NameVirtualHost *:80
NameVirtualHost *:443
ServerName $ipaddress
ServerAdmin holger@layer-acht.org
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
Require all granted
ProxyPreserveHost on
AllowEncodedSlashes NoDecode
# proxy everything but a few urls
ProxyPass /server-status !
# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
ProxyPass /userContent !
ProxyPass /cli !
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ServerName $name
ServerAdmin holger@layer-acht.org
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
Redirect permanent / https://$name/
SSLEngine on
SSLCertificateChainFile /etc/apache2/ssl/$chainfile
ServerName $name
ServerAdmin holger@layer-acht.org
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
AddType text/plain .log
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
AddType text/plain .log
AddEncoding gzip .gz
ForceType text/plain
FilterDeclare gzipInflate CONTENT_SET
= 2.4>
FilterProvider gzipInflate inflate "%{req:Accept-Encoding} !~ /gzip/"
FilterProvider gzipInflate inflate req=Accept-Encoding !$gzip
FilterChain +gzipInflate
RewriteEngine on
ProxyRequests Off
# HSTS
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
Header always add Strict-Transport-Security "max-age=15552000"
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Use localhost-directives 127.0.0.1
Use localhost-directives 10.0.2.1
Use common-debian-service-https-redirect jenkins.debian.net
Use common-debian-service-https-redirect reproducible.debian.net
Use common-debian-service-https-redirect reproducible-builds.org
Use common-directives jenkins.debian.net gsdomainvalsha2g2r1.crt
SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem
DocumentRoot /var/www
AddDefaultCharset utf-8
# allow certain params only from alioth (token is used to trigger builds)
RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
# this is git.d.o which is really moszumanska.d.o
# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
RewriteCond %{QUERY_STRING} token
RewriteRule ^ - [F]
# a bunch of redirects to point people to https://reproducible.debian.net
RewriteCond %{HTTP_HOST} jenkins\.debian\.net
RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_notes.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or]
RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/artifacts/ [or]
RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
RewriteRule ^/?(.*) https://reproducible.debian.net/$1 [R=301,L]
Require all granted
ProxyPreserveHost on
AllowEncodedSlashes NoDecode
# proxy everything but a few urls
ProxyPass /munin !
ProxyPass /munin-cgi !
ProxyPass /server-status !
ProxyPass /calamaris !
ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt
# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
ProxyPass /userContent !
ProxyPass /cli !
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
Use common-directives reproducible.debian.net gsdomainvalsha2g2r1.crt
SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem
DocumentRoot /var/lib/jenkins/userContent/reproducible
AddDefaultCharset utf-8
HeaderName .HEADER.html
# use reproducible.html as "home page"
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/(.*) /reproducible.html [R,L]
# drop the (old|ugly) /userContent/ directory from the url
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/userContent
RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]
# redirect rb.d.n/issues/$ISSUE → rb.d.n/issues/unstable/$ISSUE
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/issues/unstable/$1 -f
RewriteRule ^/issues/([a-z0-9.+-_]+) /issues/unstable/$1 [R=302,L]
# redirect rb.d.n/$PKG → rb.d.n/rb-pkg/unstable/amd64/$PKG.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1.html -f
RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1.html [R=302,L]
# redirect rb.d.n/redirect/?SrcPkg=$PKG → rb.d.n/rb-pkg/unstable/amd64/$PKG.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} ^(\w+)=([a-z0-9.+-]+)$
RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/%2.html -f
RewriteRule ^/redirect /rb-pkg/unstable/amd64/%2.html? [R=302,L]
# redirect rb.d.n/$PKG → rb.d.n/rb-pkg/experimental/amd64/$PKG.html
# (this is the fallback for the previous redirect and should only catch packages which are only in experimental)
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/experimental/amd64/$1.html -f
