NameVirtualHost *:80
NameVirtualHost *:443

<Macro localhost-directives $ipaddress>
	<VirtualHost $ipaddress:80>
		ServerName $ipaddress
		ServerAdmin holger@layer-acht.org
		CustomLog /var/log/apache2/access.log combined
		ErrorLog /var/log/apache2/error.log
		<Proxy *>
			Require all granted
		</Proxy>
		ProxyPreserveHost on
		AllowEncodedSlashes NoDecode
		# proxy everything but a few urls
		ProxyPass /server-status !
		# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
		ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
		ProxyPass /userContent !
		ProxyPass /cli !
		ProxyPass / http://localhost:8080/ nocanon
		ProxyPassReverse  / http://localhost:8080/
	</VirtualHost>
</Macro>

<Macro common-debian-service-https-redirect $name>
	<VirtualHost *:80>
		ServerName $name
		ServerAdmin holger@layer-acht.org
		CustomLog /var/log/apache2/access.log combined
		ErrorLog /var/log/apache2/error.log
		Redirect permanent / https://$name/
	</VirtualHost>
</Macro>

<Macro common-directives-ssl-chain $chainfile>
	SSLEngine on
	SSLCertificateChainFile /etc/apache2/ssl/$chainfile
</Macro>

<Macro common-directives-ssl-key $keyfile>
	SSLEngine on
	SSLCertificateKeyFile /etc/apache2/ssl/$keyfile
</Macro>

<Macro common-directives $name>
	ServerName $name
	ServerAdmin holger@layer-acht.org

	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Require all granted
		AddType text/plain .log
	</Directory>
	<Directory /var/lib/jenkins/userContent>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Require all granted
		AddType text/plain .log
	</Directory>

	<FilesMatch "\.gz$">
		AddEncoding gzip .gz
		ForceType text/plain
		FilterDeclare gzipInflate CONTENT_SET
		<IfVersion >= 2.4>
			FilterProvider gzipInflate inflate "%{req:Accept-Encoding} !~ /gzip/"
		</IfVersion>
		<IfVersion < 2.4>
			FilterProvider gzipInflate inflate req=Accept-Encoding !$gzip
		</IfVersion>
		FilterChain +gzipInflate
	</FilesMatch>

	RewriteEngine on
	ProxyRequests Off

	# HSTS
	RequestHeader set X-Forwarded-Proto "https"
	RequestHeader set X-Forwarded-Port "443"
	Header always add Strict-Transport-Security "max-age=15552000"

	ErrorLog ${APACHE_LOG_DIR}/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</Macro>

Use localhost-directives 127.0.0.1
Use localhost-directives 10.0.2.1

Use common-debian-service-https-redirect jenkins.debian.net
Use common-debian-service-https-redirect reproducible.debian.net
Use common-debian-service-https-redirect tests.reproducible-builds.org
Use common-debian-service-https-redirect reproducible-builds.org

<VirtualHost *:443>
	Use common-directives jenkins.debian.net
	Use common-directives-ssl-key jenkins.debian.net.key
	SSLCertificateFile /etc/apache2/ssl/jenkins.debian.net.pem

	DocumentRoot /var/www
	AddDefaultCharset utf-8

	# allow certain params only from alioth (token is used to trigger builds)
	RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21
	# this is git.d.o which is really moszumanska.d.o
	# etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this...
	RewriteCond %{QUERY_STRING} token
	RewriteRule ^ - [F]

	# a bunch of redirects to point people to https://reproducible.debian.net
	RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_notes.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/artifacts/ [or]
	RewriteCond %{REQUEST_URI} ^/userContent/rbuild/
	RewriteRule ^/userContent/(.*) https://reproducible.debian.net/debian/$1 [R=301,L]

	<Proxy *>
		Require all granted
	</Proxy>
	ProxyPreserveHost on
	AllowEncodedSlashes NoDecode
	# proxy everything but a few urls
	ProxyPass /munin !
	ProxyPass /munin-cgi !
	ProxyPass /server-status !
	ProxyPass /calamaris !
	ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt
	# map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs
	ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/
	ProxyPass /userContent !
	ProxyPass /cli !
	ProxyPass / http://localhost:8080/ nocanon
	ProxyPassReverse  / http://localhost:8080/
</VirtualHost>


<VirtualHost *:443>
	Use common-directives reproducible.debian.net
	Use common-directives-ssl-key reproducible.debian.net.key
	SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem

	# just redirect everything to the new hostname
	Redirect permanent / https://tests.reproducible-builds.org/
</VirtualHost>

<VirtualHost *:443>
	Use common-directives tests.reproducible-builds.org
	Use common-directives-ssl-key reproducible.debian.net.key
	SSLCertificateFile /etc/apache2/ssl/reproducible.debian.net.pem

	DocumentRoot /var/lib/jenkins/userContent/reproducible
	AddDefaultCharset utf-8

	<Directory /var/lib/jenkins/userContent/reproducible/debian/artifacts>
		HeaderName .HEADER.html
	</Directory>

	# use reproducible.html as "home page"
	RewriteCond %{REQUEST_URI} ^/$
	RewriteRule ^/(.*) /debian/reproducible.html [R,L]

	# drop the (old|ugly) /userContent/ directory from the url
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_URI} ^/userContent
	RewriteRule ^/userContent/(.*)$ /$1 [R=301,L]

	# redirect debian specific requests from t.r-b.o/$URI → t.r-b.o/debian/$URI
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/$1 -f
	RewriteCond %{REQUEST_URI} ^/(static|testing|unstable|experimental|history|rb-pg|notes|issues|rbuild|logs|dbd|dbdtxt|index_.*\.html|stats_.*\.png|reproducible.*\.json).*$
	RewriteRule ^/(.*) /debian/$1 [R=302,L]

	# redirect t.r-b.o/issues/$ISSUE → t.r-b.o/issues/unstable/$ISSUE
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/issues/unstable/$2 -f
	RewriteRule ^/(debian/|)issues/([a-z0-9.+-_]+) /debian/issues/unstable/$2 [R=302,L]

	# redirect t.r-b.o/$PKG → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/$2.html -f
	RewriteRule ^/(debian/|)([a-z0-9.+-]+) /debian/rb-pkg/unstable/amd64/$2.html [R=302,L]

	# redirect t.r-b.o/redirect/?SrcPkg=$PKG → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{QUERY_STRING} ^(\w+)=([a-z0-9.+-]+)$
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/%2.html -f
	RewriteRule ^/redirect /debian/rb-pkg/unstable/amd64/%2.html? [R=302,L]

	# the following two rules are fallbacks for the previous two redirects and should only catch packages which are only in experimental

	# redirect t.r-b.o/$PKG → t.r-b.o/rb-pkg/experimental/amd64/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/experimental/amd64/$2.html -f
	RewriteRule ^/(debian/|)([a-z0-9.+-]+) /debian/rb-pkg/experimental/amd64/$2.html [R=302,L]

	# redirect t.r-b.o/redirect/?SrcPkg=$PKG → t.r-b.o/rb-pkg/experimental/amd64/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{QUERY_STRING} ^(\w+)=([a-z0-9.+-]+)$
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/experimental/amd64/%2.html -f
	RewriteRule ^/redirect /debian/rb-pkg/experimental/amd64/%2.html? [R=302,L]

	# redirect t.r-b.o/$suite/(amd64|armhf|i386)/$PKG → t.r-b.o/rb-pkg/$suite/$arch/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/$2/$3/$4.html -f
	RewriteRule ^/(debian/|)(unstable|testing|experimental)/([a-z0-9]+)/([a-z0-9.+-]+) /debian/rb-pkg/$2/$3/$4.html [R=302,L]

	# redirect t.r-b.o/rb-pkg/$PKG.html → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/$2 -f
	RewriteRule ^/(debian/|)rb-pkg/([a-z0-9.+-]+) /debian/rb-pkg/unstable/amd64/$2 [R=301,L]
	# the same for /dbd/
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/dbd/unstable/amd64/$2 -f
	RewriteRule ^/(debian/|)dbd/([a-z0-9.+-_]+) /debian/dbd/unstable/amd64/$2 [R=301,L]
	# the same for /rbuild/
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rbuild/unstable/amd64/$2 -f
	RewriteRule ^/(debian/|)rbuild/([a-z0-9.+-_]+) /debian/rbuild/unstable/amd64/$2 [R=301,L]
	# the same for /buildinfo/
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond /var/lib/jenkins/userContent/reproducible/debian/buildinfo/unstable/amd64/$2 -f
	RewriteRule ^/(debian/|)buildinfo/([a-z0-9.+-_]+) /debian/buildinfo/unstable/amd64/$2 [R=301,L]
	# redirect some t.r-b.o/index_*.html to the suite/arch relative one
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_reproducible.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_FTBR.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_FTBFS.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_depwait.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_404.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_not_for_us.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_blacklisted.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_last_24h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_last_48h.html$ [or]
	RewriteCond %{REQUEST_URI} ^/(debian/|)index_all_abc.html$
	RewriteRule ^/(debian/|)?(.+) /debian/unstable/amd64/$2 [R=301,L]

