manage pg_hba on melartin
[mirror/dsa-puppet.git] / modules / roles / templates / security_mirror / security.debian.org.erb
1 ##
2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
4 ##
5
6 <VirtualHost <%= @vhost_listen %> 127.0.0.1:80 [::1]:80 >
7    ServerAdmin debian-admin@debian.org
8    DocumentRoot /srv/mirrors/debian-security
9    ServerPath /debian-security
10    ServerName security.debian.org
11    ServerAlias security.ipv6.debian.org
12    ServerAlias security.eu.debian.org
13    ServerAlias security.us.debian.org
14    ServerAlias security.na.debian.org
15    ServerAlias security.geo.debian.org
16    ServerAlias security-cdn.debian.org
17    ServerAlias security-cdn1.debian.org
18    ServerAlias security-cdn2.debian.org
19    ServerAlias security-nagios.debian.org
20    <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
21    ServerAlias <%= scope.function_onion_global_service_hostname(['security.debian.org']) %>
22    <% end %>
23    ServerAlias security.backend.mirrors.debian.org
24    ServerAlias *.security.backend.mirrors.debian.org
25    ServerAlias security.anycast-test.mirrors.debian.org
26
27
28    ExpiresActive On
29    ExpiresDefault "access plus 2 minutes"
30
31    Alias /debian-security /srv/mirrors/debian-security
32    Use ftp-archive /srv/mirrors/debian-security
33
34    Alias /_health /run/dsa-mirror-health-security/health
35    <Directory /run/dsa-mirror-health-security/>
36       Require all granted
37    </Directory>
38
39    RewriteEngine on
40    RewriteRule ^/$      https://www.debian.org/security/
41
42    RewriteCond %{HTTP:Fastly-Client-IP} !. [NV]
43    RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront"
44    RewriteCond %{HTTP_USER_AGENT} "!check_http"
45    RewriteCond %{HTTP_USER_AGENT} "!dsa-check-mirrorsync"
46    RewriteCond %{HTTP_USER_AGENT} "!mirror-health"
47    <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
48    RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
49    <% end %>
50    RewriteCond %{REQUEST_URI} "!=/_health"
51    RewriteRule ^/(.*) http://security-cdn.debian.org/$1 [L,R=302]
52
53    CustomLog /var/log/apache2/security.debian.org-access.log combined
54    ServerSignature On
55 </VirtualHost>
56
57 # vim:set syn=apache: