1 Use common-debian-service-https-redirect * jenkins.debian.org
4 ServerName jenkins.debian.org
5 ServerAdmin debian-admin@lists.debian.org
7 Use common-debian-service-ssl jenkins.debian.org
9 Use http-pkp-jenkins.debian.org
11 SSLCACertificateFile /var/lib/dsa/sso/ca.crt
12 SSLCARevocationCheck chain
13 SSLCARevocationFile /var/lib/dsa/sso/ca.crl
14 SSLVerifyClient optional
16 SSLOptions +StdEnvVars
18 <IfModule mod_userdir.c>
21 ErrorLog /var/log/apache2/jenkins.debian.org-error.log
22 CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
24 <IfModule mod_proxy.c>
25 RequestHeader unset X-Forwarded-User
26 RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
31 AllowEncodedSlashes NoDecode
33 <Location /http-auth-jenkins/>
34 AuthName "Debian Jenkins"
36 AuthDigestProvider file
37 AuthUserFile /srv/jenkins.debian.org/etc/htdigest
41 # see the Apache documentation on why this has to be lookahead
42 RewriteCond %{LA-U:REMOTE_USER} (.+)
43 # this actually doesn't rewrite anything. what we do here is to set RU to the match above
44 # "NS" prevents flooding the error log
45 RewriteRule .* - [E=RU:%1,NS]
46 RequestHeader set X-Forwarded-User %{RU}e
48 ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
49 ProxyPassReverse http://127.0.0.1:8080/
50 ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
53 ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
54 ProxyPassReverse / http://127.0.0.1:8080/
55 ProxyPassReverse / http://jenkins.debian.org/
58 RequestHeader set X-Forwarded-Proto "https"
59 RequestHeader set X-Forwarded-Port "443"