diff options
-rw-r--r-- | group_vars/master | 9 | ||||
-rw-r--r-- | roles/nginx/templates/apt-proxy.site.j2 | 34 |
2 files changed, 40 insertions, 3 deletions
diff --git a/group_vars/master b/group_vars/master index fae6302..8f2e02f 100644 --- a/group_vars/master +++ b/group_vars/master @@ -17,10 +17,11 @@ wan_if: eth1 # Interface attached to the cluster LAN lan_if: eth0 # LAN IP for the master -lan_ip: 192.168.1.254 +lan_ip: 192.168.233.254 -lan_dhcp_begin: 192.168.1.1 -lan_dhcp_end: 192.168.1.200 +lan_dhcp_begin: 192.168.233.1 +lan_dhcp_end: 192.168.233.200 +lan_network: 192.168.233.0/24 lan_netmask: 255.255.255.0 # @@ -30,6 +31,8 @@ lan_netmask: 255.255.255.0 tftp_root: /srv/tftp # Mirror from where to install packages (HTTP), and security updates. +# This mirror will also be used as the "upstream" of the APT proxy +# for LAN nodes. apt_mirror: ftp.sjtu.edu.cn # vim: set ft=yaml sw=2: diff --git a/roles/nginx/templates/apt-proxy.site.j2 b/roles/nginx/templates/apt-proxy.site.j2 new file mode 100644 index 0000000..8c19f4c --- /dev/null +++ b/roles/nginx/templates/apt-proxy.site.j2 @@ -0,0 +1,34 @@ +# +# /etc/nginx/sites-available/apt-proxy.site +# Nginx site: apt mirror proxy for LAN nodes +# + +server { + listen 80; + listen [::]:80; + + access_log /var/log/nginx/apt.access.log; + error_log /var/log/nginx/apt.error.log; + + allow {{ lan_network }}; + deny all; + + location /debian/ { + try_files $uri @mirror; + } + location /debian-security/ { + try_files $uri @mirror; + } + + location @mirror { + proxy_pass http://{{ apt_mirror }}; + proxy_next_upstream error timeout http_404; + proxy_set_header Host {{ apt_mirror }}; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + add_header X-Mirror-Upstream-Status $upstream_status; + add_header X-Mirror-Upstream-Response-Time $upstream_response_time; + add_header X-Mirror-Status $upstream_cache_status; + } +} |