Use mod_cache_disk on security-tracker

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index d8d23a3..ffd3261 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -3,6 +3,10 @@ class roles::security_tracker {
        include apache2::proxy_http
        include apache2::expires
 
+       apache2::module { 'mod_cache_disk':
+               ensure => present,
+       }
+
        # security-tracker abusers
        #  66.170.99.1  20180706 excessive number of requests
        #  66.170.99.2  20180706 excessive number of requests

diff --git a/modules/roles/templates/apache-security-tracker.debian.org.conf.erb b/modules/roles/templates/apache-security-tracker.debian.org.conf.erb
index 1f9cb0e..f13ddd4 100644 (file)
--- a/modules/roles/templates/apache-security-tracker.debian.org.conf.erb
+++ b/modules/roles/templates/apache-security-tracker.debian.org.conf.erb
@@ -12,6 +12,15 @@ Use common-debian-service-https-redirect * security-tracker.debian.org
                UserDir disabled
        </IfModule>
 
+       <IfModule mod_cache_disk.c>
+               CacheEnable disk /
+               # Keep serving stale entities for up to 10 seconds while
+               # they're being refreshed
+               CacheLock on
+               CacheLockPath /var/lock/apache2/mod_cache
+               CacheLockMaxAge 10
+       </IfModule>
+
        LogLevel warn
        ErrorLog /var/log/apache2/security-tracker.debian.org-error.log
        CustomLog /var/log/apache2/security-tracker.debian.org-access.log privacyssl