From 5c50f89d73bd4dcc86af2a059e13056bc9c0f27e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Jan 24 2024 22:32:28 +0000
Subject: proxies: just stop exposing 8080 on proxies


This is pretty harmless. It's the haproxy stats page, but
we get questions about it and people don't like that it's
there. There's also no reason to keep it open as we normally
access this via a proxy.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

---

diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index 035d76c..e7a4f7a 100644
--- a/inventory/group_vars/proxies
+++ b/inventory/group_vars/proxies
@@ -72,12 +72,6 @@ tcp_ports: [
   6443,
   # This is for RabbitMQ internal-public access
   15671,
-  # This is for the haproxy HTML stats page
-  # TODO -- there's no need for this to be wide open to the world.  With this
-  # in place, you can visit https://apps.fedoraproject.org:8080 and get the
-  # haproxy stats page.  We should close this and just have admins go through
-  # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1
-  8080,
   # This is for TOTP
   8443,
   # For fedmsg websocket server over stunnel
diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg
index b34ab8e..929afb9 100644
--- a/inventory/group_vars/proxies_stg
+++ b/inventory/group_vars/proxies_stg
@@ -61,12 +61,6 @@ tcp_ports: [
   6443,
   # This is for RabbitMQ internal-public access
   15671,
-  # This is for the haproxy HTML stats page
-  # TODO -- there's no need for this to be wide open to the world.  With this
-  # in place, you can visit https://apps.fedoraproject.org:8080 and get the
-  # haproxy stats page.  We should close this and just have admins go through
-  # the apache reverseproxy at https://admin.fedoraproject.org/haproxy/proxy1
-  8080,
   # This is for TOTP
   8443,
   # For fedmsg websocket server over stunnel