Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
infra
infra
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 70
    • Issues 70
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards
  • alpine
  • infra
  • infrainfra
  • Issues
  • #9194

Closed
Open
Opened Aug 06, 2018 by Daniel Hahler@blueyed

Problems with dl-cdn.alpinelinux.org: redirect to https via Squid (results in 404)

  1. I have noticed that “curl -I http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.g
    z” redirects to “https://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz”, but only when using a local Squid http cache!
    The redirection target results in a 404 then.

  2. When trying to access https://dl-cdn.alpinelinux.org in general, you will get a certificate error:

% curl https://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz
curl: (51) SSL: no alternative certificate subject name matches target host name ‘dl-cdn.alpinelinux.org’

  1. On https://wiki.alpinelinux.org/wiki/Alpine\_Linux:Mirrors there is a link to http://rsync.alpinelinux.org/alpine/MIRRORS.txt, which appears to redirect to https://dl-cdn.alpinelinux.org/alpine/MIRRORS.txt (404).

The most puzzling part is 1. though - it appears to really be related to using Squid, even with
“forwarded_for transparent” and “via off”.

I’ve tried to look at what happens with https://github.com/yinqiwen/gsnova between dl-cdn and Squid to some mixed avail - I think without “forwarded_for transparent” and “via off” it would still redirect, but with those options enabled (to hide that Squid is used) it worked better (it does not redirect to https/404), but resulted in i/o timeout, e.g. “apk update” fails:

fetch http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.8/main: BAD signature

I’ve used the following to use gsnova as parent proxy:

cache_peer 127.0.0.1 parent 23128 0 no-query no-digest
never_direct allow all

(from redmine: issue id 9194, created on 2018-08-06, closed on 2018-08-07)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/infra/infra#9194