aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--group_vars/master9
-rw-r--r--roles/nginx/templates/apt-proxy.site.j234
2 files changed, 40 insertions, 3 deletions
diff --git a/group_vars/master b/group_vars/master
index fae6302..8f2e02f 100644
--- a/group_vars/master
+++ b/group_vars/master
@@ -17,10 +17,11 @@ wan_if: eth1
# Interface attached to the cluster LAN
lan_if: eth0
# LAN IP for the master
-lan_ip: 192.168.1.254
+lan_ip: 192.168.233.254
-lan_dhcp_begin: 192.168.1.1
-lan_dhcp_end: 192.168.1.200
+lan_dhcp_begin: 192.168.233.1
+lan_dhcp_end: 192.168.233.200
+lan_network: 192.168.233.0/24
lan_netmask: 255.255.255.0
#
@@ -30,6 +31,8 @@ lan_netmask: 255.255.255.0
tftp_root: /srv/tftp
# Mirror from where to install packages (HTTP), and security updates.
+# This mirror will also be used as the "upstream" of the APT proxy
+# for LAN nodes.
apt_mirror: ftp.sjtu.edu.cn
# vim: set ft=yaml sw=2:
diff --git a/roles/nginx/templates/apt-proxy.site.j2 b/roles/nginx/templates/apt-proxy.site.j2
new file mode 100644
index 0000000..8c19f4c
--- /dev/null
+++ b/roles/nginx/templates/apt-proxy.site.j2
@@ -0,0 +1,34 @@
+#
+# /etc/nginx/sites-available/apt-proxy.site
+# Nginx site: apt mirror proxy for LAN nodes
+#
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ access_log /var/log/nginx/apt.access.log;
+ error_log /var/log/nginx/apt.error.log;
+
+ allow {{ lan_network }};
+ deny all;
+
+ location /debian/ {
+ try_files $uri @mirror;
+ }
+ location /debian-security/ {
+ try_files $uri @mirror;
+ }
+
+ location @mirror {
+ proxy_pass http://{{ apt_mirror }};
+ proxy_next_upstream error timeout http_404;
+ proxy_set_header Host {{ apt_mirror }};
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ add_header X-Mirror-Upstream-Status $upstream_status;
+ add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
+ add_header X-Mirror-Status $upstream_cache_status;
+ }
+}