From 80c27e7eac20cb41ae449409e79a5d8ecee4bb11 Mon Sep 17 00:00:00 2001 From: rosalie Date: Thu, 14 Jul 2022 13:24:22 +0200 Subject: [PATCH 1/2] Revert "Revert "production: use mw 0.10.6 (#419)"" This reverts commit 51420923e2cd785c491da3a5bd4be932e60bf2a4. --- .../env/production/mediawiki-137-fp.values.yaml.gotmpl | 4 ++-- k8s/helmfile/helmfile.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/k8s/helmfile/env/production/mediawiki-137-fp.values.yaml.gotmpl b/k8s/helmfile/env/production/mediawiki-137-fp.values.yaml.gotmpl index 07110d1d..43e90314 100644 --- a/k8s/helmfile/env/production/mediawiki-137-fp.values.yaml.gotmpl +++ b/k8s/helmfile/env/production/mediawiki-137-fp.values.yaml.gotmpl @@ -4,6 +4,8 @@ replicaCount: webapi: 2 alpha: 1 mw: + settings: + allowedProxyCidr: "10.108.0.0/14" db: replica: sql-mariadb-secondary.default.svc.cluster.local master: sql-mariadb-primary.default.svc.cluster.local @@ -67,5 +69,3 @@ resources: limits: cpu: 1000m memory: 1200Mi -image: - tag: 1.37-7.4-20220603-fp-beta-0 diff --git a/k8s/helmfile/helmfile.yaml b/k8s/helmfile/helmfile.yaml index e274da8f..011026ad 100644 --- a/k8s/helmfile/helmfile.yaml +++ b/k8s/helmfile/helmfile.yaml @@ -138,7 +138,7 @@ releases: - name: mediawiki-137-fp namespace: default chart: wbstack/mediawiki - version: '{{ if eq .Environment.Name "production" }}0.10.5{{ else }}0.10.6{{ end }}' + version: 0.10.6 values: - "env/{{ .Environment.Name }}/mediawiki-137-fp.values.yaml.gotmpl" From 28fc1884433f96a668f8d1574616349d679a0e77 Mon Sep 17 00:00:00 2001 From: rosalie Date: Thu, 14 Jul 2022 13:27:56 +0200 Subject: [PATCH 2/2] prod: fix nginx XFF header --- k8s/helmfile/env/production/platform-nginx.nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/helmfile/env/production/platform-nginx.nginx.conf b/k8s/helmfile/env/production/platform-nginx.nginx.conf index f41afe70..a6bcd6e1 100644 --- a/k8s/helmfile/env/production/platform-nginx.nginx.conf +++ b/k8s/helmfile/env/production/platform-nginx.nginx.conf @@ -30,7 +30,7 @@ server { # IP range matches current kubernetes pod IPs set_real_ip_from 10.0.0.0/14; real_ip_header X-Forwarded-For; - proxy_set_header X-Forwarded-For "$http_x_forwarded_for, $realip_remote_addr"; + proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for"; client_max_body_size 1m;