NameVirtualHost *:80
NameVirtualHost *:443

<Macro localhost-directives $ipaddress>
	<VirtualHost $ipaddress:80>
		ServerName $ipaddress
		ServerAdmin holger@layer-acht.org
		CustomLog /var/log/apache2/access.log combined
		ErrorLog /var/log/apache2/error.log
		<Proxy *>
			Order deny,allow
			Allow from all
		</Proxy>
		ProxyPreserveHost on
		AllowEncodedSlashes NoDecode
		# proxy everything but a few urls
		ProxyPass /server-status !
		# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
		ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
		ProxyPass /userContent !
		ProxyPass / http://localhost:8080/ nocanon
		ProxyPassReverse  / http://localhost:8080/
	</VirtualHost>
</Macro>

<Macro common-debian-service-https-redirect $name>
	<VirtualHost *:80>
		ServerName $name
		ServerAdmin holger@layer-acht.org
		CustomLog /var/log/apache2/access.log combined
		ErrorLog /var/log/apache2/error.log
		Redirect permanent / https://$name/
	</VirtualHost>
</Macro>

<Macro common-directives $name>
	SSLEngine on
	SSLCertificateChainFile /etc/apache2/ssl/gsdomainvalsha2g2r1.crt

	ServerName $name
	ServerAdmin holger@layer-acht.org

	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		AddType text/plain .log
	</Directory>
	<Directory /var/lib/jenkins/userContent>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		AddType text/plain .log
	</Directory>

	RewriteEngine on
	ProxyRequests Off

	# HSTS
	RequestHeader set X-Forwarded-Proto "https"
	RequestHeader set X-Forwarded-Port "443"
	Header always add Strict-Transport-Security "max-age=15552000"

	ErrorLog ${APACHE_LOG_DIR}/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</Macro>

Use localhost-directives 127.0.0.1
Use localhost-directives 10.0.2.1

Use common-debian-service-https-redirect jenkins.debian.net
Use common-debian-service-https-redirect reproducible.debian.net

<VirtualHost *:443>
	Use common-directives jenkins.debian.net
	SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem

	DocumentRoot /var/www

	# allow certain params only from alioth (token is used to trigger builds)
	RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
	# this is git.d.o which is really moszumanska.d.o
	# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
	RewriteCond %{QUERY_STRING} token
	RewriteRule ^ - [F]

	# a bunch of redirects to point people to https://reproducible.debian.net
	RewriteCond %{HTTP_HOST} jenkins\.debian\.net
	RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_notess.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
	RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]

	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
	ProxyPreserveHost on
	AllowEncodedSlashes NoDecode
	# proxy everything but a few urls
	ProxyPass /munin !
	ProxyPass /server-status !
	ProxyPass /calamaris !
	ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt
	# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
	ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
	ProxyPass /userContent !
	ProxyPass / http://localhost:8080/ nocanon
	ProxyPassReverse  / http://localhost:8080/
</VirtualHost>


<VirtualHost *:443>
	Use common-directives reproducible.debian.net
	SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem

	DocumentRoot /var/lib/jenkins/userContent

	# use reproducible.html as "home page"
	RewriteCond %{HTTP_HOST} reproducible\.debian\.net
	RewriteCond %{REQUEST_URI} ^/$
	RewriteRule ^/(.*) /reproducible.html [R,L]

	# drop the (old|ugly) /userContent/ directory from the url
	RewriteCond %{HTTP_HOST} reproducible\.debian\.net
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_URI} ^/userContent
	RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]

	# redirect rb.d.n/$PKG → rb.d.n/rb-pkg/$PKG.html
	RewriteCond %{HTTP_HOST} reproducible\.debian\.net
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/rb-pkg/$1.html -f
	RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/$1.html [R=302,L]
</VirtualHost>