Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm

To: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
Cc: "linus@glasklarteknik.se" <linus@glasklarteknik.se>, "Kiszka, Jan" <jan.kiszka@siemens.com>, "debian-snapshot@lists.debian.org" <debian-snapshot@lists.debian.org>
Subject: Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
From: Philipp Kern <pkern@debian.org>
Date: Thu, 21 Nov 2024 10:23:09 +0100
Message-id: <[🔎] 81e1cfa7-88a1-4e78-82ec-7424b73dfc5c@debian.org>
In-reply-to: <[🔎] e5abe956315b8ffbbf02e006231719f25dd6324f.camel@siemens.com>
References: <[🔎] 20241115132712.892433-1-felix.moessbauer@siemens.com> <[🔎] 65413efd-1b96-4a05-ad3e-58464c655a99@debian.org> <[🔎] 370843195a6c1b464d308a888e8acb9f2d549eaf.camel@siemens.com> <[🔎] 14b610b8-ce10-4ade-8dfa-87eb59b165f0@debian.org> <[🔎] 4c65d83c9110241f91f4ede7dd4b469cad30b356.camel@siemens.com> <[🔎] 485c7c79-79bb-4822-bbde-e341259d97c8@debian.org> <[🔎] d2f36d072d53c906f1f4bcd53f313f143fe90686.camel@siemens.com> <[🔎] 7e33553a-a410-41bc-975f-b2f5ec42ae5a@debian.org> <[🔎] 34d031c7c6f28f25f782f4df9dd2fff9e014950d.camel@siemens.com> <[🔎] 46b4e84c7d4f89adaf788f13ddccba64@debian.org> <[🔎] 8c5925a4efe8176675adcf4daad95f739c77524c.camel@siemens.com> <[🔎] a394bb65-8a3b-47b8-a7c6-ee481f649380@debian.org> <[🔎] e5abe956315b8ffbbf02e006231719f25dd6324f.camel@siemens.com>

On 11/21/24 9:30 AM, MOESSBAUER, Felix wrote:
>> Fastly matches on UA and inserts a header "X-Download-Directly: yes"
>> if
>> the UA is apt-cacher-ng, otherwise it will send "X-Download-Directly:
>> no". We sent a "Vary: X-Download-Directly" back.
> 
> If you take care of the Fastly part, I'll update the local varnish VCL
> rules to handle the X-Download-Directly (I'll send the patch to this ML
> by EO today).

I'm not a service owner to apply the change, but I already worked on the
Fastly bits yesterday.

Relevant VCL (although definitions in Fastly are YAML for ~reasons):

>   if (!req.http.X-Download-Directly) {
>       set req.http.X-Download-Directly = "no";
>               }
[...]
>   if( req.http.User-Agent ~ "Apt-Cacher-NG/.+" ) {
>   # Header rewrite X-Download-Directly for apt-cacher-ng : 10
>         set req.http.X-Download-Directly = "yes";
>       }
(From the VCL it looks like I could've also set Fastly-Vary-String, but
given that the webapp needs to do different things, relying on Vary
makes more sense to me.)

[1] is now live.

> 
>>
>> The general guidance from Fastly[1] is to narrow the Vary header
>> content
>> down to a few cache keys. That'd be two. I think that'd be fine, as
>> it'd
>> only apply to files fetched by apt-cacher-ng where the caching would
>> then be worse. But that's better than being broken. And we could
>> still
>> patch apt-cacher-ng and fix it for the future - although then it'd be
>> cool if there would be a sane way to match on the UA to identify
>> fixed
>> versions. Like "apt-cacher-ng/version allow-redirects". =)
> 
> The patch is already available, it just needs a proposed update upload:
> https://lists.debian.org/debian-snapshot/2024/10/msg00010.html

That'd need a bookworm-pu bug against release.debian.org for
consideration by the release managers first.

> Anyways, that's on your end. My rules will only care about the X-
> Download-Directly header.
Ack. :)

Kind regards
Philipp Kern

[1]
https://salsa.debian.org/dsa-team/mirror/cdn-fastly/-/commit/278e5d7d79a069e2d655bd71ebaf23e56d67e49f

Reply to:

References:
- [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Felix Moessbauer <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: Philipp Kern <pkern@debian.org>
- Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
  - From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>

Prev by Date: Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
Next by Date: [PATCH v3 2/2] snapshot::web Only internally redirect if requested
Previous by thread: Re: [PATCH 1/1] snapshot::web Fix internal redirects to farm
Next by thread: [Git][snapshot-team/snapshot][master] 4 commits: cache 302 redirects to farm much longer
Index(es):
- Date
- Thread