1 nginx: create unauth/auth ratelimiting
This also removes nodelay on rate limiting and temporarily blacklists an
IP address.
2015-02-19 12:32:06 -05:00
Jake Moshenko
04b06547b8 Remove all of the timeouts since they were not doing the right thing anyway. 2015-02-18 17:04:25 -05:00
Joseph Schorr
f107b50a46 Merge branch 'master' into ackbar 2015-02-12 12:04:45 -05:00
Joseph Schorr
42db221576 Disable proxy server buffer changes 2015-02-11 16:25:09 -05:00
Jake Moshenko
0f3d87466e Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 14:15:18 -05:00
Jimmy Zelinskie
3abb5bf0a3 nginx: set proxy_buffer_size to 6MB
Because tags are included in our sessions, pushes containing many tags
will make our headers larger than the buffer nginx uses to send to the
client and then nginx is unable to validate the headers.
2015-02-10 15:48:27 -05:00
Joseph Schorr
9dfe523615 Merge master changes 2015-02-05 13:11:16 -05:00
Jake Moshenko
11562a74de Remove the old builder infrastructure. 2015-01-29 11:03:23 -05:00
Jimmy Zelinskie
24365fb960 nginx: rate-limiting for /c1/ 2015-01-26 15:42:56 -05:00
Jimmy Zelinskie
f99025f123 nginx: adjust proxy protocol rate limiting values 2015-01-26 15:03:27 -05:00
Joseph Schorr
30b895b795 Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 17:26:14 -05:00
Jimmy Zelinskie
b5f7777fd7 nginx: create proxy-server-base.conf w/ rate limit 2015-01-23 16:50:16 -05:00
Jimmy Zelinskie
64bea5387b nginx: rate limiting only on proxy protocol 2015-01-23 16:04:06 -05:00
Jimmy Zelinskie
a185b53db4 nginx: set real IP from any address 2015-01-23 15:13:24 -05:00
Jimmy Zelinskie
b19b256b52 Proxy Protocol on port 8443 2015-01-22 16:10:02 -05:00
Jimmy Zelinskie
a715d97660 health check endpoint without proxy protocol 2015-01-22 12:58:48 -05:00
Jimmy Zelinskie
73557f20b9 add missing semicolon 2015-01-22 12:16:04 -05:00
Jimmy Zelinskie
365290d3c4 Add and include proxy-protocol.conf 2015-01-21 17:11:23 -05:00
Jimmy Zelinskie
e93d0b83ec reset nginx config to master 2015-01-21 17:00:43 -05:00
Jimmy Zelinskie
0f8aad9ef1 Break out a new server{} config for port 444>
This also restores docker proxy stuff with recursive enabled
2015-01-21 15:59:29 -05:00
Jimmy Zelinskie
b7d6d42317 comment out docker reverse proxy stuff 2015-01-21 15:05:35 -05:00
Jimmy Zelinskie
c992657f05 health check on port 444 2015-01-21 13:43:21 -05:00
Jimmy Zelinskie
312ba536d9 move proxy protocol to ssl listen directive 2015-01-21 11:19:41 -05:00
Jimmy Zelinskie
a5569b124d only set real_ip from local subnet 2015-01-20 17:46:06 -05:00
Jimmy Zelinskie
ad92ca33d3 fix mispelled nginx directive 2015-01-20 17:00:12 -05:00
Jimmy Zelinskie
f6d1ffd2c8 proxy_protocol logging and support 2015-01-20 15:49:54 -05:00
Jimmy Zelinskie
a68bad1c3a Undo nginx rate-limiting. 2015-01-15 17:27:06 -05:00
Jimmy Zelinskie
6cbd4ee4fe Add rate limiting to nginx.
The only caveat is that "One megabyte zone can keep about 16 thousand
64-byte states. If the zone storage is exhausted, the server will return
the 503 (Service Temporarily Unavailable) error to all further
requests."
