modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb

   1 # puppet maintained
   2
   3 ######################
   4 # deb.debian.org
   5 <% if scope.function_has_static_component(['deb.debian.org']) -%>
   6 <Macro vstatic-vhost-extra-deb.debian.org>
   7         ServerAlias httpredir.debian.org
   8         ServerAlias cdn.debian.net
   9         ServerAlias http.debian.net
  10
  11         Redirect /debian/           http://cdn-fastly.deb.debian.org/debian/
  12         Redirect /debian-debug/     http://cdn-fastly.deb.debian.org/debian-debug/
  13         Redirect /debian-ports/     http://cdn-fastly.deb.debian.org/debian-ports/
  14         Redirect /debian-security/  http://cdn-fastly.deb.debian.org/debian-security/
  15 </Macro>
  16
  17 <VirtualHost <%= @vhost_listen_443 %> >
  18         ServerName deb.debian.org
  19
  20         ErrorLog /var/log/apache2/deb.debian.org-error.log
  21         CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
  22
  23         Use common-debian-service-ssl deb.debian.org
  24         Use common-ssl-HSTS
  25
  26         ServerAdmin debian-admin@lists.debian.org
  27         <IfModule mod_userdir.c>
  28                 UserDir disabled
  29         </IfModule>
  30         ServerSignature On
  31
  32         DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
  33         <Directory /srv/static.debian.org/mirrors/deb.debian.org/cur>
  34                 AllowOverride FileInfo Indexes Options=Multiviews
  35                 Options Indexes SymLinksIfOwnerMatch
  36                 Require all granted
  37         </Directory>
  38
  39         Header set Surrogate-Key <%= @hostname %>
  40
  41         AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
  42
  43         Redirect /debian/           https://cdn-aws.deb.debian.org/debian/
  44         Redirect /debian-debug/     https://cdn-aws.deb.debian.org/debian-debug/
  45         Redirect /debian-ports/     https://cdn-aws.deb.debian.org/debian-ports/
  46         Redirect /debian-security/  https://cdn-aws.deb.debian.org/debian-security/
  47 </VirtualHost>
  48 <% end -%>
  49
  50 <Macro vstatic-vhost-extra-network-test.debian.org>
  51         ServerAlias network-test-backend.debian.org
  52 </Macro>
  53
  54 <Macro vstatic-vhost-extra-bits.debian.org>
  55         <IfModule mod_geoip.c>
  56                 CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo
  57         </IfModule>
  58 </Macro>
  59
  60 <Macro vstatic-vhost-extra-metadata.ftp-master.debian.org>
  61         AddDefaultCharset utf-8
  62
  63         # Rewrite away double slashes
  64         RewriteEngine on
  65         RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
  66         RewriteRule . %1/%2 [R=301,L,NE]
  67
  68         <LocationMatch "/changelogs/(main|contrib|non-free)">
  69                 ForceType text/plain
  70         </LocationMatch>
  71 </Macro>
  72
  73 <Macro vstatic-vhost-extra-release.debian.org>
  74         RewriteEngine   on
  75         RewriteRule             ^/migration/$                   /migration/testing.pl
  76         RewriteRule             ^/migration/search/(.+)/$       /migration/testing.pl?package=$1
  77         RewriteCond             %{QUERY_STRING} package=((.)(.*))
  78         RewriteRule             ^/migration/testing.pl          /migration/cache/%2/%1.html [PT,L]
  79         RewriteRule             ^/migration/testing.pl          /migration/cache/_index.html
  80
  81         Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
  82         <Directory /srv/static.debian.org/mirrors/release.debian.org-pu/cur>
  83                 Require all granted
  84                 Options Indexes SymLinksIfOwnerMatch MultiViews
  85
  86                 AddEncoding gzip .gz
  87                 FilterDeclare gzip CONTENT_SET
  88                 FilterProvider gzip inflate "%{req:Accept-Encoding} !~ /gzip/"
  89                 FilterChain gzip
  90                 <Files *.debdiff.gz>
  91                         ForceType text/plain
  92                         AddDefaultCharset utf-8
  93                 </Files>
  94                 <Files *.debdiff.html.gz>
  95                         ForceType text/html
  96                         AddDefaultCharset utf-8
  97                 </Files>
  98         </Directory>
  99 </Macro>
 100
 101 <Macro vstatic-vhost-extra-www.ports.debian.org>
 102         <Directory /srv/static.debian.org/mirrors/www.ports.debian.org/cur>
 103                 AllowOverride FileInfo Indexes Options=Multiviews
 104                 Options Multiviews Indexes FollowSymLinks Includes
 105                 Require all granted
 106         </Directory>
 107
 108         AddOutputFilter INCLUDES .xhtml
 109 </Macro>
 110
 111
 112 <Macro vstatic-vhost-extra-lintian.debian.org>
 113         AddDefaultCharset utf-8
 114
 115         <Directory /srv/static.debian.org/mirrors/lintian.debian.org/cur>
 116                 Require all granted
 117
 118                 # These three lines makes apache serve
 119                 # "lintian.log.gz" as a text/plain with encoding gzip
 120                 # making it easier to view the log in the browser.
