summaryrefslogtreecommitdiffstats
path: root/hosts/jenkins/etc/apache2
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2015-07-27 14:31:57 +0200
committerHolger Levsen <holger@layer-acht.org>2015-07-27 14:31:57 +0200
commit315ead533e3d4e67ce3908a13ebe5b75ef9060c4 (patch)
treeb13a53cbace131ef2afedbd7697f724f9e674c0d /hosts/jenkins/etc/apache2
parent16a5099a82e9c12322e7bea561a5f43448b013d4 (diff)
downloadjenkins.debian.net-315ead533e3d4e67ce3908a13ebe5b75ef9060c4.tar.xz
move etc to hosts/jenkins/etc
Diffstat (limited to 'hosts/jenkins/etc/apache2')
l---------hosts/jenkins/etc/apache2/conf-available/munin.conf1
-rw-r--r--hosts/jenkins/etc/apache2/ports.conf23
-rw-r--r--hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net275
-rw-r--r--hosts/jenkins/etc/apache2/ssl/gsdomainvalsha2g2r1.crt27
4 files changed, 326 insertions, 0 deletions
diff --git a/hosts/jenkins/etc/apache2/conf-available/munin.conf b/hosts/jenkins/etc/apache2/conf-available/munin.conf
new file mode 120000
index 00000000..56fedfa9
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/conf-available/munin.conf
@@ -0,0 +1 @@
+../../munin/apache.conf \ No newline at end of file
diff --git a/hosts/jenkins/etc/apache2/ports.conf b/hosts/jenkins/etc/apache2/ports.conf
new file mode 100644
index 00000000..7830895d
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/ports.conf
@@ -0,0 +1,23 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default
+# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
+# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
+# README.Debian.gz
+
+#NameVirtualHost *:80
+Listen 80
+
+<IfModule mod_ssl.c>
+ # If you add NameVirtualHost *:443 here, you will also have to change
+ # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
+ # to <VirtualHost *:443>
+ # Server Name Indication for SSL named virtual hosts is currently not
+ # supported by MSIE on Windows XP.
+ Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+ Listen 443
+</IfModule>
+
diff --git a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
new file mode 100644
index 00000000..668bcf3f
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
@@ -0,0 +1,275 @@
+NameVirtualHost *:80
+NameVirtualHost *:443
+
+<Macro localhost-directives $ipaddress>
+ <VirtualHost $ipaddress:80>
+ ServerName $ipaddress
+ ServerAdmin holger@layer-acht.org
+ CustomLog /var/log/apache2/access.log combined
+ ErrorLog /var/log/apache2/error.log
+ <Proxy *>
+ Require all granted
+ </Proxy>
+ ProxyPreserveHost on
+ AllowEncodedSlashes NoDecode
+ # proxy everything but a few urls
+ ProxyPass /server-status !
+ # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
+ ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
+ ProxyPass /userContent !
+ ProxyPass / http://localhost:8080/ nocanon
+ ProxyPassReverse / http://localhost:8080/
+ </VirtualHost>
+</Macro>
+
+<Macro common-debian-service-https-redirect $name>
+ <VirtualHost *:80>
+ ServerName $name
+ ServerAdmin holger@layer-acht.org
+ CustomLog /var/log/apache2/access.log combined
+ ErrorLog /var/log/apache2/error.log
+ Redirect permanent / https://$name/
+ </VirtualHost>
+</Macro>
+
+<Macro common-directives $name>
+ SSLEngine on
+ SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
+
+ ServerName $name
+ ServerAdmin holger@layer-acht.org
+
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ <Directory /var/www/>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Require all granted
+ AddType text/plain .log
+ </Directory>
+ <Directory /var/lib/jenkins/userContent>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Require all granted
+ AddType text/plain .log
+ </Directory>
+
+ <FilesMatch "\.gz$">
+ AddEncoding gzip .gz
+ ForceType text/plain
+ FilterDeclare gzipInflate CONTENT_SET
+ <IfVersion >= 2.4>
+ FilterProvider gzipInflate inflate "%{req:Accept-Encoding} !~ /gzip/"
+ </IfVersion>
+ <IfVersion < 2.4>
+ FilterProvider gzipInflate inflate req=Accept-Encoding !$gzip
+ </IfVersion>
+ FilterChain +gzipInflate
+ </FilesMatch>