RewriteRule ^/([a-z0-9.+-]+) /rb-pkg/experimental/amd64/$1.html [R=302,L]
# redirect rb.d.n/$suite/(amd64|armhf)/$PKG → rb.d.n/rb-pkg/$suite/$arch/$PKG.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/$1/$2/$3.html -f
RewriteRule ^/(unstable|testing|experimental)/([a-z0-9]+)/([a-z0-9.+-]+) /rb-pkg/$1/$2/$3.html [R=302,L]
# redirect rb.d.n/rb-pkg/$PKG.html → rb.d.n/rb-pkg/unstable/amd64/$PKG.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/rb-pkg/unstable/amd64/$1 -f
RewriteRule ^/rb-pkg/([a-z0-9.+-]+) /rb-pkg/unstable/amd64/$1 [R=301,L]
# the same for /dbd/
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/dbd/unstable/amd64/$1 -f
RewriteRule ^/dbd/([a-z0-9.+-_]+) /dbd/unstable/amd64/$1 [R=301,L]
# the same for /rbuild/
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/rbuild/unstable/amd64/$1 -f
RewriteRule ^/rbuild/([a-z0-9.+-_]+) /rbuild/unstable/amd64/$1 [R=301,L]
# the same for /buildinfo/
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /var/lib/jenkins/userContent/reproducible/buildinfo/unstable/amd64/$1 -f
RewriteRule ^/buildinfo/([a-z0-9.+-_]+) /buildinfo/unstable/amd64/$1 [R=301,L]
# redirect some rb.d.n/index_*.html to the suite/arch relative one
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/index_reproducible.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_FTBR.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_FTBFS.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_depwait.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_404.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_not_for_us.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_blacklisted.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_last_24h.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_last_48h.html$ [or]
RewriteCond %{REQUEST_URI} ^/index_all_abc.html$
RewriteRule ^/?(.+) /unstable/amd64/$1 [R=301,L]
# redirect (/testing|unstable|/experimental) to (/testing|/unstable|/experimental)/index_suite_amd64_stats.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/(testing|unstable|experimental)/$
RewriteRule ^/(.*) /$1index_suite_amd64_stats.html [R,L]
# redirect (/testing|unstable|/experimental)/(amd64|armhf) to (/testing|/unstable|/experimental)/index_suite_(amd64|armhf)_stats.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/(testing|unstable|experimental)/(amd64|armhf)/$
RewriteRule ^/([a-z0-9]+)/([a-z0-9]+) /$1/index_suite_$2_stats.html [R,L]
# redirect (/(amd64|armhf) to (/testing|/unstable|/experimental)/index_suite_(amd64|armhf)_stats.html
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/(amd64|armhf)(/|)$
RewriteRule ^/([a-z0-9]+) /unstable/index_suite_$1_stats.html [R,L]
# redirect /coreboot/ to coreboot/coreboot.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/coreboot/$
RewriteRule ^/(.*) /coreboot/coreboot.html [R,L]
# redirect /openwrt/ to openwrt/openwrt.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/openwrt/$
RewriteRule ^/(.*) /openwrt/openwrt.html [R,L]
# redirect /netbsd/ to netbsd/netbsd.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/netbsd/$
RewriteRule ^/(.*) /netbsd/netbsd.html [R,L]
# redirect /freebsd/ to freebsd/freebsd.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/freebsd/$
RewriteRule ^/(.*) /freebsd/freebsd.html [R,L]
# redirect /archlinux/ to archlinux/archlinux.html
# note: the missing slash in the RewriteRule is wanted to avoid a double slash
RewriteCond %{HTTP_HOST} reproducible\.debian\.net
RewriteCond %{REQUEST_URI} ^/archlinux/$
RewriteRule ^/(.*) /archlinux/archlinux.html [R,L]
# redirect /issues/ to /index_issues.html
RewriteCond %{REQUEST_URI} ^/issues/$
RewriteRule ^/(.*) /index_issues.html [R,L]
Require all granted
Use common-directives reproducible-builds.org startcom.crt
SSLCertificateFile /etc/apache2/ssl/reproducible-builds.org.pem
DocumentRoot /srv/reproducible-builds.org/www
AddDefaultCharset utf-8
Alias /website.git /srv/reproducible-builds.org/git/website.git
Alias /specs /var/lib/jenkins/userContent/reproducible/specs
RewriteEngine on
RewriteRule /howto($|/.*) /docs/ [R=permanent]
AllowOverride None
Require all granted
Options Indexes
AllowOverride None
Require all granted