summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2015-08-29 15:45:56 +0200
committerHolger Levsen <holger@layer-acht.org>2015-08-29 15:45:56 +0200
commit3aa44cbb40d81bc317576a5631a890fbd87d2071 (patch)
treef8c9822bd5a687c9dadb96558dc1ac1454cccf5e
parente5c2841c37250d849b0f1ee1551689c6d6daef53 (diff)
downloadjenkins.debian.net-3aa44cbb40d81bc317576a5631a890fbd87d2071.tar.xz
reproducible: use ssl cert for reproducible-builds.org donated by lamby
-rw-r--r--hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net29
-rw-r--r--hosts/jenkins/etc/apache2/ssl/startcom.crt34
2 files changed, 56 insertions, 7 deletions
diff --git a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
index 50e7f944..af07ca90 100644
--- a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
+++ b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
@@ -32,9 +32,9 @@ NameVirtualHost *:443
</VirtualHost>
</Macro>
-<Macro common-directives $name>
+<Macro common-directives $name $chainfile>
SSLEngine on
- SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
+ SSLCertificateChainFile /etc/apache2/ssl/$chainfile
ServerName $name
ServerAdmin holger@layer-acht.org
@@ -92,7 +92,7 @@ Use common-debian-service-https-redirect reproducible.debian.net
Use common-debian-service-https-redirect reproducible-builds.org
<VirtualHost *:443>
- Use common-directives jenkins.debian.net
+ Use common-directives jenkins.debian.net gsdomainvalsha2g2r1.crt
SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
DocumentRoot /var/www
@@ -133,9 +133,6 @@ Use common-debian-service-https-redirect reproducible-builds.org
RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
- # redirects reproducible-builds.org to https://reproducible.debian.net
- RewriteCond %{HTTP_HOST} reproducible-builds\.org
- RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
<Proxy *>
Require all granted
@@ -156,7 +153,7 @@ Use common-debian-service-https-redirect reproducible-builds.org
<VirtualHost *:443>
- Use common-directives reproducible.debian.net
+ Use common-directives reproducible.debian.net gsdomainvalsha2g2r1.crt
SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
DocumentRoot /var/lib/jenkins/userContent/reproducible
@@ -293,3 +290,21 @@ Use common-debian-service-https-redirect reproducible-builds.org
</Proxy>
</VirtualHost>
+
+<VirtualHost *:443>
+ Use common-directives reproducible-builds.org startcom.crt
+ SSLCertificateFile /etc/apache2/ssl/reproducible-builds.org.pem
+
+ DocumentRoot /var/lib/jenkins/userContent/reproducible
+
+ # redirects reproducible-builds.org to https://reproducible.debian.net except for /specs/ and /howto/
+ RewriteCond %{HTTP_HOST} reproducible-builds\.org
+ RewriteCond %{REQUEST_URI} !^/specs/$
+ RewriteCond %{REQUEST_URI} !^/howto/$
+ RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
+
+ <Proxy *>
+ Require all granted
+ </Proxy>
+</VirtualHost>
+
diff --git a/hosts/jenkins/etc/apache2/ssl/startcom.crt b/hosts/jenkins/etc/apache2/ssl/startcom.crt
new file mode 100644
index 00000000..dbaeda6a
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/ssl/startcom.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
+EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
+Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1
+NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
+BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
+BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I
+PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV
+sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k
+s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125
+w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH
+M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp
+Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
+AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
+Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
+I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
+OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
+b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw
+tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u
+agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs
+BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy
+36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn
+cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy
+T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6
+4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV
+iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA
+7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u
+y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR
+RNvbaAxIU4U67YaZSw==
+-----END CERTIFICATE-----