diff --git a/data/hostname/webapp.internal.staging.swh.network.yaml b/data/hostname/webapp.internal.staging.swh.network.yaml index f0201ef2..8e3943d0 100644 --- a/data/hostname/webapp.internal.staging.swh.network.yaml +++ b/data/hostname/webapp.internal.staging.swh.network.yaml @@ -1,84 +1,66 @@ networks: default: interface: eth0 address: 192.168.128.8 netmask: 255.255.255.0 gateway: 192.168.128.1 hitch::frontend: "[*]:443" hitch::proxy_support: true varnish::http_port: 80 apache::http_port: 9080 # Disable default vhost on port 80 apache::default_vhost: false swh::deploy::webapp::vhost::name: webapp.internal.staging.swh.network swh::deploy::webapp::vhost::aliases: - webapp.staging.swh.network - webapp.staging.softwareheritage.org swh::deploy::webapp::config::allowed_hosts: - webapp.internal.staging.swh.network - webapp.staging.swh.network - webapp.staging.softwareheritage.org swh::deploy::webapp::backend::workers: 16 swh::deploy::webapp::backend::http_keepalive: 5 swh::deploy::webapp::backend::http_timeout: 3600 swh::deploy::webapp::backend::reload_mercy: 3600 - -# in private data: -# deposit_basic_auth_swhworker_username -# deposit_basic_auth_swhworker_password -swh::deploy::webapp::config: - storage: "%{alias('swh::remote_service::storage::config')}" - vault: "%{alias('swh::remote_service::vault::config::writable')}" - indexer_storage: "%{alias('swh::remote_service::indexer::config')}" - scheduler: "%{alias('swh::remote_service::scheduler::config::writable')}" - log_dir: "%{hiera('swh::deploy::webapp::conf::log_dir')}" - secret_key: "%{hiera('swh::deploy::webapp::conf::secret_key')}" - content_display_max_size: 1048576 - throttling: - cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}" - scopes: - swh_api: - limiter_rate: - default: 120/h - exempted_networks: - - 127.0.0.0/8 - - 192.168.100.0/23 - - 129.168.128.0/24 - swh_api_origin_visit_latest: - # This endpoint gets called a lot (by default, up to 70 times - # per origin search), so it deserves a much higher rate-limit - # than the rest of the API. - limiter_rate: - default: 700/m - exempted_networks: - - 127.0.0.0/8 - - 192.168.100.0/23 - - 192.168.128.0/24 - swh_vault_cooking: - limiter_rate: - default: 120/h - GET: 60/m - exempted_networks: - - 127.0.0.0/8 - - 192.168.100.0/23 - - 192.168.128.0/24 - swh_save_origin: - limiter_rate: - default: 120/h - POST: 10/h - exempted_networks: - - 127.0.0.0/8 - - 192.168.100.0/23 - - 129.168.128.0/24 - allowed_hosts: "%{alias('swh::deploy::webapp::config::allowed_hosts')}" - production_db: "%{hiera('swh::deploy::webapp::production_db')}" - deposit: - private_api_url: "%{hiera('swh::deploy::webapp::deposit::private::url')}" - private_api_user: "%{hiera('deposit_basic_auth_swhworker_username')}" - private_api_password: "%{hiera('deposit_basic_auth_swhworker_password')}" +swh::deploy::webapp::config::throttling: + cache_uri: "%{hiera('memcached::server::bind')}:%{hiera('memcached::server::port')}" + scopes: + swh_api: + limiter_rate: + default: 120/h + exempted_networks: + - 127.0.0.0/8 + - 192.168.100.0/23 + - 129.168.128.0/24 + swh_api_origin_visit_latest: + # This endpoint gets called a lot (by default, up to 70 times + # per origin search), so it deserves a much higher rate-limit + # than the rest of the API. + limiter_rate: + default: 700/m + exempted_networks: + - 127.0.0.0/8 + - 192.168.100.0/23 + - 192.168.128.0/24 + swh_vault_cooking: + limiter_rate: + default: 120/h + GET: 60/m + exempted_networks: + - 127.0.0.0/8 + - 192.168.100.0/23 + - 192.168.128.0/24 + swh_save_origin: + limiter_rate: + default: 120/h + POST: 10/h + exempted_networks: + - 127.0.0.0/8 + - 192.168.100.0/23 + - 129.168.128.0/24