  -- nginx documentation
2015-01-13 15:59:04 -05:00
Jimmy Zelinskie
53e9e514d5 Add vim nginx ft to nginx config files 2015-01-13 15:19:42 -05:00
Joseph Schorr
47fb10b79f Merge branch 'master' into ackbar 2015-01-08 13:57:39 -05:00
Joseph Schorr
40d2b1748f Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 12:31:02 -05:00
Jake Moshenko
4012e1b327 Fix typo on nginx nofile config. 2014-12-18 14:58:10 -05:00
Jake Moshenko
2b0fc9087f Performance improvements meant to help get jobs off of the load balancer more quickly. 2014-12-18 11:53:10 -05:00
Joseph Schorr
72d613614d Merge branch 'bagger' 2014-12-01 12:48:59 -05:00
Joseph Schorr
279e4b5069 Fix the preplogsdir script to work after a restart of the container 2014-11-29 14:33:55 -05:00
Joseph Schorr
9d675b51ed - Change SSL to only be enabled via an environment variable. Nginx will be terminating SSL for the ER.
- Add the missing dependencies to the requirements.txt
- Change the builder ports to non-standard locations
- Add the /b1/socket and /b1/controller endpoints in nginx, to map to the build manager
- Have the build manager start automatically.
2014-11-25 18:08:18 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Jake Moshenko
17fc72d262 Switch postgres to a non-transactional DDL to allow us to use peewee to modify data in migrations: enterprise customers are running postgres migrations offline already. Move the image backfill script back to a migration since it will now work. Unify the interface to sending a DB URI to env.py for the migration script. 2014-11-18 14:07:33 -05:00
Joseph Schorr
8548538516 Fix _ping endpoint to match the new spec 2014-11-07 10:05:05 -05:00
Joseph Schorr
29c30b336e Move the uncompressed image size migration call outside of alembic, since it will sometimes deadlock with certain kinds of DBs (because alembic is running things inside a transaction) 2014-11-03 21:01:41 -05:00
Jake Moshenko
2483ae6ee6 Lower the worker count for registry and verbs. 2014-10-21 17:51:21 -04:00
Jake Moshenko
6612e9003e Add some missing paramters in the logger config. 2014-10-17 16:25:08 -04:00
Jake Moshenko
34c0a5a886 Fix the logging config to disable boto. 2014-10-17 16:15:40 -04:00
Joseph Schorr
b3292f8549 Fix the /realtime endpoint by making sure buffering is off 2014-10-17 15:50:40 -04:00
Jake Moshenko
328db8b660 Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 13:58:08 -04:00
Jake Moshenko
dd6f31cba4 Fix the docker registry headers for _ping. 2014-10-03 16:41:16 -04:00
Joseph Schorr
a1470460a7 Move the /static handler into the base and have nginx serve the Docker ping endpoint 2014-10-02 16:04:23 -04:00
Jake Moshenko
511ee12a58 Redirect stderr to stdout for the buildlogsarchiver. 2014-09-12 14:46:29 -04:00
Jake Moshenko
353da13b16 Set up the service monitoring for the log migration script. Add a database migration to add the logs_archived column. 2014-09-12 11:57:47 -04:00
Jake Moshenko
25058bc91c Up the gunicorn worker count (under protest) 2014-09-03 17:24:52 -04:00
Jake Moshenko
551539dbc5 Update the nginx config to allow for request bodies up to 20gb. 2014-08-27 16:41:30 -04:00
Joseph Schorr
67905c277e Remove webhook worker 2014-08-25 19:13:40 -04:00
Joseph Schorr
09a1c4d2b5 Add test fix and make sure Quay ups the connection count in its container 2014-08-25 14:23:21 -04:00
Joseph Schorr
49801bc2c4 - Add web hook queue code back in. We'll remove it and turn it off after this CL goes to prod
- Make notification lookup always be by repo and its UUID, rather than the internal DB ID
