3caf4784041fd2dbb2006cf8bdd2db2b86ee1569
services/Anycast-Wiki.md
| ... | ... | @@ -1,23 +1,23 @@ |
| 1 | 1 | ## Distributed wiki sites |
| 2 | 2 | |
| 3 | 3 | The idea is to deploy the mirrors across dn42 using [anycast](https://en.wikipedia.org/wiki/Anycast) addressing (BGP), thus providing redundancy, load-balancing and improved access times for the site. |
| 4 | -The local webserver is monitored with a simple shell script (below) working in conjuction with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down. |
|
| 4 | +The local webserver is monitored with a simple shell script (below) [working in conjuction](https://wiki.dn42/services/Anycast-Wiki#distributed-wiki-sites_exabgp) with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down. |
|
| 5 | 5 | |
| 6 | 6 | ### Network |
| 7 | 7 | |
| 8 | - * Install wiki anycast address `172.23.0.80/32` on the system |
|
| 9 | - * Setup tunnel(s) to the dn42 network (routing daemon not required) |
|
| 8 | + - Install wiki anycast address `172.23.0.80/32` on the system |
|
| 9 | + - Setup tunnel(s) to the dn42 network (routing daemon not required) |
|
| 10 | 10 | |
| 11 | 11 | ### Setup gollum |
| 12 | 12 | |
| 13 | - * Install [gollum](https://github.com/gollum/gollum) |
|
| 14 | - * Clone the dn42 wiki repo: |
|
| 13 | + - Install [gollum](https://github.com/gollum/gollum) |
|
| 14 | + - Clone the dn42 wiki repo: |
|
| 15 | 15 | |
| 16 | 16 | `git clone ssh://[email protected]/dn42/wiki <path>` |
| 17 | 17 | |
| 18 | - * Setup cron for periodic pull/push jobs for the repo |
|
| 19 | - * Generate a [CSR](/services/Certificate-Authority) and send to `[email protected]`. Wait for a reply containing internal.dn42/wiki.dn42 certificates. |
|
| 20 | - * Start two gollum instances, read-only and editing on `127.0.0.1`: |
|
| 18 | + - Setup cron for periodic pull/push jobs for the repo |
|
| 19 | + - Generate a [CSR](/services/Certificate-Authority) and send to `[email protected]`. Wait for a reply containing internal.dn42/wiki.dn42 certificates. |
|
| 20 | + - Start two gollum instances, read-only and editing on `127.0.0.1`: |
|
| 21 | 21 | |
| 22 | 22 | Read/write (SSL access only): |
| 23 | 23 | ``` |
| ... | ... | @@ -30,7 +30,12 @@ gollum --css <path>/custom.css --gollum-path <path> --host 127.0.0.1 --port 456 |
| 30 | 30 | |
| 31 | 31 | ### Nginx proxy |
| 32 | 32 | |
| 33 | -##### /etc/nginx/sites-enabled/wiki.dn42: |
|
| 33 | +A custom header `X-SiteID` identifies the site you're connecting to: |
|
| 34 | + |
|
| 35 | + + X-SiteID: `AS number`-`ISO country code` |
|
| 36 | + |
|
| 37 | + |
|
| 38 | +##### Config example |
|
| 34 | 39 | |
| 35 | 40 | ``` |
| 36 | 41 | ssl_protocols TLSv1.2 TLSv1.1 TLSv1; |
| ... | ... | @@ -48,6 +53,7 @@ server { |
| 48 | 53 | listen 172.23.0.80:80 default; |
| 49 | 54 | |
| 50 | 55 | add_header strict-transport-security "max-age=0; includeSubDomains"; |
| 56 | + add_header X-SiteID '<aut-num>-<cc>'; |
|
| 51 | 57 | |
| 52 | 58 | location / { |
| 53 | 59 | location =/robots.txt { root <path>/wiki.dn42/; } |
| ... | ... | @@ -70,6 +76,7 @@ server { |
| 70 | 76 | |
| 71 | 77 | add_header strict-transport-security "max-age=0; includeSubDomains"; |
| 72 | 78 | add_header Public-Key-Pins 'pin-sha256="mJ1xUCzfru8Ckq2+M6VkNKGOGgSETImRAHBF24mjalw="; pin-sha256="/gOyi7syRMR+d2jZoB/MzcSD++8ciZkSl/hZAQgzWws="; max-age=0; includeSubDomains'; |
| 79 | + add_header X-SiteID '<aut-num>-<cc>'; |
|
| 73 | 80 | |
| 74 | 81 | location / { |
| 75 | 82 | location =/robots.txt { root <path>/wiki.dn42/; } |