[02:36:12] 10Traffic, 10Okapi [Wikimedia Enterprise], 10Platform Engineering, 10SRE: Securely connect Wikimedia Enterprise Infrastructure with WMF Kafka Streams - https://phabricator.wikimedia.org/T280628 (10RBrounley_WMF) Update here - we are onboarding folks at the current moment - DevOps focused Sr Software Engine... [08:38:13] 10Traffic, 10SRE: Enable UDS support on varnish - https://phabricator.wikimedia.org/T285374 (10Vgutierrez) [10:33:05] 10Traffic, 10SRE, 10Patch-For-Review: Enable UDS support on varnish - https://phabricator.wikimedia.org/T285374 (10Vgutierrez) p:05Triage→03Medium this seemed an innocent change but it effectively forces the update from VCL 4.0 to 4.1: From varnish documentation: ` When UDS listeners are in use, VCL >= 4... [11:18:45] something is really wrong with curl PROXY protocol support [11:19:00] according to its own verbose mode it's trying to send "PROXY TCP4 /run/varnish-frontend.socket 0 0" [11:19:14] *sigh* [11:22:18] port 0 could be ok.. but /run/varnish-frontend.socket instead of a IPv4 IP seems just wrong [11:33:47] ok.. it just works as expected when connecting to your typical TCP socket, not when using UDS :( [11:59:42] 10Traffic, 10Maps, 10Product-Infrastructure-Team-Backlog, 10SRE, 10Epic: Support maps serving for affiliate sites via an allow list - https://phabricator.wikimedia.org/T261694 (10valerio.bozzolan) > Error: 403, Forbidden: Map tiles are restricted to Wikimedia & affiliated sites only. Please post on https... [12:57:02] 10Traffic, 10SRE, 10Patch-For-Review: Enable UDS support on varnish - https://phabricator.wikimedia.org/T285374 (10Vgutierrez) Initial testing in our labs environment shows that curl doesn't play well with PROXY protocol **and** unix domain sockets: ` root@traffic-cache-atsupload-buster:~# curl --haproxy-pro... [16:46:51] 10Traffic, 10Maps, 10Product-Infrastructure-Team-Backlog, 10SRE, 10Epic: Support maps serving for affiliate sites via an allow list - https://phabricator.wikimedia.org/T261694 (10AntiCompositeNumber) >>! In T261694#7172223, @valerio.bozzolan wrote: > Edited: I think that these domains could be whiteliste...