1 |
On Fri, Jun 26, 2020 at 01:51:06PM -0700, Alec Warner wrote: |
2 |
> On Fri, Jun 26, 2020 at 1:38 PM Thomas Deutschmann <whissi@g.o> |
3 |
> wrote: |
4 |
> |
5 |
> > Hi, |
6 |
> > |
7 |
> > > Is it against the social contract to purchase these CDN services? |
8 |
> > |
9 |
> > Not from my P.O.V when the origin itself is under full control. |
10 |
> > |
11 |
> > Also, would you plan to block direct access once you set up a CDN service, |
12 |
> > i.e. forcing everyone to use CDN services or would you still allow people |
13 |
> > to hit services directly? For the latter it's just an additional offer so I |
14 |
> > wouldn't expect any problems (isn't it the same like being present on |
15 |
> > GitHub?). |
16 |
> > |
17 |
> |
18 |
> I don't believe we have any rationale for restricting traffic in the way |
19 |
> you describe, so no we would not force traffic to transit the CDN to the |
20 |
> origin. |
21 |
The wording here will matter I feel. |
22 |
|
23 |
The _default_ hostname for the service might involve the CDN, but |
24 |
alternate hostnames exist to bypass the CDN. |
25 |
|
26 |
The non-CDN version of these can already be accessed at: |
27 |
(service)-cdn-origin.gentoo.org |
28 |
|
29 |
The CDN version of these can be explicitly selected at: |
30 |
(service)-cdn.gentoo.org |
31 |
|
32 |
Infra reserves the right to change the above pattern, but that's what it |
33 |
is today (and is visible in the SSL certs). |
34 |
|
35 |
For transparency, the following read-only services are already using CDN |
36 |
today, via sponsors: CDN77 & AWS [1 site]: |
37 |
------------------------------------------ |
38 |
api.gentoo.org |
39 |
assets.gentoo.org |
40 |
devmanual.gentoo.org |
41 |
infra-status.gentoo.org |
42 |
planet.gentoo.org |
43 |
archives.gentoo.org (disabled, use archives-cdn.gentoo.org) |
44 |
packages.gentoo.org (disabled, use packages-cdn.gentoo.org) [AWS] |
45 |
|
46 |
Other read-only services likely to move to CDN in future: |
47 |
--------------------------------------------------------- |
48 |
archives.gentoo.org [already testing] |
49 |
cgit.gentoo.org |
50 |
distfiles.gentoo.org |
51 |
glsa.gentoo.org |
52 |
mirrorstats.gentoo.org |
53 |
packages.gentoo.org [already testing] |
54 |
projects.gentoo.org |
55 |
qa-reports.gentoo.org |
56 |
repos.gentoo.org |
57 |
security.gentoo.org |
58 |
www.gentoo.org |
59 |
anongit.gentoo.org ** (requires some special sauce) |
60 |
|
61 |
Read-write services that we'd like to improve to a localized |
62 |
reverse-proxy to improve service (via lower latency): |
63 |
----------------------------------------------------- |
64 |
wiki.gentoo.org |
65 |
bugs.gentoo.org |
66 |
sso.gentoo.org |
67 |
glsamaker.gentoo.org |
68 |
keys.gentoo.org |
69 |
|
70 |
Services unlikely to move: |
71 |
-------------------------- |
72 |
*test.gentoo.org (test versions of many sites above, would default to non-CDN) |
73 |
dev.gentoo.org (would have to detangle HTTPS from SSH hostnames) |
74 |
forums.gentoo.org (depends heavily on the migration efforts that are already very behind) |
75 |
infrawiki.gentoo.org (not enough demand, low priority) |
76 |
|
77 |
-- |
78 |
Robin Hugh Johnson |
79 |
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer |
80 |
E-Mail : robbat2@g.o |
81 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
82 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |