<Macro localhost-directives $ipaddress> <VirtualHost $ipaddress:80> ServerName $ipaddress ServerAdmin holger@layer-acht.org CustomLog /var/log/apache2/access.log combined ErrorLog /var/log/apache2/error.log <Proxy *> Require all granted </Proxy> ProxyPreserveHost on AllowEncodedSlashes NoDecode # proxy everything but a few urls ProxyPass /server-status ! # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ ProxyPass /userContent ! ProxyPass /cli ! ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ </VirtualHost> </Macro> <Macro common-debian-service-https-redirect $name> <VirtualHost *:80> ServerName $name ServerAdmin holger@layer-acht.org CustomLog /var/log/apache2/access.log combined ErrorLog /var/log/apache2/error.log Redirect permanent / https://$name/ </VirtualHost> </Macro> <Macro common-directives-ssl $name> SSLEngine on SSLCertificateKeyFile /etc/apache2/ssl/$name.key SSLCertificateFile /etc/apache2/ssl/$name.pem </Macro> <Macro common-directives $name> ServerName $name ServerAdmin holger@layer-acht.org <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted AddType text/plain .log </Directory> <Directory /var/lib/jenkins/userContent> Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted AddType text/plain .log </Directory> <FilesMatch "\.gz$"> AddEncoding gzip .gz ForceType text/plain FilterDeclare gzipInflate CONTENT_SET <IfVersion >= 2.4> FilterProvider gzipInflate inflate "%{req:Accept-Encoding} !~ /gzip/" </IfVersion> <IfVersion < 2.4> FilterProvider gzipInflate inflate req=Accept-Encoding !$gzip </IfVersion> FilterChain +gzipInflate </FilesMatch> RewriteEngine on ProxyRequests Off # HSTS RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" Header always add Strict-Transport-Security "max-age=15552000" ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </Macro> Use localhost-directives 127.0.0.1 Use localhost-directives 10.0.2.1 Use common-debian-service-https-redirect jenkins.debian.net Use common-debian-service-https-redirect reproducible.debian.net Use common-debian-service-https-redirect tests.reproducible-builds.org Use common-debian-service-https-redirect reproducible-builds.org Use common-debian-service-https-redirect www.reproducible-builds.org <VirtualHost *:443> Use common-directives jenkins.debian.net Use common-directives-ssl jenkins.debian.net DocumentRoot /var/www AddDefaultCharset utf-8 # allow certain params only from alioth (token is used to trigger builds) RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21 # this is git.d.o which is really moszumanska.d.o # etc/cron.daily/jenkins checks for changes in this IP address, so root will be notified and can adopt this... RewriteCond %{QUERY_STRING} token RewriteRule ^ - [F] # a bunch of redirects to point people to https://reproducible.debian.net RewriteCond %{REQUEST_URI} ^/userContent/reproducible.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/reproducible.json$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_issues.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_notes.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_schedule.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_last_24h.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_last_48h.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_all_abc.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_dd-list.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_stats.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_pkg_sets.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_reproducible.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR_with_buildinfo.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_FTBR.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_FTBFS.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_404.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_not_for_us.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/index_blacklisted.html$ [or] RewriteCond %{REQUEST_URI} ^/userContent/rb-pkg/ [or] RewriteCond %{REQUEST_URI} ^/userContent/buildinfo/ [or] RewriteCond %{REQUEST_URI} ^/userContent/dbd/ [or] RewriteCond %{REQUEST_URI} ^/userContent/issues/ [or] RewriteCond %{REQUEST_URI} ^/userContent/notes/ [or] RewriteCond %{REQUEST_URI} ^/userContent/artifacts/ [or] RewriteCond %{REQUEST_URI} ^/userContent/rbuild/ RewriteRule ^/userContent/(.*) https://reproducible.debian.net/debian/$1 [R=301,L] <Proxy *> Require all granted </Proxy> ProxyPreserveHost on AllowEncodedSlashes NoDecode # proxy everything but a few urls ProxyPass /munin ! ProxyPass /munin-cgi ! ProxyPass /server-status ! ProxyPass /calamaris ! ProxyPass /robots.txt http://localhost:8080/userContent/robots.txt # map /d-i-preseed-cfgs to /UserContent/d-i-preseed-cfgs ProxyPass /d-i-preseed-cfgs/ http://localhost:8080/userContent/d-i-preseed-cfgs/ ProxyPass /userContent ! ProxyPass /cli ! ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ </VirtualHost> <VirtualHost *:443> Use common-directives reproducible.debian.net Use common-directives-ssl reproducible.debian.net # just redirect everything to the new hostname Redirect permanent / https://tests.reproducible-builds.org/ </VirtualHost> <VirtualHost *:443> Use common-directives tests.reproducible-builds.org Use common-directives-ssl reproducible.debian.net DocumentRoot /var/lib/jenkins/userContent/reproducible AddDefaultCharset utf-8 <Directory /var/lib/jenkins/userContent/reproducible/debian/artifacts> HeaderName .HEADER.html </Directory> # use reproducible.html as "home page" RewriteCond %{REQUEST_URI} ^/$ RewriteRule ^/(.*) /debian/reproducible.html [R,L] # drop the (old|ugly) /userContent/ directory from the url RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} ^/userContent RewriteRule ^/userContent/(.*)$ /$1 [R=301,L] # redirect debian specific requests from t.r-b.o/$URI → t.r-b.o/debian/$URI RewriteCond /var/lib/jenkins/userContent/reproducible/debian/$1 -f RewriteCond %{REQUEST_URI} ^/(static|stretch|testing|unstable|experimental|history|rb-pg|notes|issues|rbuild|logs|dbd|dbdtxt|index_.*\.html|stats_.*\.png|reproducible.*\.json).*$ RewriteRule ^/(.*) /debian/$1 [R=302,L] # redirect t.r-b.o/issues/$ISSUE → t.r-b.o/issues/unstable/$ISSUE RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/issues/unstable/$2 -f RewriteRule ^/(debian/|)issues/([a-z0-9.+-_]+) /debian/issues/unstable/$2 [R=302,L] # redirect t.r-b.o/$PKG → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/$2.html -f RewriteRule ^/(debian/|)([a-z0-9.+-]+) /debian/rb-pkg/unstable/amd64/$2.html [R=302,L] # redirect t.r-b.o/redirect/?SrcPkg=$PKG → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{QUERY_STRING} ^(\w+)=([a-z0-9.+-]+)$ RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/%2.html -f RewriteRule ^/redirect /debian/rb-pkg/unstable/amd64/%2.html? [R=302,L] # the following two rules are fallbacks for the previous two redirects and should only catch packages which are only in experimental # redirect t.r-b.o/$PKG → t.r-b.o/rb-pkg/experimental/amd64/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/experimental/amd64/$2.html -f RewriteRule ^/(debian/|)([a-z0-9.+-]+) /debian/rb-pkg/experimental/amd64/$2.html [R=302,L] # redirect t.r-b.o/redirect/?SrcPkg=$PKG → t.r-b.o/rb-pkg/experimental/amd64/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{QUERY_STRING} ^(\w+)=([a-z0-9.+-]+)$ RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/experimental/amd64/%2.html -f RewriteRule ^/redirect /debian/rb-pkg/experimental/amd64/%2.html? [R=302,L] # redirect t.r-b.o/$suite/(amd64|arm64|armhf|i386)/$PKG → t.r-b.o/rb-pkg/$suite/$arch/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/$2/$3/$4.html -f RewriteRule ^/(debian/|)(stretch|testing|unstable|experimental)/([a-z0-9]+)/([a-z0-9.+-]+) /debian/rb-pkg/$2/$3/$4.html [R=302,L] # redirect t.r-b.o/rb-pkg/$PKG.html → t.r-b.o/rb-pkg/unstable/amd64/$PKG.html RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rb-pkg/unstable/amd64/$2 -f RewriteRule ^/(debian/|)rb-pkg/([a-z0-9.+-]+) /debian/rb-pkg/unstable/amd64/$2 [R=301,L] # the same for /dbd/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/dbd/unstable/amd64/$2 -f RewriteRule ^/(debian/|)dbd/([a-z0-9.+-_]+) /debian/dbd/unstable/amd64/$2 [R=301,L] # the same for /rbuild/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/rbuild/unstable/amd64/$2 -f RewriteRule ^/(debian/|)rbuild/([a-z0-9.+-_]+) /debian/rbuild/unstable/amd64/$2 [R=301,L] # the same for /buildinfo/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond /var/lib/jenkins/userContent/reproducible/debian/buildinfo/unstable/amd64/$2 -f RewriteRule ^/(debian/|)buildinfo/([a-z0-9.