# Geo proxying for secondary sites **(PREMIUM SELF)**
# Geo proxying for secondary sites **(PREMIUM SELF)**
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5914) in GitLab 14.4 [with a flag](../../feature_flags.md) named `geo_secondary_proxy`. Disabled by default.
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5914) in GitLab 14.4 [with a flag](../../feature_flags.md) named `geo_secondary_proxy`. Disabled by default.
> - [Enabled by default for unified URLs](https://gitlab.com/gitlab-org/gitlab/-/issues/325732) in GitLab 14.5.
> - [Disabled by default for different URLs](https://gitlab.com/gitlab-org/gitlab/-/issues/325732) in GitLab 14.5 [with a flag](../../feature_flags.md) named `geo_secondary_proxy_separate_urls`.
FLAG:
FLAG:
On self-managed GitLab, this feature is only available by default for Geo sites using a unified URL. See below to
On self-managed GitLab, by default this feature is not available. See below to [Set up a unified URL for Geo sites](#set-up-a-unified-url-for-geo-sites).
[set up a unified URL for Geo sites](#set-up-a-unified-url-for-geo-sites).
The feature is not ready for production use.
The feature is not ready for production use with separate URLs.
Use Geo proxying to:
Use Geo proxying to:
...
@@ -68,10 +65,8 @@ a single URL used by all Geo sites, including the primary.
...
@@ -68,10 +65,8 @@ a single URL used by all Geo sites, including the primary.
In the Geo administration page of the **primary** site, edit each Geo secondary that
In the Geo administration page of the **primary** site, edit each Geo secondary that
is using the secondary proxying and set the `URL` field to the single URL.
is using the secondary proxying and set the `URL` field to the single URL.
Make sure the primary site is also using this URL.
Make sure the primary site is also using this URL.
## Disable Geo proxying
You can disable the secondary proxying on each Geo site, separately, by following these steps:
### Enable secondary proxying
1. SSH into each application node (serving user traffic directly) on your secondary Geo site
1. SSH into each application node (serving user traffic directly) on your secondary Geo site
and add the following environment variable:
and add the following environment variable:
...
@@ -82,7 +77,7 @@ You can disable the secondary proxying on each Geo site, separately, by followin
...
@@ -82,7 +77,7 @@ You can disable the secondary proxying on each Geo site, separately, by followin
```ruby
```ruby
gitlab_workhorse['env']={
gitlab_workhorse['env']={
"GEO_SECONDARY_PROXY"=>"0"
"GEO_SECONDARY_PROXY"=>"1"
}
}
```
```
...
@@ -92,34 +87,18 @@ You can disable the secondary proxying on each Geo site, separately, by followin
...
@@ -92,34 +87,18 @@ You can disable the secondary proxying on each Geo site, separately, by followin
gitlab-ctl reconfigure
gitlab-ctl reconfigure
```
```
1. SSH into one node running Rails on your primary Geo site and enable the Geo secondary proxy feature flag:
The asynchronous Geo replication can cause unexpected issues when secondary proxying is used, for accelerated
data types that may be replicated to the Geo secondaries with a delay.
For example, we found a potential issue where
[Replication lag introduces read-your-own-write inconsistencies](https://gitlab.com/gitlab-org/gitlab/-/issues/345267).
If the replication lag is high enough, this can result in Git reads receiving stale data when hitting a secondary.
Non-Rails requests are not proxied, so other services may need to use a separate, non-unified URL to ensure requests
are always sent to the primary. These services include:
- GitLab Container Registry - [can be configured to use a separate domain](../../packages/container_registry.md#configure-container-registry-under-its-own-domain).
- GitLab Pages - should always use a separate domain, as part of [the prerequisites for running GitLab Pages](../../pages/index.md#prerequisites).
## Features accelerated by secondary Geo sites
## Features accelerated by secondary Geo sites
Most HTTP traffic sent to a secondary Geo site can be proxied to the primary Geo site. With this architecture,
Most HTTP traffic sent to a secondary Geo site can be proxied to the primary Geo site. With this architecture,
@@ -26,7 +26,6 @@ If you installed GitLab using the Omnibus packages (highly recommended):
...
@@ -26,7 +26,6 @@ If you installed GitLab using the Omnibus packages (highly recommended):
1.[Configure GitLab](../replication/configuration.md) to set the **primary** and **secondary** site(s).
1.[Configure GitLab](../replication/configuration.md) to set the **primary** and **secondary** site(s).
1. Optional: [Configure a secondary LDAP server](../../auth/ldap/index.md) for the **secondary** site(s). See [notes on LDAP](../index.md#ldap).
1. Optional: [Configure a secondary LDAP server](../../auth/ldap/index.md) for the **secondary** site(s). See [notes on LDAP](../index.md#ldap).
1. Follow the [Using a Geo Site](../replication/usage.md) guide.
1. Follow the [Using a Geo Site](../replication/usage.md) guide.
1.[Configure Geo secondary proxying](../secondary_proxy/index.md) to use a single, unified URL for all Geo sites. This step is recommended to accelerate most read requests while transparently proxying writes to the primary Geo site.