Default user for backup has been changed from `backup` to `borg`.
User `backup` is now a system user on Debian testing. After each upgrade
involving related pacakges (pam?) our `backup` user is overwritten by
the Debian system one.
Also the default repositories folder has been changed from
`/home/backup/repos` to `/home/borg/repos`.
To adapt our existing infrastructure, after moving all the repos for all
the servers, some metadata (cache probably) need to be updated.
This update is done automatically when creating a new archvie if we set
the environment variable `BORG_RELOCATED_REPO_ACCESS_IS_OK` to `yes`.
Our backup script has been adapted to set this env variable to `yes`,
then we run a first run of backup on each host, afterwards we changed
the env variable in all backup scripts again to `no`.
Setting `reverse_proxy_proxy_protocol: true` and
`nginx_proxy_protocol: true` in nginx roles enable the forwarding of
the original connection address from the reverse_proxy to the target
nginx instance, using the established TCP PROXY PROTOCOL (adding a TCP
header, so working also for TLS connections that are not terminated at
the reverse proxy).
**Warning**
The `reverse_proxy_proxy_protocol` settings acts globally on the
reverse proxy nodes, so every virtual server on the reverse proxy must
accept and correctly handle proxy protocol headers.
This settings must be the same for every host sharing the same reverse
proxy, otherwise the setting will be changed globally at every run.
To avoid excessive consumption of UDP port that seems to be detected
and blocked by SIAF upstream firewall.
Only loopback relay is permitted, so the only TURN Topology allowed
is:
Forward:
Client 1 <--TURN--> (udp/88) Server <--RTP--> Server (udp/88) <--TURN--> Client 2
Topologies like:
Client 1 <--TURN--> (udp/88) Server (udp/>10000) <--RTP--> Client 2
Are not allowed.
