From 0b8a5e4fda750e200ea522e7f53475fa74b02da6 Mon Sep 17 00:00:00 2001 From: Jesse Dohmann Date: Wed, 20 Jul 2022 13:01:57 -0500 Subject: [PATCH] BZ2102230: change rhcos redirector url --- modules/configuring-firewall.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/configuring-firewall.adoc b/modules/configuring-firewall.adoc index 4322ccc44cd5..c9475a0c64bb 100644 --- a/modules/configuring-firewall.adoc +++ b/modules/configuring-firewall.adoc @@ -46,13 +46,13 @@ There are no special configuration considerations for services running on only c |443, 80 |The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com` -|`rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com` +|`rhcos.mirror.openshift.com` |443, 80 |Provides {op-system-first} images |=== + -You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn0[1-3].quay.io` and `rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com` in your allowlist. +You can use the wildcards `\*.quay.io` and `*.mirror.openshift.com` instead of `cdn0[1-3].quay.io` and `rhcos.mirror.openshift.com` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`. . Allowlist any site that provides resources for a language or framework that your builds require.