Compilation results for registry1004.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	2930
Resources added:	2
Resources removed:	0
Resources modified:	3
Change percentage:	0.17%

Resources only in the new catalog

File[/etc/nginx/registry-nginx-common-proxy-settings.conf]
File[/etc/nginx/registry-nginx-common-catalog-settings.conf]

Resources modified

File[/etc/nginx/registry-nginx-cache.conf]

Parameters differences:

--- File[/etc/nginx/registry-nginx-cache.conf].orig
+++ File[/etc/nginx/registry-nginx-cache.conf]

@@
-    mode => 0744
+    mode => 0444

Nginx::Site[registry]

File[/etc/nginx/sites-available/registry]

Content differences:

--- /etc/nginx/sites-available/registry.orig
+++ /etc/nginx/sites-available/registry
@@ -733,20 +733,7 @@
       auth_basic_user_file /etc/nginx/restricted-read.htpasswd;
 
       proxy_pass http://registry-restricted;
-      proxy_redirect off;
-      proxy_buffering off;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $host;
-
-      proxy_connect_timeout       180;
-      proxy_send_timeout          180;
-      proxy_read_timeout          180;
-      send_timeout                180;
+      include /etc/nginx/registry-nginx-common-proxy-settings.conf;
 
     }
 
@@ -758,20 +745,7 @@
       deny all;
 
       proxy_pass http://registry-restricted;
-      proxy_redirect off;
-      proxy_buffering off;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $host;
-
-      proxy_connect_timeout       180;
-      proxy_send_timeout          180;
-      proxy_read_timeout          180;
-      send_timeout                180;
+      include /etc/nginx/registry-nginx-common-proxy-settings.conf;
     }
 
     location ~ ^/v2/ml/.* {
@@ -787,20 +761,7 @@
       # This covers GET/HEAD requests to /v2/ml/
 
       proxy_pass http://registry-ml;
-      proxy_redirect off;
-      proxy_buffering off;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $host;
-
-      proxy_connect_timeout       180;
-      proxy_send_timeout          180;
-      proxy_read_timeout          180;
-      send_timeout                180;
+      include /etc/nginx/registry-nginx-common-proxy-settings.conf;
 
     }
 
@@ -812,20 +773,7 @@
       deny all;
 
       proxy_pass http://registry-ml;
-      proxy_redirect off;
-      proxy_buffering off;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $host;
-
-      proxy_connect_timeout       180;
-      proxy_send_timeout          180;
-      proxy_read_timeout          180;
-      send_timeout                180;
+      include /etc/nginx/registry-nginx-common-proxy-settings.conf;
     }
 
     # Capture the original request path here so we can pass it to
@@ -854,46 +802,11 @@
       }
 
       proxy_pass http://registry-swift;
-      proxy_redirect off;
-      proxy_buffering off;
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection $connection_upgrade;
-      proxy_set_header Proxy-Connection "Keep-Alive";
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $host;
-
-      proxy_connect_timeout       180;
-      proxy_send_timeout          180;
-      proxy_read_timeout          180;
-      send_timeout                180;
-
-      # But cache the _catalog endpoint for a few mins as it's pretty expensive
+      include /etc/nginx/registry-nginx-common-proxy-settings.conf;
+
       location ~ ^/v2/_catalog$ {
-        add_header 'Cache-Control' 'public,s-maxage=600,max-age=600' always;
-        add_header 'Vary' 'Accept' always;
         proxy_pass http://registry-swift;
-
-        # Limit the calls to the catalog to internal IPs only, to prevent
-        # abuse from the outside Internet. Fetching the catalog ends up
-        # in a datastore scan to find the available repositories
-        # (at the time of writing, through LIST commands to Swift).
-        #
-        # The set_real_ip_from directives are used to list from
-        # what ranges of IPs we trust to override $remote_addr.
-        set_real_ip_from 10.0.0.0/8;
-        set_real_ip_from 2620:0:860::/46;
-        # The real_ip_header specifies what is the HTTP request header
-        # containing the IP address that overrides (if any) $remote_addr
-        real_ip_header X-Client-Ip;
-        # We then trust only internal IPv4 addresses, or IPv6 addresses
-        # that are global but belonging to the Wikimedia subnet.
-        allow 10.0.0.0/8;
-        allow 2620:0:860::/46;
-        allow ::1/128;
-        allow 127.0.0.1/32;
-        deny all;
+        include /etc/nginx/registry-nginx-common-catalog-settings.conf;
       }
 
     }

Compilation results for registry1004.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources only in the new catalog

Resources modified

Relevant files