[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: cdn: Change default behavior to not cache.
|
From: |
Chris Marusich |
|
Subject: |
01/03: cdn: Change default behavior to not cache. |
|
Date: |
Sat, 12 Jan 2019 02:27:51 -0500 (EST) |
marusich pushed a commit to branch master
in repository maintenance.
commit a3166ddcf82150cb7563942e916a0a494fcf9670
Author: Chris Marusich <address@hidden>
Date: Fri Jan 11 22:21:04 2019 -0800
cdn: Change default behavior to not cache.
* cdn/terraform/cloudfront.tf (locals) <do_not_cache_behavior>: New
variable.
(berlin-mirror) <default_cache_behavior>: Use the new
do_not_cache_behavior.
(origin) <empty-origin>: Remove it.
* cdn/README.org: Remove the section explaining that Cuirass will no
longer be accessible via ci.guix.info.
---
cdn/README.org | 7 -------
cdn/terraform/cloudfront.tf | 40 +++++++++++++++++++++++++++++-----------
2 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/cdn/README.org b/cdn/README.org
index 3f04179..2ab4161 100644
--- a/cdn/README.org
+++ b/cdn/README.org
@@ -324,13 +324,6 @@ https://guix.signin.aws.amazon.com/console
* Deployment Plan
-** Cuirass will no longer be accessible via ci.guix.info
-
-The CloudFront distribution will only serve substitutes. This means
-that after the deployment, it will not be possible to access Cuirass
-via ci.guix.info. Those needing to access Cuirass on the berlin build
-farm will still be able to access it directly via berlin.guixsd.org.
-
** DNS
For information about how Guix has configured its DNS, please contact
diff --git a/cdn/terraform/cloudfront.tf b/cdn/terraform/cloudfront.tf
index 533b08a..c4a6f57 100644
--- a/cdn/terraform/cloudfront.tf
+++ b/cdn/terraform/cloudfront.tf
@@ -35,6 +35,31 @@ locals {
# In the future, we should consider changing this to "https-only".
viewer_protocol_policy = "allow-all"
}
+ # Like the default behavior, but forward everything, and cache
+ # nothing. The CloudFront documentation says that to disable
+ # caching, it is sufficient to forward all headers and set the
+ # minimum TTL to 0, but we just forward everything and set all the
+ # TTLs to 0 for good measure. See:
+ #
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
+ do_not_cache_behavior = {
+ allowed_methods = ["GET", "HEAD"]
+ # This list is not allowed to be empty. See:
+ #
https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CachedMethods.html
+ cached_methods = ["GET", "HEAD"]
+ compress = false
+ # Forward all cookies, headers, and query strings.
+ forwarded_values = [{
+ cookies = [{ forward = "all" }]
+ headers = ["*"]
+ query_string = true
+ }]
+ # Always serve the latest content from the origin.
+ default_ttl = 0
+ max_ttl = 0
+ min_ttl = 0
+ target_origin_id = "berlin.guixsd.org"
+ viewer_protocol_policy = "allow-all"
+ }
}
resource "aws_cloudfront_distribution" "berlin-mirror" {
@@ -53,10 +78,6 @@ resource "aws_cloudfront_distribution" "berlin-mirror" {
origin_read_timeout = 60
}
}
- origin {
- domain_name =
"${aws_s3_bucket.guix-empty-bucket.bucket_regional_domain_name}"
- origin_id = "empty-origin"
- }
# The CNAME that will point to this CloudFront distribution.
aliases = ["ci.guix.info"]
is_ipv6_enabled = true
@@ -70,13 +91,10 @@ resource "aws_cloudfront_distribution" "berlin-mirror" {
# When deleting the distribution, actually delete it. See:
#
https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#retain_on_delete
retain_on_delete = false
- # Fail all requests by default.
- default_cache_behavior = [
- "${merge(
- local.default_behavior,
- map("target_origin_id", "empty-origin")
- )}"
- ]
+ # By default, don't cache anything. This is useful because on
+ # berlin.guixsd.org, we run Cuirass, which has many URLs we don't
+ # want to cache.
+ default_cache_behavior = ["${local.do_not_cache_behavior}"]
# Cache all the relevant paths published by "guix publish". See
# guix/scripts/publish.scm in the Guix source for details.
ordered_cache_behavior = [