1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 20:40:56 +01:00
No description
Find a file
epriestley e6fb1dc1e9 When an install is instanced, include the instance identifier in the URI for file data
Summary:
This allows us to CDN the cluster.

General problem is that we can't easily give each instance its own CDN URI (`giraffe.phcdn.net`) in Cloudfront, because it requires that you enumerate all aliases (and there's a limit of 100) and depends on SNI (a newish feature of SSL which allows one server to serve multiple certificates, but which doesn't have full support everywhere yet).

It's //possible// that we could eventually work around this, or use Cloudflare instead (which has a different model that seems like a slightly easier fit for CDN-domain-per-instance), but I don't want to sink a ton of work into this and want to keep things on AWS insofar as we reasonably can.

The easiest way to fix this is just to put the instance identity into URIs, then read it out when handling CDN requests. This has no effect on installs without cluster instance configuration, which is all of them except ours.

It's also slightly desirable to share this stuff, since we get to share the cache for static resources, which are always identical across instances.

So requests go from the Cloudfront gateway ("xyz.cloudfront.com") to the LB with a hard-coded instance name ("cdn.phacility.com"), which gets them routed to a balanced web machine. The web machine picks the correct instance name out of the URI, acts as that instance, and does the correct thing.

The messiest part of this is that we need "cdn.phacility.com" to be a real instance so it can serve static resources, but that's not a big deal. We have a few other hard-codes which have to be real resources for now, like we must have a merchant named "Phacility".

Test Plan:
  - Viewed files with `security.alternate-file-domain` off (i.e., no file tokens).
  - Viewed pages and files with `security.alternate-file-domain` on. Saw correct resource behavior, @isntance generation of URIs, and correct token redirect behavior for files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11668
2015-02-03 14:55:46 -08:00
bin Add some of a billing daemon skeleton 2015-01-30 11:29:05 -08:00
conf Add bin/almanac register to associate a host with an Almanac device and trust it 2015-01-02 15:13:30 -08:00
externals Rewrite Aphlict to use Websockets 2015-01-08 10:03:00 -08:00
resources Revert "Have DifferentialRevisionList return an ObjectBox if header is set" 2015-02-03 12:16:42 -08:00
scripts Remove TERM=dumb, which is causing difficult-to-reproduce hangs 2015-02-03 09:54:02 -08:00
src When an install is instanced, include the instance identifier in the URI for file data 2015-02-03 14:55:46 -08:00
support Aphlict - fix incrementation of _messagesIn 2015-02-03 08:02:23 -08:00
webroot Revert "Have DifferentialRevisionList return an ObjectBox if header is set" 2015-02-03 12:16:42 -08:00
.arcconfig Update .arclint in Phabricator for phutil-library lint 2014-05-12 06:01:30 -07:00
.arclint Lint the webroot/rsrc/externals/javelin directory 2015-01-14 07:48:39 +11:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore When registering a device, write a device ID 2015-01-22 16:06:04 -08:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README.md Add a more complete README for GitHub 2015-01-28 12:49:36 -08:00

Phabricator is an open source collection of web applications which help software companies build better software.

Phabricator includes applications for:

  • reviewing and auditing source code;
  • hosting and browsing repositories;
  • assembling a party to venture forth;
  • tracking bugs;
  • managing projects;
  • writing stuff down and reading it later;
  • hiding stuff from coworkers; and
  • also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility. The first version of Phabricator was originally built at Facebook.

BUG REPORTS Please update your install to HEAD before filing bug reports. You can follow our bug reporting guide or and file the issue in Maniphest.

FEATURE REQUESTS We're big fans of feature requests that state core problems, not just 'add this'. We've compiled a short guide to effective upstream requests here.

SECURITY ISSUES Phabricator participates in HackerOne and may pay out for various issues reported there. You can find out more information on our HackerOne page.

PULL REQUESTS We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide for more information.

LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted.