diff options
author | Mattia Rizzolo <mattia@mapreri.org> | 2015-01-10 03:36:43 +0100 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2015-01-10 13:04:36 +0100 |
commit | 85b52355cb38f46bf6cef12dc94d4a6e42ec920a (patch) | |
tree | 16cfb404c5795e9f855739aae93d940862ddbc55 /etc | |
parent | 4a7fd7f2404aae9ff6227ddd069f343012d29f2f (diff) | |
download | jenkins.debian.net-85b52355cb38f46bf6cef12dc94d4a6e42ec920a.tar.xz |
apache: clean up the conf after adding the cert foo
Diffstat (limited to 'etc')
-rw-r--r-- | etc/apache2/sites-available/jenkins.debian.net | 96 |
1 files changed, 33 insertions, 63 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net index cc5ecdca..ff970eb6 100644 --- a/etc/apache2/sites-available/jenkins.debian.net +++ b/etc/apache2/sites-available/jenkins.debian.net @@ -51,7 +51,7 @@ NameVirtualHost *:80 </VirtualHost> NameVirtualHost *:443 -<VirtualHost jenkins.debian.net:443> +<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt @@ -98,24 +98,33 @@ NameVirtualHost *:443 RewriteCond %{QUERY_STRING} token RewriteRule ^ - [F] + # a bunch of redirect to point people to https:reproducible.debian.net RewriteCond %{HTTP_HOST} jenkins\.debian\.net - RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ - RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R,L] - - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/$ - RewriteRule ^/(.*) /reproducible.html [R,L] - - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond %{REQUEST_URI} !^/userContent - RewriteRule ^(.*)$ /userContent/$1 [L] - - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/userContent - RewriteRule ^/userContent/(.*)$ /$1 [R] + RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_notess.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or] + RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or] + RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or] + RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or] + RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or] + RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or] + RewriteCond %{REQUEST_URI} ^/userContent/rbuild/ + RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L] ProxyRequests Off <Proxy *> @@ -135,6 +144,7 @@ NameVirtualHost *:443 ProxyPass /userContent ! ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ + RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" @@ -147,6 +157,7 @@ NameVirtualHost *:443 CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> + <VirtualHost reproducible.debian.net:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem @@ -155,20 +166,12 @@ NameVirtualHost *:443 ServerName reproducible.debian.net ServerAdmin holger@layer-acht.org - DocumentRoot /var/www + DocumentRoot /var/lib/jenkins/userContent <Directory /> Options FollowSymLinks AllowOverride None </Directory> - <Directory /var/www/> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - AddType text/plain .log - </Directory> - Alias /userContent /var/lib/jenkins/userContent <Directory /var/lib/jenkins/userContent> Options Indexes FollowSymLinks MultiViews AllowOverride None @@ -186,51 +189,18 @@ NameVirtualHost *:443 SSLOptions +StdEnvVars </Directory> - # allow certain params only from alioth (token is used to trigger builds) - RewriteEngine on - RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21 - # this is git.d.o which is really moszumanska.d.o - # etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this... - RewriteCond %{QUERY_STRING} token - RewriteRule ^ - [F] - - RewriteCond %{HTTP_HOST} jenkins\.debian\.net - RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ - RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R,L] - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/$ + RewriteCond %{REQUEST_URI} ^/$ RewriteRule ^/(.*) /reproducible.html [R,L] RewriteCond %{HTTP_HOST} reproducible\.debian\.net RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond %{REQUEST_URI} !^/userContent - RewriteRule ^(.*)$ /userContent/$1 [L] - - RewriteCond %{HTTP_HOST} reproducible\.debian\.net RewriteCond %{REQUEST_URI} ^/userContent - RewriteRule ^/userContent/(.*)$ /$1 [R] + RewriteRule ^/userContent/(.*)$ /$1 [R=301,L] ProxyRequests Off - <Proxy *> - Order deny,allow - Allow from all - </Proxy> - ProxyPreserveHost on - AllowEncodedSlashes NoDecode - # proxy everything but a few urls - ProxyPass /munin ! - ProxyPass /server-status ! - ProxyPass /visitors-report.html ! - ProxyPass /calamaris ! - ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt - # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs - ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ - ProxyPass /userContent ! - ProxyPass / http://localhost:8080/ nocanon - ProxyPassReverse / http://localhost:8080/ + RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" |