Ncredir

From Wikitech-static
Jump to navigation Jump to search

Ncredir is the non canonical redirect service. Currently is implemented using acme-chief managed certificates + compile_redirects() + nginx.

Nginx is feed with two maps containing the redirection logic. The first map populates a variable called $override, and the second one a variable called $rewrite.

The first map populating $override is generated with the override stanzas contained in the redirects definition file, while the $rewrite map is populated with the funnel and rewrite stanzas from the definition file.

This mapping between the nc_redirects.dat file and nginx happens on puppet compilation time. So in the ncredir servers only nginx + the acme-chief managed certs are needed to run the service.

The nginx config can be found in /etc/nginx/sites-enabled/ncredir and the custom logs in /var/log/nginx/ncredir.http.log and /var/log/nginx/ncredir.https.log.

This service handles its own TLS termination, so it's not behind the cp cluster. It's directly exposed to live traffic using the high-traffic1 LVS via ncredir-lb.wikimedia.org geoDNS record that balances the traffic across:

  • ncredir-lb.codfw.wikimedia.org
  • ncredir-lb.eqiad.wikimedia.org