	# redirect (/testing|unstable|/experimental) to (/testing|/unstable|/experimental)/index_suite_amd64_stats.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/(debian/|)(testing|unstable|experimental)(/|)$
	RewriteRule ^/(debian/|)(.*) /debian/$2/index_suite_amd64_stats.html [R,L]

	# redirect (/testing|unstable|/experimental)/(amd64|armhf|i386) to (/testing|/unstable|/experimental)/index_suite_(amd64|armhf|i386)_stats.html
	RewriteCond %{REQUEST_URI} ^/(debian/|)(testing|unstable|experimental)/(amd64|armhf|i386)(/|)$
	RewriteRule ^/(debian/|)([a-z0-9]+)/([a-z0-9]+) /debian/$2/index_suite_$3_stats.html [R,L]

	# redirect (/(amd64|armhf|i386) to (/testing|/unstable|/experimental)/index_suite_(amd64|armhf|i386)_stats.html
	RewriteCond %{REQUEST_URI} ^/(debian/|)(amd64|armhf|i386)(/|)$
	RewriteRule ^/(debian/|)([a-z0-9]+) /debian/unstable/index_suite_$2_stats.html [R,L]

	# redirect /coreboot/ to coreboot/coreboot.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/coreboot(/|)$
	RewriteRule ^/(.*) /coreboot/coreboot.html [R,L]

	# redirect /openwrt/ to openwrt/openwrt.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/openwrt(/|)$
	RewriteRule ^/(.*) /openwrt/openwrt.html [R,L]

	# redirect /lede/ to lede/lede.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/lede(/|)$
	RewriteRule ^/(.*) /lede/lede.html [R,L]

	# redirect /netbsd/ to netbsd/netbsd.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/netbsd(/|)$
	RewriteRule ^/(.*) /netbsd/netbsd.html [R,L]

	# redirect /freebsd/ to freebsd/freebsd.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/freebsd(/|)$
	RewriteRule ^/(.*) /freebsd/freebsd.html [R,L]

	# redirect /archlinux/ to archlinux/archlinux.html
	# note: the missing slash in the RewriteRule is wanted to avoid a double slash
	RewriteCond %{REQUEST_URI} ^/archlinux(/|)$
	RewriteRule ^/(.*) /archlinux/archlinux.html [R,L]

	# redirect /fedora/ properly…
	RewriteCond %{REQUEST_URI} ^/fedora(/|)$
	RewriteRule ^/?(.*) /rpms/fedora-23.html [R,L]

	# redirect /issues/ to /index_issues.html
	RewriteCond %{REQUEST_URI} ^/(debian/|)issues(/|)$
	RewriteRule ^/(debian/|)(.*) /debian/index_issues.html [R,L]

	# temporary redirect until the html is rewritten
	RewriteCond %{REQUEST_URI} ^/debian(/|)$
	RewriteRule ^/?(.*) /debian/reproducible.html [R,L]

	<Proxy *>
		Require all granted
	</Proxy>

</VirtualHost>


<VirtualHost *:443>
	Use common-directives reproducible-builds.org
	Use common-directives-ssl-chain startcom.crt
	SSLCertificateFile /etc/apache2/ssl/reproducible-builds.org.pem

	DocumentRoot /srv/reproducible-builds.org/www
	AddDefaultCharset utf-8

	Alias /website.git /srv/reproducible-builds.org/git/website.git
	Alias /specs /var/lib/jenkins/userContent/reproducible/specs

	RewriteEngine on
	RewriteRule /howto($|/.*) /docs/ [R=permanent]

	<Directory /srv/reproducible-builds.org/www>
		AllowOverride None
		Require all granted
	</Directory>
	<Directory /srv/reproducible-builds.org/git>
		Options Indexes
		AllowOverride None
		Require all granted
	</Directory>
</VirtualHost>