modules/roles/files/jenkins/jenkins.debian.org

   1 Use common-debian-service-https-redirect * jenkins.debian.org
   2
   3 <VirtualHost *:443>
   4         ServerName jenkins.debian.org
   5         ServerAdmin debian-admin@lists.debian.org
   6
   7         Use common-debian-service-ssl jenkins.debian.org
   8         Use common-ssl-HSTS
   9         Use http-pkp-jenkins.debian.org
  10
  11         SSLCACertificateFile /var/lib/dsa/sso/ca.crt
  12         SSLCARevocationCheck chain
  13         SSLCARevocationFile /var/lib/dsa/sso/ca.crl
  14         SSLVerifyClient optional
  15
  16         SSLOptions +StdEnvVars
  17
  18         <IfModule mod_userdir.c>
  19                 UserDir disabled
  20         </IfModule>
  21         ErrorLog /var/log/apache2/jenkins.debian.org-error.log
  22         CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
  23         ServerSignature On
  24         <IfModule mod_proxy.c>
  25                 RequestHeader unset X-Forwarded-User
  26                 RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
  27                 <Proxy *>
  28                         Order deny,allow
  29                         Allow from all
  30                 </Proxy>
  31                 AllowEncodedSlashes NoDecode
  32
  33                 <Location /http-auth-jenkins/>
  34                         AuthName "Debian Jenkins"
  35                         AuthType Digest
  36                         AuthDigestProvider file
  37                         AuthUserFile /srv/jenkins.debian.org/etc/htdigest
  38                         Require valid-user
  39
  40                         RewriteEngine On
  41                         # see the Apache documentation on why this has to be lookahead
  42                         RewriteCond %{LA-U:REMOTE_USER} (.+)
  43                         # this actually doesn't rewrite anything. what we do here is to set RU to the match above
  44                         # "NS" prevents flooding the error log
  45                         RewriteRule .* - [E=RU:%1,NS]
  46                         RequestHeader set X-Forwarded-User %{RU}e
  47
  48                         ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
  49                         ProxyPassReverse http://127.0.0.1:8080/
  50                         ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
  51                 </Location>
  52
  53                 ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
  54                 ProxyPassReverse / http://127.0.0.1:8080/
  55                 ProxyPassReverse / http://jenkins.debian.org/
  56                 ProxyRequests     Off
  57                 ProxyPreserveHost on
  58                 RequestHeader set X-Forwarded-Proto "https"
  59                 RequestHeader set X-Forwarded-Port "443"
  60         </IfModule>
  61 </VirtualHost>
  62