1 Use common-debian-service-https-redirect * jenkins.debian.org
4 ServerName jenkins.debian.org
5 ServerAdmin debian-admin@lists.debian.org
7 Use common-debian-service-ssl jenkins.debian.org
10 SSLCACertificateFile /var/lib/dsa/sso/ca.crt
11 SSLCARevocationCheck chain
12 SSLCARevocationFile /var/lib/dsa/sso/ca.crl
13 SSLVerifyClient optional
15 SSLOptions +StdEnvVars
17 <IfModule mod_userdir.c>
20 ErrorLog /var/log/apache2/jenkins.debian.org-error.log
21 CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
23 <IfModule mod_proxy.c>
24 RequestHeader unset X-Forwarded-User
25 RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
30 AllowEncodedSlashes NoDecode
32 <Location /http-auth-jenkins/>
33 AuthName "Debian Jenkins"
35 AuthDigestProvider file
36 AuthUserFile /srv/jenkins.debian.org/etc/htdigest
40 # see the Apache documentation on why this has to be lookahead
41 RewriteCond %{LA-U:REMOTE_USER} (.+)
42 # this actually doesn't rewrite anything. what we do here is to set RU to the match above
43 # "NS" prevents flooding the error log
44 RewriteRule .* - [E=RU:%1,NS]
45 RequestHeader set X-Forwarded-User %{RU}e
47 ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
48 ProxyPassReverse http://127.0.0.1:8080/
49 ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
52 ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
53 ProxyPassReverse / http://127.0.0.1:8080/
54 ProxyPassReverse / http://jenkins.debian.org/
57 RequestHeader set X-Forwarded-Proto "https"
58 RequestHeader set X-Forwarded-Port "443"