diff options
Diffstat (limited to 'etc/apache2')
| l--------- | etc/apache2/conf-available/munin.conf | 1 | ||||
| -rw-r--r-- | etc/apache2/ports.conf | 23 | ||||
| -rw-r--r-- | etc/apache2/sites-available/jenkins.debian.net | 275 | ||||
| -rw-r--r-- | etc/apache2/ssl/gsdomainvalsha2g2r1.crt | 27 |
4 files changed, 0 insertions, 326 deletions
diff --git a/etc/apache2/conf-available/munin.conf b/etc/apache2/conf-available/munin.conf deleted file mode 120000 index 56fedfa9..00000000 --- a/etc/apache2/conf-available/munin.conf +++ /dev/null @@ -1 +0,0 @@ -../../munin/apache.conf
\ No newline at end of file diff --git a/etc/apache2/ports.conf b/etc/apache2/ports.conf deleted file mode 100644 index 7830895d..00000000 --- a/etc/apache2/ports.conf +++ /dev/null @@ -1,23 +0,0 @@ -# If you just change the port or add more ports here, you will likely also -# have to change the VirtualHost statement in -# /etc/apache2/sites-enabled/000-default -# This is also true if you have upgraded from before 2.2.9-3 (i.e. from -# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and -# README.Debian.gz - -#NameVirtualHost *:80 -Listen 80 - -<IfModule mod_ssl.c> - # If you add NameVirtualHost *:443 here, you will also have to change - # the VirtualHost statement in /etc/apache2/sites-available/default-ssl - # to <VirtualHost *:443> - # Server Name Indication for SSL named virtual hosts is currently not - # supported by MSIE on Windows XP. - Listen 443 -</IfModule> - -<IfModule mod_gnutls.c> - Listen 443 -</IfModule> - diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net deleted file mode 100644 index 668bcf3f..00000000 --- a/etc/apache2/sites-available/jenkins.debian.net +++ /dev/null @@ -1,275 +0,0 @@ -NameVirtualHost *:80 -NameVirtualHost *:443 - -<Macro localhost-directives $ipaddress> - <VirtualHost $ipaddress:80> - ServerName $ipaddress - ServerAdmin holger@layer-acht.org - CustomLog /var/log/apache2/access.log combined - ErrorLog /var/log/apache2/error.log - <Proxy *> - Require all granted - </Proxy> - ProxyPreserveHost on - AllowEncodedSlashes NoDecode - # proxy everything but a few urls - ProxyPass /server-status ! - # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs - ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ - ProxyPass /userContent ! - ProxyPass / http://localhost:8080/ nocanon - ProxyPassReverse / http://localhost:8080/ - </VirtualHost> -</Macro> - -<Macro common-debian-service-https-redirect $name> - <VirtualHost *:80> - ServerName $name - ServerAdmin holger@layer-acht.org - CustomLog /var/log/apache2/access.log combined - ErrorLog /var/log/apache2/error.log - Redirect permanent / https://$name/ - </VirtualHost> -</Macro> - -<Macro common-directives $name> - SSLEngine on - SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt - - ServerName $name - ServerAdmin holger@layer-acht.org - - <Directory /> - Options FollowSymLinks - AllowOverride None - </Directory> - <Directory /var/www/> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Require all granted - AddType text/plain .log - </Directory> - <Directory /var/lib/jenkins/userContent> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Require all granted - AddType text/plain .log - </Directory> - - <FilesMatch "\.gz$"> - AddEncoding gzip .gz - ForceType text/plain - FilterDeclare gzipInflate CONTENT_SET - <IfVersion >= 2.4> - FilterProvider gzipInflate inflate "%{req:Accept-Encoding} !~ /gzip/" - </IfVersion> - <IfVersion < 2.4> - FilterProvider gzipInflate inflate req=Accept-Encoding !