+-_]+) /debian/buildinfo/unstable/amd64/$2 [R=301,L] # redirect some t.r-b.o/index_*.html to the suite/arch relative one RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} ^/(debian/|)index_reproducible.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_FTBR.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_FTBFS.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_depwait.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_404.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_not_for_us.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_blacklisted.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_last_24h.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_last_48h.html$ [or] RewriteCond %{REQUEST_URI} ^/(debian/|)index_all_abc.html$ RewriteRule ^/(debian/|)?(.+) /debian/unstable/amd64/$2 [R=301,L] # redirect /testing to /buster # note: no flags on the rule, will cause apache to continue after rewriting # the url and apply the next rule Rewritecond %{REQUEST_URI} ^/debian/testing RewriteRule ^/debian/testing/(.*) /debian/buster/$1 # redirect /$suite to /$suite/index_suite_amd64_stats.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/(debian/|)(stretch|buster|unstable|experimental)(/|)$ RewriteRule ^/(debian/|)(.*) /debian/$2/index_suite_amd64_stats.html [R,L] # redirect /$suite/$arch to $suite/index_suite_$arch_stats.html RewriteCond %{REQUEST_URI} ^/(debian/|)(stretch|buster|unstable|experimental)/(amd64|arm64|armhf|i386)(/|)$ RewriteRule ^/(debian/|)([a-z0-9]+)/([a-z0-9]+) /debian/$2/index_suite_$3_stats.html [R,L] # redirect /$arch to /unstable/index_suite_$arch_stats.html RewriteCond %{REQUEST_URI} ^/(debian/|)(amd64|arm64|armhf|i386)(/|)$ RewriteRule ^/(debian/|)([a-z0-9]+) /debian/unstable/index_suite_$2_stats.html [R,L] # redirect /coreboot/ to coreboot/coreboot.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/coreboot(/|)$ RewriteRule ^/(.*) /coreboot/coreboot.html [R,L] # redirect /openwrt/ to openwrt/openwrt.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/openwrt(/|)$ RewriteRule ^/(.*) /openwrt/openwrt.html [R,L] # redirect /lede/ to lede/lede.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/lede(/|)$ RewriteRule ^/(.*) /lede/lede.html [R,L] # redirect /netbsd/ to netbsd/netbsd.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/netbsd(/|)$ RewriteRule ^/(.*) /netbsd/netbsd.html [R,L] # redirect /freebsd/ to freebsd/freebsd.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/freebsd(/|)$ RewriteRule ^/(.*) /freebsd/freebsd.html [R,L] # redirect /archlinux/ to archlinux/archlinux.html # note: the missing slash in the RewriteRule is wanted to avoid a double slash RewriteCond %{REQUEST_URI} ^/archlinux(/|)$ RewriteRule ^/(.*) /archlinux/archlinux.html [R,L] # redirect /fedora/ properly… RewriteCond %{REQUEST_URI} ^/fedora(/|)$ RewriteRule ^/?(.*) /rpms/fedora-23.html [R,L] # redirect /issues/ to /index_issues.html RewriteCond %{REQUEST_URI} ^/(debian/|)issues(/|)$ RewriteRule ^/(debian/|)(.*) /debian/index_issues.html [R,L] # temporary redirect until the html is rewritten RewriteCond %{REQUEST_URI} ^/debian(/|)$ RewriteRule ^/?(.*) /debian/reproducible.html [R,L] # for watching service logfiles ScriptAlias /cgi-bin /srv/jenkins/bin/cgi-bin <Directory "/srv/jenkins/bin/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all granted </Directory> <Proxy *> Require all granted </Proxy> </VirtualHost> <VirtualHost *:443> Use common-directives reproducible-builds.org Use common-directives-ssl reproducible-builds.org DocumentRoot /srv/reproducible-builds.org/www AddDefaultCharset utf-8 Alias /website.git /srv/reproducible-builds.org/git/website.git Alias /specs /var/lib/jenkins/userContent/reproducible/specs RewriteEngine on RewriteRule /howto($|/.*) /docs/ [R=permanent] <Directory /srv/reproducible-builds.org/www> AllowOverride None Require all granted </Directory> <Directory /srv/reproducible-builds.org/git> Options Indexes AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost *:443> Use common-directives www.reproducible-builds.org Use common-directives-ssl reproducible-builds.org # just redirect everything to non-www Redirect permanent / https://reproducible-builds.org/ </VirtualHost>