Don't apply security.require-https to intracluster requests
Summary: Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a `SiteConfig`. On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests. Also document a lot of stuff. Test Plan: Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on `secure`. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10784 Differential Revision: https://secure.phabricator.com/D15696
This commit is contained in:
epriestley
@@ -301,6 +301,18 @@ it says to do:
|
||||
|
||||
TODO: Make `bin/storage dump` replica-aware. See T10758.
|
||||
|
||||
With recent versions of MySQL, it is also possible to configure a //delayed//
|
||||
replica which intentionally lags behind the master (say, by 12 hours). In the
|
||||
event of a bad mutation, this could give you a larger window of time to
|
||||
recognize the issue and recover the lost data from the delayed replica (which
|
||||
might be quick) without needing to restore backups (which might be very slow).
|
||||
|
||||
Delayed replication is outside the scope of this document, but may be worth
|
||||
considering as an additional data security step on top of backup snapshots
|
||||
depending on your resources and needs. If you configure a delayed replica, do
|
||||
not add it to the `cluster.databases` configuration: Phabricator should never
|
||||
send traffic to it, and does not need to know about it.
|
||||
|
||||
|
||||
Next Steps
|
||||
==========
|
||||
|
||||
Reference in New Issue
Block a user