$gzip - </IfVersion> - FilterChain +gzipInflate - </FilesMatch> - - RewriteEngine on - ProxyRequests Off - - # HSTS - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - Header always add Strict-Transport-Security "max-age=15552000" - - ErrorLog ${APACHE_LOG_DIR}/error.log - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/access.log combined -</Macro> - -Use localhost-directives 127.0.0.1 -Use localhost-directives 10.0.2.1 - -Use common-debian-service-https-redirect jenkins.debian.net -Use common-debian-service-https-redirect reproducible.debian.net - -<VirtualHost *:443> - Use common-directives jenkins.debian.net - SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem - - DocumentRoot /var/www - - # allow certain params only from alioth (token is used to trigger builds) - RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21 - # this is git.d.o which is really moszumanska.d.o - # etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this... - RewriteCond %{QUERY_STRING} token - RewriteRule ^ - [F] - - # a bunch of redirects to point people to https://reproducible.debian.net - RewriteCond %{HTTP_HOST} jenkins\.debian\.net - RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_notes.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or] - RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/artifacts/ [or] - RewriteCond %{REQUEST_URI} ^/userContent/rbuild/ - RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L] - - <Proxy *> - Require all granted - </Proxy> - ProxyPreserveHost on - AllowEncodedSlashes NoDecode - # proxy everything but a few urls - ProxyPass /munin ! - ProxyPass /server-status ! - ProxyPass /calamaris ! - ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt - # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs - ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ - ProxyPass /userContent ! - ProxyPass / http://localhost:8080/ nocanon - ProxyPassReverse / http://localhost:8080/ -</VirtualHost> - - -<VirtualHost *:443> - Use common-directives reproducible.debian.net - SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem - - DocumentRoot /var/lib/jenkins/userContent/reproducible - - <Directory /var/lib/jenkins/userContent/reproducible/artifacts> - HeaderName .HEADER.html - </Directory> - - # use reproducible.html as "home page" - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/$ - RewriteRule ^/(.*) /reproducible.html [R,L] - - # drop the (old|ugly) /userContent/ directory from the url - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond %{REQUEST_URI} ^/userContent - RewriteRule ^/userContent/(.*)$ /$1 [R=301,L] - - # redirect rb.d.n/issues/$ISSUE → rb.d.n/issues/unstable/$ISSUE - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/issues/unstable/$1 -f - RewriteRule ^/issues/([a-z0-9.+-_]+) /issues/unstable/$1 [R=302,L] - - # redirect rb.d.n/$PKG → rb.d.n/rb-pkg/unstable/amd64/$PKG.html - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1.html -f - RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1.html [R=302,L] - - # redirect rb.d.n/$PKG → rb.d.n/rb-pkg/experimental/amd64/$PKG.html - # (this is the fallback for the previous redirect and should only catch packages which are only in experimental) - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/experimental/amd64/$1.html -f - RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/experimental/amd64/$1.html [R=302,L] - - # redirect rb.d.n/$suite/amd64/$PKG → rb.d.n/rb-pkg/$suite/amd64/$PKG.html - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/$1/amd64/$2.html -f - RewriteRule ^/(unstable|testing|experimental)/amd64/([a-z0-9.+-]+) /rb-pkg/$1/amd64/$2.html [R=302,L] - - # redirect rb.d.n/rb-pkg/$PKG.html → rb.d.n/rb-pkg/$suite/$arch/$PKG.html - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1 -f - RewriteRule ^/rb-pkg/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1 [R=301,L] - # the same for /dbd/ - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/dbd/unstable/amd64/$1 -f - RewriteRule ^/dbd/([a-z0-9.+-_]+) /dbd/unstable/amd64/$1 [R=301,L] - # the same for /rbuild/ - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/rbuild/unstable/amd64/$1 -f - RewriteRule ^/rbuild/([a-z0-9.+-_]+) /rbuild/unstable/amd64/$1 [R=301,L] - # the same for /buildinfo/ - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond /var/lib/jenkins/userContent/reproducible/buildinfo/unstable/amd64/$1 -f - RewriteRule ^/buildinfo/([a-z0-9.+-_]+) /buildinfo/unstable/amd64/$1 [R=301,L] - # redirect some rb.d.n/index_*.html to the suite/arch relative one - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond %{REQUEST_URI} ^/index_reproducible.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_FTBR.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_FTBFS.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_404.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_not_for_us.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_blacklisted.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_last_24h.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_last_48h.html$ [or] - RewriteCond %{REQUEST_URI} ^/index_all_abc.html$ - RewriteRule ^/?(.+) /unstable/amd64/$1 [R=301,L] - - # redirect (/testing|unstable|/experimental) to (/testing|/unstable|/experimental)/index_suite_stats.html - # note: the missing slash in the RewriteRule is wanted to avoid a double slash - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/(testing|unstable|experimental)/$ - RewriteRule ^/(.*) /$1index_suite_stats.html [R,L] - - # redirect /coreboot/ to coreboot/coreboot.html - # note: the missing slash in the RewriteRule is wanted to avoid a double slash - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/coreboot/$ - RewriteRule ^/(.*) /coreboot/coreboot.html [R,L] - - # redirect /openwrt/ to openwrt/openwrt.html - # note: the missing slash in the RewriteRule is wanted to avoid a double slash - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/openwrt/$ - RewriteRule ^/(.*) /openwrt/openwrt.html [R,L] - - # redirect /netbsd/ to netbsd/netbsd.html - # note: the missing slash in the RewriteRule is wanted to avoid a double slash - RewriteCond %{HTTP_HOST} reproducible\.debian\.net - RewriteCond %{REQUEST_URI} ^/netbsd/$ - RewriteRule ^/(.*) /netbsd/netbsd.html [R,L] - - # redirect /issues/ to /index_issues.html - RewriteCond %{REQUEST_URI} ^/issues/$ - RewriteRule ^/(.*) /index_issues.html [R,L] - - <Proxy *> - Require all granted - </Proxy> - -</VirtualHost> diff --git a/etc/apache2/ssl/gsdomainvalsha2g2r1.crt b/etc/apache2/ssl/gsdomainvalsha2g2r1.crt deleted file mode 100644 index 6d67a8d2..00000000 --- a/etc/apache2/ssl/gsdomainvalsha2g2r1.crt +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEYzCCA0ugAwIBAgILBAAAAAABRE7wPiAwDQYJKoZIhvcNAQELBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw -MDBaFw0yNDAyMjAxMDAwMDBaMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0 -aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCp3cwOs+IyOd1JIqgTaZOHiOEM7nF9vZCHll1Z8syz0lhXV/lG72wm2DZC -jn4wsy+aPlN7H262okxFHzzTFZMcie089Ffeyr3sBppqKqAZUn9R0XQ5CJ+r69eG -ExWXrjbDVGYOWvKgc4Ux47JkFGr/paKOJLu9hVIVonnu8LXuPbj0fYC82ZA1ZbgX -qa2zmJ+gfn1u+z+tfMIbWTaW2jcyS0tdNQJjjtunz2LuzC7Ujcm9PGqRcqIip3It -INH6yjfaGJjmFiRxJUvE5XuJUgkC/VkrBG7KB4HUs9ra2+PMgKhWBwZ8lgg3nds4 -tmI0kWIHdAE42HIw4uuQcSZiwFfzAgMBAAGjggElMIIBITAOBgNVHQ8BAf8EBAMC -AQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU6k581IAt5RWBhiaMgm3A -mKTPlw8wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v -d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSG -Imh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEE -MTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290 -cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQEL -BQADggEBANdFnqDc4ONhWgt9d4QXLWVagpqNoycqhffJ7+mG/dRHzQFSlsVDvTex -4bjyqdKKEYRxkRWJ3AKdC8tsM4U0KJ4gsrGX3G0LEME8zV/qXdeYMcU0mVwAYVXE -GwJbxeOJyLS4bx448lYm6UHvPc2smU9ZSlctS32ux4j71pg79eXw6ImJuYsDy1oj -H6T9uOr7Lp2uanMJvPzVoLVEgqtEkS5QLlfBQ9iRBIvpES5ftD953x77PzAAi1Pj -tywdO02L3ORkHQRYM68bVeerDL8wBHTk8w4vMDmNSwSMHnVmZkngvkA0x1xaUZK6 -EjxS1QSCVS1npd+3lXzuP8MIugS+wEY= ------END CERTIFICATE----- - |