+
+ RewriteEngine on
+ ProxyRequests Off
+
+ # HSTS
+ RequestHeader set X-Forwarded-Proto "https"
+ RequestHeader set X-Forwarded-Port "443"
+ Header always add Strict-Transport-Security "max-age=15552000"
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</Macro>
+
+Use localhost-directives 127.0.0.1
+Use localhost-directives 10.0.2.1
+
+Use common-debian-service-https-redirect jenkins.debian.net
+Use common-debian-service-https-redirect reproducible.debian.net
+
+<VirtualHost *:443>
+ Use common-directives jenkins.debian.net
+ SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
+
+ DocumentRoot /var/www
+
+ # allow certain params only from alioth (token is used to trigger builds)
+ RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
+ # this is git.d.o which is really moszumanska.d.o
+ # etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
+ RewriteCond %{QUERY_STRING} token
+ RewriteRule ^ - [F]
+
+ # a bunch of redirects to point people to https://reproducible.debian.net
+ RewriteCond %{HTTP_HOST} jenkins\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_notes.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/artifacts/ [or]
+ RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
+ RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
+
+ <Proxy *>
+ Require all granted
+ </Proxy>
+ ProxyPreserveHost on
+ AllowEncodedSlashes NoDecode
+ # proxy everything but a few urls
+ ProxyPass /munin !
+ ProxyPass /server-status !
+ ProxyPass /calamaris !
+ ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt
+ # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
+ ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
+ ProxyPass /userContent !
+ ProxyPass / http://localhost:8080/ nocanon
+ ProxyPassReverse / http://localhost:8080/
+</VirtualHost>
+
+
+<VirtualHost *:443>
+ Use common-directives reproducible.debian.net
+ SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
+
+ DocumentRoot /var/lib/jenkins/userContent/reproducible
+
+ <Directory /var/lib/jenkins/userContent/reproducible/artifacts>
+ HeaderName .HEADER.html
+ </Directory>
+
+ # use reproducible.html as "home page"
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/$
+ RewriteRule ^/(.*) /reproducible.html [R,L]
+
+ # drop the (old|ugly) /userContent/ directory from the url
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond %{REQUEST_URI} ^/userContent
+ RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]
+
+ # redirect rb.d.n/issues/$ISSUE → rb.d.n/issues/unstable/$ISSUE
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/issues/unstable/$1 -f
+ RewriteRule ^/issues/([a-z0-9.+-_]+) /issues/unstable/$1 [R=302,L]
+
+ # redirect rb.d.n/$PKG → rb.d.n/rb-pkg/unstable/amd64/$PKG.html
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1.html -f
+ RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1.html [R=302,L]
+
+ # redirect rb.d.n/$PKG → rb.d.n/rb-pkg/experimental/amd64/$PKG.html
+ # (this is the fallback for the previous redirect and should only catch packages which are only in experimental)
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/experimental/amd64/$1.html -f
+ RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/experimental/amd64/$1.html [R=302,L]
+
+ # redirect rb.d.n/$suite/amd64/$PKG → rb.d.n/rb-pkg/$suite/amd64/$PKG.html
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/$1/amd64/$2.html -f
+ RewriteRule ^/(unstable|testing|experimental)/amd64/([a-z0-9.+-]+) /rb-pkg/$1/amd64/$2.html [R=302,L]
+
+ # redirect rb.d.n/rb-pkg/$PKG.html → rb.d.n/rb-pkg/$suite/$arch/$PKG.html
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1 -f
+ RewriteRule ^/rb-pkg/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1 [R=301,L]
+ # the same for /dbd/
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/dbd/unstable/amd64/$1 -f
+ RewriteRule ^/dbd/([a-z0-9.+-_]+) /dbd/unstable/amd64/$1 [R=301,L]
+ # the same for /rbuild/
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/rbuild/unstable/amd64/$1 -f
+ RewriteRule ^/rbuild/([a-z0-9.+-_]+) /rbuild/unstable/amd64/$1 [R=301,L]
+ # the same for /buildinfo/
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond /var/lib/jenkins/userContent/reproducible/buildinfo/unstable/amd64/$1 -f
+ RewriteRule ^/buildinfo/([a-z0-9.+-_]+) /buildinfo/unstable/amd64/$1 [R=301,L]
+ # redirect some rb.d.n/index_*.html to the suite/arch relative one
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteCond %{REQUEST_URI} ^/index_reproducible.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_FTBR.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_FTBFS.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_404.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_not_for_us.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_blacklisted.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_last_24h.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_last_48h.html$ [or]
+ RewriteCond %{REQUEST_URI} ^/index_all_abc.html$
+ RewriteRule ^/?(.+) /unstable/amd64/$1 [R=301,L]
+
+ # redirect (/testing|unstable|/experimental) to (/testing|/unstable|/experimental)/index_suite_stats.html
+ # note: the missing slash in the RewriteRule is wanted to avoid a double slash
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/(testing|unstable|experimental)/$
+ RewriteRule ^/(.*) /$1index_suite_stats.html [R,L]
+
+ # redirect /coreboot/ to coreboot/coreboot.html
+ # note: the missing slash in the RewriteRule is wanted to avoid a double slash
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/coreboot/$
+ RewriteRule ^/(.*) /coreboot/coreboot.html [R,L]
+
+ # redirect /openwrt/ to openwrt/openwrt.html
+ # note: the missing slash in the RewriteRule is wanted to avoid a double slash
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/openwrt/$
+ RewriteRule ^/(.*) /openwrt/openwrt.html [R,L]
+
+ # redirect /netbsd/ to netbsd/netbsd.html
+ # note: the missing slash in the RewriteRule is wanted to avoid a double slash
+ RewriteCond %{HTTP_HOST} reproducible\.debian\.net
+ RewriteCond %{REQUEST_URI} ^/netbsd/$
+ RewriteRule ^/(.*) /netbsd/netbsd.html [R,L]
+
+ # redirect /issues/ to /index_issues.html
+ RewriteCond %{REQUEST_URI} ^/issues/$
+ RewriteRule ^/(.*) /index_issues.html [R,L]
+
+ <Proxy *>
+ Require all granted
+ </Proxy>
+
+</VirtualHost>
diff --git a/hosts/jenkins/etc/apache2/ssl/gsdomainvalsha2g2r1.crt b/hosts/jenkins/etc/apache2/ssl/gsdomainvalsha2g2r1.crt
new file mode 100644
index 00000000..6d67a8d2
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/ssl/gsdomainvalsha2g2r1.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgILBAAAAAABRE7wPiAwDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
+MDBaFw0yNDAyMjAxMDAwMDBaMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0
+aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCp3cwOs+IyOd1JIqgTaZOHiOEM7nF9vZCHll1Z8syz0lhXV/lG72wm2DZC
+jn4wsy+aPlN7H262okxFHzzTFZMcie089Ffeyr3sBppqKqAZUn9R0XQ5CJ+r69eG
+ExWXrjbDVGYOWvKgc4Ux47JkFGr/paKOJLu9hVIVonnu8LXuPbj0fYC82ZA1ZbgX
+qa2zmJ+gfn1u+z+tfMIbWTaW2jcyS0tdNQJjjtunz2LuzC7Ujcm9PGqRcqIip3It
+INH6yjfaGJjmFiRxJUvE5XuJUgkC/VkrBG7KB4HUs9ra2+PMgKhWBwZ8lgg3nds4
+tmI0kWIHdAE42HIw4uuQcSZiwFfzAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMC
+AQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU6k581IAt5RWBhiaMgm3A
+mKTPlw8wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v
+d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSG
+Imh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEE
+MTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290
+cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQEL
+BQADggEBANdFnqDc4ONhWgt9d4QXLWVagpqNoycqhffJ7+mG/dRHzQFSlsVDvTex
+4bjyqdKKEYRxkRWJ3AKdC8tsM4U0KJ4gsrGX3G0LEME8zV/qXdeYMcU0mVwAYVXE
+GwJbxeOJyLS4bx448lYm6UHvPc2smU9ZSlctS32ux4j71pg79eXw6ImJuYsDy1oj
+H6T9uOr7Lp2uanMJvPzVoLVEgqtEkS5QLlfBQ9iRBIvpES5ftD953x77PzAAi1Pj
+tywdO02L3ORkHQRYM68bVeerDL8wBHTk8w4vMDmNSwSMHnVmZkngvkA0x1xaUZK6
+EjxS1QSCVS1npd+3lXzuP8MIugS+wEY=
+-----END CERTIFICATE-----
+