summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/apache2/sites-available/jenkins.debian.net143
1 files changed, 32 insertions, 111 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net
index a0f843d5..48feec5a 100644
--- a/etc/apache2/sites-available/jenkins.debian.net
+++ b/etc/apache2/sites-available/jenkins.debian.net
@@ -1,14 +1,23 @@
NameVirtualHost *:80
-<VirtualHost *:80>
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteCond %{REMOTE_ADDR} !127.0.0.1
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+NameVirtualHost *:443
+
+<Macro common-debian-service-https-redirect $name>
+ <VirtualHost *:80>
+ ServerName $name
+ ServerAdmin holger@layer-acht.org
+ CustomLog /var/log/apache2/access.log combined
+ ErrorLog /var/log/apache2/error.log
+ Redirect permanent / https://$name/
+ </VirtualHost>
+</Macro>
+
+<Macro common-directives $name>
+ SSLEngine on
+ SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
- ServerName jenkins.debian.net
+ ServerName $name
ServerAdmin holger@layer-acht.org
- DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
@@ -18,28 +27,21 @@ NameVirtualHost *:80
AllowOverride None
Order allow,deny
allow from all
+ AddType text/plain .log
</Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
+ <Directory /var/lib/jenkins/userContent>
+ Options Indexes FollowSymLinks MultiViews
AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
+ allow from all
+ AddType text/plain .log
</Directory>
+ RewriteEngine on
ProxyRequests Off
- <Proxy *>
- Order deny,allow
- Allow from all
- </Proxy>
- ProxyPreserveHost on
- AllowEncodedSlashes NoDecode
- ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
- ProxyPass /server-status !
- ProxyPass / http://localhost:8080/
- ProxyPassReverse / http://localhost:8080/ nocanon
+
+ RequestHeader set X-Forwarded-Proto "https"
+ RequestHeader set X-Forwarded-Port "443"
ErrorLog ${APACHE_LOG_DIR}/error.log
@@ -48,50 +50,19 @@ NameVirtualHost *:80
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>
+</Macro>
+
+
+Use common-debian-service-https-redirect jenkins.debian.net
+Use common-debian-service-https-redirect reproducible.debian.net
-NameVirtualHost *:443
<VirtualHost *:443>
- SSLEngine on
+ Use common-directives jenkins.debian.net
SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
- SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
-
- ServerName jenkins.debian.net
- ServerAdmin holger@layer-acht.org
DocumentRoot /var/www
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
- <Directory /var/www/>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- Alias /userContent /var/lib/jenkins/userContent
- <Directory /var/lib/jenkins/userContent>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
- </Directory>
# allow certain params only from alioth (token is used to trigger builds)
- RewriteEngine on
RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
# this is git.d.o which is really moszumanska.d.o
# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
@@ -126,7 +97,6 @@ NameVirtualHost *:443
RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
- ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
@@ -144,50 +114,14 @@ NameVirtualHost *:443
ProxyPass /userContent !
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
- SSLEngine on
+ Use common-directives reproducible.debian.net
SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
- SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
-
- ServerName reproducible.debian.net
- ServerAdmin holger@layer-acht.org
DocumentRoot /var/lib/jenkins/userContent
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
-
- <Directory /var/lib/jenkins/userContent>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
- AddType text/plain .log
- </Directory>
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
- <Directory "/usr/lib/cgi-bin">
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
- SSLOptions +StdEnvVars
- </Directory>
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/$
@@ -198,17 +132,4 @@ NameVirtualHost *:443
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/userContent
RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]
-
- ProxyRequests Off
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>