 121                 RemoveType .gz
 122                 AddEncoding x-gzip .gz
 123                 AddType text/plain .log
 124
 125                 <IfModule mod_userdir.c>
 126                         AddOutputFilterByType DEFLATE image/svg+xml
 127                         AddOutputFilterByType DEFLATE text/plain
 128                 </IfModule>
 129         </Directory>
 130
 131         <Directory /srv/static.debian.org/mirrors/lintian.debian.org/cur/resources>
 132                 # Cache these for a year (3600 * 24 * 365.25)
 133                 # Files in here will change name if their content change
 134                 Header set Cache-Control "max-age=31557600, public"
 135         </Directory>
 136
 137         RewriteEngine on
 138         RewriteMap source-map txt:/srv/static.debian.org/mirrors/lintian.debian.org/cur/lookup-tables/source-packages
 139
 140         # Re-direct from the "old" locations to the new ones
 141         RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L,R=permanent]
 142         RewriteRule ^/reports/(.*)$ /$1 [L,R=permanent]
 143
 144         # Map source packages to reports (this mapping is re-written once per lintian run,
 145         # serve it as a 302 rather than a permanent redirect)
 146         # Version-less request
 147         RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
 148         # Versioned request
 149         RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
 150
 151         Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
 152         <FilesMatch "\.(svg)$">
 153                 Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
 154         </FilesMatch>
 155 </Macro>
 156
 157 <%=
 158
 159 def vhost(lines, sn, kwargs={})
 160         if scope.function_has_static_component([sn])
 161                 if not kwargs[:extra]
 162                                 lines << "<Macro vstatic-vhost-extra-#{sn}>"
 163                                 lines << "  # mod macro does not like empty macros, so here's some content:"
 164                                 lines << "  <Directory /non-existant>"
 165                                 lines << "  </Directory>"
 166                                 lines << "</Macro>"
 167                 end
 168
 169                 lines << "Use prepare-static-vhost #{sn}"
 170
 171                 if kwargs[:ssl] and kwargs[:ssl_optional]
 172                         lines << "Use static-vhost-plain-#{sn}"
 173                         lines << "Use static-vhost-ssl-#{sn}"
 174                 elsif kwargs[:ssl]
 175                         lines << "Use common-dsa-vhost-https-redirect #{sn}"
 176                         lines << "Use static-vhost-ssl-#{sn}"
 177                 else
 178                         lines << "Use static-vhost-plain-#{sn}"
 179                 end
 180
 181                 onion = scope.function_onion_global_service_hostname([sn])
 182                 lines << "Use static-vhost-onion-#{sn} #{onion}" if onion
 183
 184                 lines << ""
 185         end
 186 end
 187
 188 lines = []
 189 vhost(lines, "mozilla.debian.net"            , :ssl => true, :ssl_optional => true)
 190 vhost(lines, "backports.debian.org"          , :ssl => true)
 191 vhost(lines, "incoming.debian.org"           , :ssl => true, :ssl_optional => true)
 192 vhost(lines, "incoming.ports.debian.org"     , :ssl => true, :ssl_optional => true)
 193 vhost(lines, "debdeltas.debian.net"          , :ssl => true, :ssl_optional => true)
 194 vhost(lines, "news.debian.net"               , :ssl => true)
 195 vhost(lines, "bootstrap.debian.net"          , :ssl => true)
 196 vhost(lines, "debaday.debian.net"            , :ssl => true)
 197 vhost(lines, "timeline.debian.net"           , :ssl => true)
 198 vhost(lines, "network-test.debian.org"       , :extra => true)
 199 vhost(lines, "blends.debian.org"             , :ssl => true)
 200 vhost(lines, "wnpp-by-tags.debian.net"       , :ssl => true)
 201 vhost(lines, "security-team.debian.org"      , :ssl => true)
 202 vhost(lines, "d-i.debian.org"                , :ssl => true)
 203 vhost(lines, "appstream.debian.org"          , :ssl => true)
 204 vhost(lines, "apt.buildd.debian.org"         , :ssl => true)
 205 vhost(lines, "dpl.debian.org"                , :ssl => true)
 206 vhost(lines, "dsa.debian.org"                , :ssl => true)
 207 vhost(lines, "rtc.debian.org"                , :ssl => true)
 208 vhost(lines, "mirror-master.debian.org"      , :ssl => true)
 209 vhost(lines, "onion.debian.org"              , :ssl => true)
 210 vhost(lines, "manpages.debian.org"           , :ssl => true, :extra => true)
 211
 212 vhost(lines, "bits.debian.org"               , :ssl => true, :extra => true)
 213 vhost(lines, "micronews.debian.org"          , :ssl => true)
 214 vhost(lines, "metadata.ftp-master.debian.org", :extra => true)
 215
 216 vhost(lines, "10years.debconf.org"           , :ssl => true)
 217 vhost(lines, "debconf0.debconf.org"          , :ssl => true)
 218 vhost(lines, "debconf1.debconf.org"          , :ssl => true)
 219 vhost(lines, "debconf2.debconf.org"          , :ssl => true)
 220 vhost(lines, "debconf3.debconf.org"          , :ssl => true)
 221 vhost(lines, "debconf4.debconf.org"          , :ssl => true)
 222 vhost(lines, "debconf5.debconf.org"          , :ssl => true)
 223 vhost(lines, "debconf6.debconf.org"          , :ssl => true)
 224 vhost(lines, "debconf7.debconf.org"          , :ssl => true)
 225 vhost(lines, "debconf16.debconf.org"         , :ssl => true)
 226 vhost(lines, "es.debconf.org"                , :ssl => true)
 227 vhost(lines, "fr.debconf.org"                , :ssl => true)
 228 vhost(lines, "miniconf10.debconf.org"        , :ssl => true)
 229
 230 vhost(lines, "deb.debian.org"                , :extra => true)
 231 vhost(lines, "release.debian.org"            , :ssl => true, :extra => true)
 232 vhost(lines, "www.ports.debian.org"          , :ssl => true, :extra => true)
 233 vhost(lines, "lintian.debian.org"            , :ssl => true, :extra => true)
 234
 235 lines.join("\n")
 236 -%>
 237
 238 # www.backports.org
 239 ###################
 240 # www.backports.org is the historical place for the backports
 241 # website and archive.  It is now a CNAME to backports.debian.org:
 242 # redirect http requests.
