summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattia Rizzolo <mattia@mapreri.org>2015-01-10 19:41:14 +0100
committerHolger Levsen <holger@layer-acht.org>2015-01-11 00:32:34 +0000
commit6ad0818abb837ea81954cea57a3d004df4bb3877 (patch)
tree5825cf15de320e016a93dbb1bb58c69223f4a77a
parent4204c59383161fe1889a5fef277b9473c9475c85 (diff)
downloadjenkins.debian.net-6ad0818abb837ea81954cea57a3d004df4bb3877.tar.xz
apache: use mod-macro to reduce the code duplication. This should also fix some redirection issues. Moreover, this cleans the code
-rw-r--r--etc/apache2/sites-available/jenkins.debian.net143
-rwxr-xr-xupdate_jdn.sh3
2 files changed, 34 insertions, 112 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net
index a0f843d5..48feec5a 100644
--- a/etc/apache2/sites-available/jenkins.debian.net
+++ b/etc/apache2/sites-available/jenkins.debian.net
@@ -1,14 +1,23 @@
NameVirtualHost *:80
-<VirtualHost *:80>
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteCond %{REMOTE_ADDR} !127.0.0.1
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+NameVirtualHost *:443
+
+<Macro common-debian-service-https-redirect $name>
+ <VirtualHost *:80>
+ ServerName $name
+ ServerAdmin holger@layer-acht.org
+ CustomLog /var/log/apache2/access.log combined
+ ErrorLog /var/log/apache2/error.log
+ Redirect permanent / https://$name/
+ </VirtualHost>
+</Macro>
+
+<Macro common-directives $name>
+ SSLEngine on
+ SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
- ServerName jenkins.debian.net
+ ServerName $name
ServerAdmin holger@layer-acht.org
- DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
@@ -18,28 +27,21 @@ NameVirtualHost *:80
AllowOverride None
Order allow,deny
allow from all
+ AddType text/plain .log
</Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
+ <Directory /var/lib/jenkins/userContent>
+ Options Indexes FollowSymLinks MultiViews
AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
+ allow from all
+ AddType text/plain .log
</Directory>
+ RewriteEngine on
ProxyRequests Off
- <Proxy *>
- Order deny,allow
- Allow from all
- </Proxy>
- ProxyPreserveHost on
- AllowEncodedSlashes NoDecode
- ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
- ProxyPass /server-status !
- ProxyPass / http://localhost:8080/
- ProxyPassReverse / http://localhost:8080/ nocanon
+
+ RequestHeader set X-Forwarded-Proto "https"
+ RequestHeader set X-Forwarded-Port "443"
ErrorLog ${APACHE_LOG_DIR}/error.log
@@ -48,50 +50,19 @@ NameVirtualHost *:80
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>
+</Macro>
+
+
+Use common-debian-service-https-redirect jenkins.debian.net
+Use common-debian-service-https-redirect reproducible.debian.net
-NameVirtualHost *:443
<VirtualHost *:443>
- SSLEngine on
+ Use common-directives jenkins.debian.net
SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
- SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
-
- ServerName jenkins.debian.net
- ServerAdmin holger@layer-acht.org
DocumentRoot /var/www
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
- <Directory /var/www/>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- Alias /userContent /var/lib/jenkins/userContent
- <Directory /var/lib/jenkins/userContent>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
- </Directory>
# allow certain params only from alioth (token is used to trigger builds)
- RewriteEngine on
RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
# this is git.d.o which is really moszumanska.d.o
# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
@@ -126,7 +97,6 @@ NameVirtualHost *:443
RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
- ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
@@ -144,50 +114,14 @@ NameVirtualHost *:443
ProxyPass /userContent !
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
- SSLEngine on
+ Use common-directives reproducible.debian.net
SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
- SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
-
- ServerName reproducible.debian.net
- ServerAdmin holger@layer-acht.org
DocumentRoot /var/lib/jenkins/userContent
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
-
- <Directory /var/lib/jenkins/userContent>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
- </Directory>
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/$
@@ -198,17 +132,4 @@ NameVirtualHost *:443
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/userContent
RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]
-
- ProxyRequests Off
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
diff --git a/update_jdn.sh b/update_jdn.sh
index 89ca4a2e..27a8fe28 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -59,7 +59,7 @@ fi
#
sudo apt-get install vim screen less etckeeper moreutils curl mtr-tiny dstat devscripts bash-completion shorewall shorewall6 cron-apt apt-listchanges munin munin-plugins-extra calamaris visitors procmail libjson-rpc-perl libfile-touch-perl zutils ip2host pigz \
build-essential python-setuptools molly-guard \
- debootstrap sudo figlet graphviz apache2 python-yaml python-pip mr subversion subversion-tools vnstat poxml vncsnapshot imagemagick libav-tools python-twisted python-imaging gocr guestmount schroot sqlite3 dose-extra apt-file python-lzma bc \
+ debootstrap sudo figlet graphviz apache2 libapache2-mod-macro python-yaml python-pip mr subversion subversion-tools vnstat poxml vncsnapshot imagemagick libav-tools python-twisted python-imaging gocr guestmount schroot sqlite3 dose-extra apt-file python-lzma bc \
unzip python-hachoir-metadata ghc python-rpy2 libsoap-lite-perl haveged postgresql-client-9.1 xvfb virt-viewer libsikuli-script-java \
libxslt1-dev tcpdump unclutter radvd x11-apps syslinux \
libcap2-bin devscripts libvirt-ruby ruby-rspec gawk ntp \
@@ -88,6 +88,7 @@ if [ ! -e /etc/apache2/mods-enabled/proxy.load ] ; then
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers
+ sudo a2enmod macro
fi
sudo chown root.root /etc/sudoers.d/jenkins ; sudo chmod 700 /etc/sudoers.d/jenkins
sudo ln -sf /etc/apache2/sites-available/jenkins.debian.net /etc/apache2/sites-enabled/000-default