Merge pull request #85 from hic-infra/curl

Replace internal proxy pass with curl

reverse_proxy/molecule/default/converge.yml

@@ -39,6 +39,38 @@
           - build-essential
         install_recommends: false
 
+    - name: install ClamAV for a more proper test
+      become: true
+      apt:
+        name:
+          - clamav
+        install_recommends: false
+      register: clamav_install
+
+    - name: Create an EICAR signature db for ClamAV
+      copy:
+        # This is the sha256 with file length and a name
+        content: |
+          131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267:69:eicar
+        dest: /tmp/clamav.hdb
+      when: clamav_install.changed
+
+    - name: create faux sophos-spl installation
+      become: true
+      file:
+        state: directory
+        recurse: true
+        dest: /opt/sophos-spl/plugins/av/bin
+
+    - name: create a faux avscanner tool
+      become: true
+      copy:
+        content: |
+          #!/bin/bash
+          /usr/bin/clamscan -d /tmp/clamav.hdb $1
+        dest: /opt/sophos-spl/plugins/av/bin/avscanner
+        mode: u+rwx,g+rx,o+rx
+
     - name: download conda for testing
       get_url:
         # ansible_arch is likely either x86_64 or aarch64 which is the same naming format as miniconda uses.

reverse_proxy/templates/generic.conf.j2

@@ -5,7 +5,13 @@ server {
   # Internal only endpoint for performing a proxy pass to the cran mirror.
   location /{{ generic_name }}-fetch {
     internal;
-    proxy_pass {{ upstream_endpoint }};
+    rewrite_by_lua_block {
+      local uri = ngx.var.uri:gsub("{{ generic_name }}%-fetch", "")
+      local curl = io.popen("/usr/bin/curl \"{{ upstream_endpoint }}" .. uri .. "\"")
+      ngx.print(curl:read('*a'))
+      curl:close();
+      ngx.exit(ngx.HTTP_OK)
+    }
   }
 
   # Define an EICAR endpoint for verifying that the reverse proxy is