- Add the init script for the notification worker
2014-07-31 13:30:54 -04:00
Jake Moshenko
870cc9ce0b Only keep around 4 days worth or 400MB of logs. 2014-06-23 11:25:50 -04:00
Jake Moshenko
f6726bd0a4 Merge branch 'ldapper'
Conflicts:
	Dockerfile
	app.py
	data/database.py
	endpoints/index.py
	test/data/test.db
2014-05-22 12:13:41 -04:00
Jake Moshenko
044cfdb656 Let gunicorn load code before forking. 2014-05-20 19:06:54 -04:00
Jake Moshenko
9d92c1cb0f Switch to nginx compiled with the real ip module. 2014-05-19 13:24:07 -04:00
Jake Moshenko
707bca892e Rename the nginx configuration to remove the word enterprise 2014-05-18 17:28:51 -04:00
Jake Moshenko
212a4650f4 Rework the config to use runit logging. 2014-05-18 17:19:14 -04:00
Jake Moshenko
cc47e77156 Upgrade to the 0.11.1 tutum version of docker. Package it as a Dockerfile using Docker in Docker. Add a status server option to the workers to utilize the new termination signal and status features of gantry. 2014-05-16 18:31:24 -04:00
Jake Moshenko
f049f738da Run the db migrations on container start unless we're running against Sqlite. 2014-05-13 15:20:17 -04:00
Jake Moshenko
e422f2eee9 Add the logger name to the production logging config. 2014-05-02 14:04:50 -04:00
Jake Moshenko
4556ff52b3 Change the request ids to use urns. Add the logger name to the log formatter. 2014-05-02 13:43:57 -04:00
Jake Moshenko
a5a61576ae Revamp the logging a bit. Not quite done yet. 2014-05-01 19:44:28 -04:00
jakedt
0cbcc5baef Remove the no longer used nginx config. 2014-04-18 11:01:59 -04:00
jakedt
9e88414773 Move the pid files inside the container so they don't conflict. 2014-04-17 12:29:23 -04:00
jakedt
576fbe4f0d Switch over to phusion baseimage. Prevent everything from daemonizing and start it with runit under phusion. Make workers trap and handle sigint and sigterm. Extend the reservation to 1hr for dockerfilebuild. Update nginx to remove the dependency on libgd. Merge the requirements and requirements enterprise files. 2014-04-11 13:32:45 -04:00
jakedt
8fac0474b5 Get staging to run under docker on an EC2 host. 2014-04-10 18:30:09 -04:00
jakedt
265fa5070a Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 16:59:22 -04:00
jakedt
8e9faf6121 Toward running quay in a docker container. 2014-04-07 01:20:09 -04:00
yackob03
8b8084f484 Add a mostly working cloud init script and a bitbucket deploy key. The docker run of logstash isn't working for some reason and still must be done manually. 2014-02-04 19:01:04 -05:00
yackob03
a6f98570a1 Send everything in production through the gunicorn logger (allows rotation using USR1). Add a gunicorn logger that emits the logstash format. Move the gunicorn config to the conf subdir. Update the postrotate script to hopefully work. 2014-02-04 15:08:49 -05:00
yackob03
f2fef9fcde Update the logrotate config to use the right permissions for the file, and to call USR1 on nginx after rotation. Update the readme to use the nginx pidfile. 2014-02-03 11:57:29 -05:00
yackob03
b48748d957 Have gunicorn publish its pid and have logrotate bounce it so that the file handle migrates. 2014-01-31 19:23:37 -05:00
yackob03
b128701ed6 Forgot to move one of the nginx dirs. 2014-01-31 19:20:35 -05:00
yackob03
9db63a505f Add logrotate config and installation instructions to the readme. 2014-01-31 18:17:11 -05:00
yackob03
2b6c9149e8 Configure nginx to emit logstash logs for access logs. Move all nginx config to a conf subdir. Rework nginx config to share common parts. 2014-01-31 18:13:46 -05:00