diff options
| -rw-r--r-- | etc/apache2/sites-available/jenkins.debian.net | 143 | ||||
| -rwxr-xr-x | update_jdn.sh | 3 |
2 files changed, 34 insertions, 112 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net index a0f843d5..48feec5a 100644 --- a/etc/apache2/sites-available/jenkins.debian.net +++ b/etc/apache2/sites-available/jenkins.debian.net @@ -1,14 +1,23 @@ NameVirtualHost *:80 -<VirtualHost *:80> - RewriteEngine On - RewriteCond %{HTTPS} !=on - RewriteCond %{REMOTE_ADDR} !127.0.0.1 - RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] +NameVirtualHost *:443 + +<Macro common-debian-service-https-redirect $name> + <VirtualHost *:80> + ServerName $name + ServerAdmin holger@layer-acht.org + CustomLog /var/log/apache2/access.log combined + ErrorLog /var/log/apache2/error.log + Redirect permanent / https://$name/ + </VirtualHost> +</Macro> + +<Macro common-directives $name> + SSLEngine on + SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt - ServerName jenkins.debian.net + ServerName $name ServerAdmin holger@layer-acht.org - DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None @@ -18,28 +27,21 @@ NameVirtualHost *:80 AllowOverride None Order allow,deny allow from all + AddType text/plain .log </Directory> - - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - <Directory "/usr/lib/cgi-bin"> + <Directory /var/lib/jenkins/userContent> + Options Indexes FollowSymLinks MultiViews AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny - Allow from all - SSLOptions +StdEnvVars + allow from all + AddType text/plain .log </Directory> + RewriteEngine on ProxyRequests Off - <Proxy *> - Order deny,allow - Allow from all - </Proxy> - ProxyPreserveHost on - AllowEncodedSlashes NoDecode - ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ - ProxyPass /server-status ! - ProxyPass / http://localhost:8080/ - ProxyPassReverse / http://localhost:8080/ nocanon + + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" ErrorLog ${APACHE_LOG_DIR}/error.log @@ -48,50 +50,19 @@ NameVirtualHost *:80 LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined -</VirtualHost> +</Macro> + + +Use common-debian-service-https-redirect jenkins.debian.net +Use common-debian-service-https-redirect reproducible.debian.net -NameVirtualHost *:443 <VirtualHost *:443> - SSLEngine on + Use common-directives jenkins.debian.net SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem - SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt - - ServerName jenkins.debian.net - ServerAdmin holger@layer-acht.org DocumentRoot /var/www - <Directory /> - Options FollowSymLinks - AllowOverride None - </Directory> - <Directory /var/www/> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - AddType text/plain .log - </Directory> - - Alias /userContent /var/lib/jenkins/userContent - <Directory /var/lib/jenkins/userContent> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - AddType text/plain .log - </Directory> - - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - <Directory "/usr/lib/cgi-bin"> - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - SSLOptions +StdEnvVars - </Directory> # allow certain params only from alioth (token is used to trigger builds) - RewriteEngine on RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21 # this is git.d.o which is really moszumanska.d.o # etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this... @@ -126,7 +97,6 @@ NameVirtualHost *:443 RewriteCond %{REQUEST_URI} ^/userContent/rbuild/ RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L] - ProxyRequests Off <Proxy *> Order deny,allow Allow from all @@ -144,50 +114,14 @@ NameVirtualHost *:443 ProxyPass /userContent ! ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> - SSLEngine on + Use common-directives reproducible.debian.net SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem - SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt - - ServerName reproducible.debian.net - ServerAdmin holger@layer-acht.org DocumentRoot /var/lib/jenkins/userContent - <Directory /> - Options FollowSymLinks - AllowOverride None - </Directory> - - <Directory /var/lib/jenkins/userContent> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - AddType text/plain .log - </Directory> - - ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - <Directory "/usr/lib/cgi-bin"> - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - SSLOptions +StdEnvVars - </Directory> RewriteCond %{HTTP_HOST} reproducible\.debian\.net RewriteCond %{REQUEST_URI} ^/$ @@ -198,17 +132,4 @@ NameVirtualHost *:443 RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} ^/userContent RewriteRule ^/userContent/(.*)$ /$1 [R=301,L] - - ProxyRequests Off - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> diff --git a/update_jdn.sh b/update_jdn.sh index 89ca4a2e..27a8fe28 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -59,7 +59,7 @@ fi # sudo apt-get install vim screen less etckeeper moreutils curl mtr-tiny dstat devscripts bash-completion shorewall shorewall6 cron-apt apt-listchanges munin munin-plugins-extra calamaris visitors procmail libjson-rpc-perl libfile-touch-perl zutils ip2host pigz \ build-essential python-setuptools molly-guard \ - debootstrap sudo figlet graphviz apache2 python-yaml python-pip mr subversion subversion-tools vnstat poxml vncsnapshot imagemagick libav-tools python-twisted python-imaging gocr guestmount schroot sqlite3 dose-extra apt-file python-lzma bc \ + debootstrap sudo figlet graphviz apache2 libapache2-mod-macro python-yaml python-pip mr subversion subversion-tools vnstat poxml vncsnapshot imagemagick libav-tools python-twisted python-imaging gocr guestmount schroot sqlite3 dose-extra apt-file python-lzma bc \ unzip python-hachoir-metadata ghc python-rpy2 libsoap-lite-perl haveged postgresql-client-9.1 xvfb virt-viewer libsikuli-script-java \ libxslt1-dev tcpdump unclutter radvd x11-apps syslinux \ libcap2-bin devscripts libvirt-ruby ruby-rspec gawk ntp \ @@ -88,6 +88,7 @@ if [ ! -e /etc/apache2/mods-enabled/proxy.load ] ; then sudo a2enmod rewrite sudo a2enmod ssl sudo a2enmod headers + sudo a2enmod macro fi sudo chown root.root /etc/sudoers.d/jenkins ; sudo chmod 700 /etc/sudoers.d/jenkins sudo ln -sf /etc/apache2/sites-available/jenkins.debian.net /etc/apache2/sites-enabled/000-default |