Have the mailrelays store a firewall rule to allow incoming smtp on the other hosts
[mirror/dsa-puppet.git] / modules / roles / files / debconf_wafer / debconf20.debconf.org
1 # do not modify - this file is maintained via puppet
2
3 AddType application/font-woff2 .woff2
4
5 Use common-debian-service-https-redirect * debconf20.debconf.org
6
7 WSGIDaemonProcess debconf20 \
8   processes=3 threads=2 \
9   user=www-data group=debconf-web maximum-requests=750 umask=0007 display-name=wsgi-debconf20.debconf.org \
10   python-path=/srv/debconf-web/debconf20.debconf.org/dc20/:/srv/debconf-web/debconf20.debconf.org/dc20/ve/lib/python3.5/site-packages/
11
12 <VirtualHost *:443>
13   ServerAdmin admin@debconf.org
14   ServerName debconf20.debconf.org
15
16   ErrorLog  /var/log/apache2/debconf20.debconf.org-error.log
17   CustomLog /var/log/apache2/debconf20.debconf.org-access.log combined
18
19   Use common-debian-service-ssl debconf20.debconf.org
20   Use common-ssl-HSTS
21
22   Header always set Referrer-Policy "same-origin"
23   Header always set X-Content-Type-Options nosniff
24   Header always set X-XSS-Protection "1; mode=block"
25 #  Header always set Access-Control-Allow-Origin: "*"
26
27   # Debian SSO
28   SSLCACertificateFile /var/lib/dsa/sso/ca.crt
29   SSLCARevocationCheck chain
30   SSLCARevocationFile /var/lib/dsa/sso/ca.crl
31
32   WSGIProcessGroup debconf20
33   WSGIScriptAlias / /srv/debconf-web/debconf20.debconf.org/dc20/wsgi.py
34   WSGIPassAuthorization On
35
36   <Directory /srv/debconf-web/debconf20.debconf.org/dc20>
37     <Files wsgi.py>
38       Require all granted
39     </Files>
40   </Directory>
41
42   Alias /static/ /srv/debconf-web/debconf20.debconf.org/dc20/localstatic/
43   Alias /favicon.ico /srv/debconf-web/debconf20.debconf.org/dc20/localstatic/img/favicon/favicon.ico
44   <Directory /srv/debconf-web/debconf20.debconf.org/dc20/localstatic/>
45     Require all granted
46
47     # A little hacky, but it means we won't accidentally catch non-hashed filenames
48     <FilesMatch ".*\.[0-9a-f]{12}\.[a-z0-9]{2,5}$">
49       ExpiresActive on
50       ExpiresDefault "access plus 1 year"
51     </FilesMatch>
52   </Directory>
53
54   Alias /media/ /srv/debconf-web/debconf20.debconf.org/dc20/media/
55   <Directory /srv/debconf-web/debconf20.debconf.org/dc20/media/>
56     Require all granted
57   </Directory>
58
59   <Location /accounts/debian-login>
60     SSLOptions +StdEnvVars
61     # Allow access if one does not have a valid certificate
62     SSLVerifyClient optional
63   </Location>
64 </VirtualHost>
65
66 # vim: set ft=apache: