gw1/squid: Allow pxe.p.b via HTTPS
Now that Kickstart files are hosted on _pxe.pyrocufflink.blue_, we can allow access to that entire (sub-)domain, enabling clients to fetch the files over HTTPS. Previously, this was not possible because in order to allow access to Kickstart files but nothing else on Gitea, we had to rely on full URL matching.
This commit is contained in:
@@ -35,7 +35,8 @@ squid_acl:
|
||||
kickstart:
|
||||
- url_regex rosalina.pyrocufflink.blue/~dustin/kickstart/.*\.ks$
|
||||
- url_regex git.pyrocufflink.net/infra/kickstart/raw/.*/.*\.ks$
|
||||
- url_regex pxe.pyrocufflink.blue/kickstart/.*/.*\.ks$
|
||||
pxe:
|
||||
- dstdomain pxe.pyrocufflink.blue
|
||||
fcos_updates:
|
||||
- dstdomain d2uk5hbyrobdzx.cloudfront.net
|
||||
- dstdomain ostree.fedoraproject.org
|
||||
@@ -83,6 +84,7 @@ squid_http_access:
|
||||
- allow localnet grafana_rpm
|
||||
- allow google_fonts
|
||||
- allow trusted kickstart
|
||||
- allow trusted pxe
|
||||
- allow trusted dch_repo
|
||||
- allow trusted ghcr
|
||||
- allow trusted gitea
|
||||
|
||||
Reference in New Issue
Block a user