| 1 |
On Fri, Jun 26, 2020 at 01:51:06PM -0700, Alec Warner wrote: |
| 2 |
> On Fri, Jun 26, 2020 at 1:38 PM Thomas Deutschmann <whissi@g.o> |
| 3 |
> wrote: |
| 4 |
> |
| 5 |
> > Hi, |
| 6 |
> > |
| 7 |
> > > Is it against the social contract to purchase these CDN services? |
| 8 |
> > |
| 9 |
> > Not from my P.O.V when the origin itself is under full control. |
| 10 |
> > |
| 11 |
> > Also, would you plan to block direct access once you set up a CDN service, |
| 12 |
> > i.e. forcing everyone to use CDN services or would you still allow people |
| 13 |
> > to hit services directly? For the latter it's just an additional offer so I |
| 14 |
> > wouldn't expect any problems (isn't it the same like being present on |
| 15 |
> > GitHub?). |
| 16 |
> > |
| 17 |
> |
| 18 |
> I don't believe we have any rationale for restricting traffic in the way |
| 19 |
> you describe, so no we would not force traffic to transit the CDN to the |
| 20 |
> origin. |
| 21 |
The wording here will matter I feel. |
| 22 |
|
| 23 |
The _default_ hostname for the service might involve the CDN, but |
| 24 |
alternate hostnames exist to bypass the CDN. |
| 25 |
|
| 26 |
The non-CDN version of these can already be accessed at: |
| 27 |
(service)-cdn-origin.gentoo.org |
| 28 |
|
| 29 |
The CDN version of these can be explicitly selected at: |
| 30 |
(service)-cdn.gentoo.org |
| 31 |
|
| 32 |
Infra reserves the right to change the above pattern, but that's what it |
| 33 |
is today (and is visible in the SSL certs). |
| 34 |
|
| 35 |
For transparency, the following read-only services are already using CDN |
| 36 |
today, via sponsors: CDN77 & AWS [1 site]: |
| 37 |
------------------------------------------ |
| 38 |
api.gentoo.org |
| 39 |
assets.gentoo.org |
| 40 |
devmanual.gentoo.org |
| 41 |
infra-status.gentoo.org |
| 42 |
planet.gentoo.org |
| 43 |
archives.gentoo.org (disabled, use archives-cdn.gentoo.org) |
| 44 |
packages.gentoo.org (disabled, use packages-cdn.gentoo.org) [AWS] |
| 45 |
|
| 46 |
Other read-only services likely to move to CDN in future: |
| 47 |
--------------------------------------------------------- |
| 48 |
archives.gentoo.org [already testing] |
| 49 |
cgit.gentoo.org |
| 50 |
distfiles.gentoo.org |
| 51 |
glsa.gentoo.org |
| 52 |
mirrorstats.gentoo.org |
| 53 |
packages.gentoo.org [already testing] |
| 54 |
projects.gentoo.org |
| 55 |
qa-reports.gentoo.org |
| 56 |
repos.gentoo.org |
| 57 |
security.gentoo.org |
| 58 |
www.gentoo.org |
| 59 |
anongit.gentoo.org ** (requires some special sauce) |
| 60 |
|
| 61 |
Read-write services that we'd like to improve to a localized |
| 62 |
reverse-proxy to improve service (via lower latency): |
| 63 |
----------------------------------------------------- |
| 64 |
wiki.gentoo.org |
| 65 |
bugs.gentoo.org |
| 66 |
sso.gentoo.org |
| 67 |
glsamaker.gentoo.org |
| 68 |
keys.gentoo.org |
| 69 |
|
| 70 |
Services unlikely to move: |
| 71 |
-------------------------- |
| 72 |
*test.gentoo.org (test versions of many sites above, would default to non-CDN) |
| 73 |
dev.gentoo.org (would have to detangle HTTPS from SSH hostnames) |
| 74 |
forums.gentoo.org (depends heavily on the migration efforts that are already very behind) |
| 75 |
infrawiki.gentoo.org (not enough demand, low priority) |
| 76 |
|
| 77 |
-- |
| 78 |
Robin Hugh Johnson |
| 79 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
| 80 |
E-Mail : robbat2@g.o |
| 81 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 82 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives