From 3aa44cbb40d81bc317576a5631a890fbd87d2071 Mon Sep 17 00:00:00 2001
From: Holger Levsen <holger@layer-acht.org>
Date: Sat, 29 Aug 2015 15:45:56 +0200
Subject: reproducible: use ssl cert for reproducible-builds.org donated by
 lamby

---
 .../etc/apache2/sites-available/jenkins.debian.net | 29 +++++++++++++-----
 hosts/jenkins/etc/apache2/ssl/startcom.crt         | 34 ++++++++++++++++++++++
 2 files changed, 56 insertions(+), 7 deletions(-)
 create mode 100644 hosts/jenkins/etc/apache2/ssl/startcom.crt

(limited to 'hosts/jenkins/etc/apache2')

diff --git a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
index 50e7f944..af07ca90 100644
--- a/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
+++ b/hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net
@@ -32,9 +32,9 @@ NameVirtualHost *:443
 	</VirtualHost>
 </Macro>
 
-<Macro common-directives $name>
+<Macro common-directives $name $chainfile>
 	SSLEngine on
-	SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt
+	SSLCertificateChainFile /etc/apache2/ssl/$chainfile
 
 	ServerName $name
 	ServerAdmin holger@layer-acht.org
@@ -92,7 +92,7 @@ Use common-debian-service-https-redirect reproducible.debian.net
 Use common-debian-service-https-redirect reproducible-builds.org
 
 <VirtualHost *:443>
-	Use common-directives jenkins.debian.net
+	Use common-directives jenkins.debian.net gsdomainvalsha2g2r1.crt
 	SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
 
 	DocumentRoot /var/www
@@ -133,9 +133,6 @@ Use common-debian-service-https-redirect reproducible-builds.org
 	RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
 	RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
 
-	# redirects reproducible-builds.org to https://reproducible.debian.net
-	RewriteCond %{HTTP_HOST} reproducible-builds\.org
-	RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
 
 	<Proxy *>
 		Require all granted
@@ -156,7 +153,7 @@ Use common-debian-service-https-redirect reproducible-builds.org
 
 
 <VirtualHost *:443>
-	Use common-directives reproducible.debian.net
+	Use common-directives reproducible.debian.net gsdomainvalsha2g2r1.crt
 	SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
 
 	DocumentRoot /var/lib/jenkins/userContent/reproducible
@@ -293,3 +290,21 @@ Use common-debian-service-https-redirect reproducible-builds.org
 	</Proxy>
 
 </VirtualHost>
+
+<VirtualHost *:443>
+	Use common-directives reproducible-builds.org startcom.crt
+	SSLCertificateFile /etc/apache2/ssl/reproducible-builds.org.pem
+
+	DocumentRoot /var/lib/jenkins/userContent/reproducible
+
+	# redirects reproducible-builds.org to https://reproducible.debian.net except for /specs/ and /howto/
+	RewriteCond %{HTTP_HOST} reproducible-builds\.org
+	RewriteCond %{REQUEST_URI} !^/specs/$
+	RewriteCond %{REQUEST_URI} !^/howto/$
+	RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
+
+	<Proxy *>
+		Require all granted
+	</Proxy>
+</VirtualHost>
+
diff --git a/hosts/jenkins/etc/apache2/ssl/startcom.crt b/hosts/jenkins/etc/apache2/ssl/startcom.crt
new file mode 100644
index 00000000..dbaeda6a
--- /dev/null
+++ b/hosts/jenkins/etc/apache2/ssl/startcom.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIHHKs2Ry2cUTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
+EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp
+Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcxMDE0MjA1NzA5WhcNMjIxMDE0MjA1
+NzA5WjCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
+BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNV
+BAMTL1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVy
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k85L6GMmoWtCA4I
+PlfyiAEhG5SpbOK426oZGEY6UqH1D/RujOqWjJaHeRNAUS8i8gyLhw9l33F0NENV
+sTUJm9m8H/rrQtCXQHK3Q5Y9upadXVACHJuRjZzArNe7LxfXyz6CnXPrB0KSss1k
+s3RVG7RLhiEs93iHMuAW5Nq9TJXqpAp+tgoNLorPVavD5d1Bik7mb2VsskDPF125
+w2oLJxGEd2H2wnztwI14FBiZgZl1Y7foU9O6YekO+qIw80aiuckfbIBaQKwn7UhH
+M7BUxkYa8zVhwQIpkFR+ZE3EMFICgtffziFuGJHXuKuMJxe18KMBL47SLoc6PbQp
+Z4rEAwIDAQABo4IBTDCCAUgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFBHbI0X9VMxqcW+EigPXvvcBLyaGMB8GA1UdIwQYMBaA
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUFBwEBBF0wWzAnBggrBgEFBQcw
+AYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMDAGCCsGAQUFBzAChiRodHRw
+Oi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwMgYDVR0fBCswKTAnoCWg
+I4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMEMGA1UdIAQ8MDow
+OAYEVR0gADAwMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9w
+b2xpY3kucGRmMA0GCSqGSIb3DQEBCwUAA4ICAQBSyb3zvcv566LEMsqGcvzPv6cw
+tf2R99WB4SEErQBM/+mLJ9r/8iTN/B8Pf9LR5YGSI3gW7msDLp0ASE+ugmUuh2/u
+agdfS1Zu95ZGQebd/kW5Yiqainbprb3Wc7O8MSvQLNVsa7xqOiWHqailDdeF8Wxs
+BQ70wWjLuyqBWKU+mcSf9x+EjqB60U3buAGcDYE0yoL+I2JNP22kUsBMXvJpSLHy
+36xEZGmwRinHrfDywJ1oI4qoZ3EiF77OiXp2vlRsk1yL8Bpuru2OrsIFrhNX5rnn
+cMgzuJ79SjDjmNQTa+5Ouebs387qoJ52apeq6t80RUL12k3Wh3Zt/85phnqBX9uy
+T86w4GdgOUSwRRCFZZcSed/Ul9h4IQyEmM67T2sPGdqFaZFBbBccxrn2FK7yoYB6
+4umV7yKKzP842/whVuyA/W2ihZEpA+qrA70sYESCADXnFGx2O0CDVdVc38coo1nV
+iXg+D+AG/dVXiiQcp2I4HYWTS/mTf/NE+mOYnu0miZ32/vhDbCX/B/kSPJ4RsNOA
+7uyrOwykcgOSFDbpvuaKOpGLrQwGqLODgm+p9TY5giMMjur9XH7TS1wz02dIz07u
+y2NwYWdV67vcnAt6QxRISap5RbaPviyQZxz4nFaSlTAwHoPaW1yuVS11tmsROMlR
+RNvbaAxIU4U67YaZSw==
+-----END CERTIFICATE-----
-- 
cgit v1.2.3-54-g00ecf