 243 <VirtualHost <%= @vhost_listen %> >
 244         ServerName www.backports.org
 245         ServerAlias lists.backports.org
 246         ServerAdmin debian-admin@debian.org
 247         RedirectPermanent / http://backports.debian.org/
 248 </VirtualHost>
 249
 250 ######################
 251 <VirtualHost <%= @vhost_listen %> >
 252         ServerName www.debian-ports.org
 253         ServerAlias debian-ports.org
 254         ServerAdmin debian-admin@debian.org
 255         RedirectPermanent / https://www.ports.debian.org/
 256 </VirtualHost>
 257
 258 <VirtualHost <%= @vhost_listen %> >
 259         ServerName ports.debian.org
 260         ServerAlias ports.debian.net
 261         ServerAdmin debian-admin@debian.org
 262         RedirectPermanent / https://www.ports.debian.org/
 263 </VirtualHost>
 264
 265 <VirtualHost <%= @vhost_listen %> >
 266         ServerName incoming.debian-ports.org
 267         ServerAdmin debian-admin@debian.org
 268         RedirectPermanent / http://incoming.ports.debian.org/
 269 </VirtualHost>
 270
 271 <VirtualHost <%= @vhost_listen %> >
 272         ServerName ftp.debian-ports.org
 273         ServerAdmin debian-admin@debian.org
 274         RedirectPermanent /archive http://www.ports.debian.org
 275         RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
 276         RedirectPermanent /debian-cd http://ftp.ports.debian.org/debian-ports-cd
 277         RedirectPermanent / http://ftp.ports.debian.org/
 278 </VirtualHost>
 279
 280 <VirtualHost <%= @vhost_listen %> >
 281         ServerName video.debian.net
 282         ServerAdmin debian-admin@debian.org
 283         Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
 284 </VirtualHost>
 285
 286 # historical sites
 287 ##################
 288 # now only redirects remain
 289 <VirtualHost <%= @vhost_listen %> >
 290         ServerName women.debian.org
 291         ServerAdmin debian-admin@debian.org
 292
 293         RedirectPermanent / http://www.debian.org/women/
 294
 295         RedirectPermanent /about/ http://www.debian.org/women/about
 296         RedirectPermanent /contact/ http://www.debian.org/women/contact
 297         RedirectPermanent /faqs/ http://www.debian.org/women/faq
 298         RedirectPermanent /home/ http://www.debian.org/women/
 299         RedirectPermanent /images/dw.png http://www.debian.org/women/dw.png
 300         RedirectPermanent /involvement/ http://www.debian.org/women/participate
 301         RedirectPermanent /mentoring/ http://www.debian.org/women/mentoring
 302         RedirectPermanent /press/ http://wiki.debian.org/DebianWomen/Press
 303         RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
 304 </VirtualHost>
 305
 306 <VirtualHost <%= @vhost_listen %> >
 307         ServerName volatile.debian.org
 308         ServerAlias volatile-master.debian.org
 309         ServerAdmin debian-admin@debian.org
 310         RedirectPermanent / http://www.debian.org/volatile/
 311 </VirtualHost>
 312
 313 <VirtualHost <%= @vhost_listen %> >
 314         ServerName ftp-master.metadata.debian.org
 315         ServerAdmin debian-admin@debian.org
 316         RedirectPermanent / http://metadata.ftp-master.debian.org/
 317 </VirtualHost>
 318
 319 <VirtualHost <%= @vhost_listen %> >
 320         ServerName backports-master.debian.org
 321         ServerAdmin debian-admin@debian.org
 322         RedirectPermanent / https://backports.debian.org/
 323 </VirtualHost>
 324
 325 <VirtualHost <%= @vhost_listen %> >
 326         ServerName manpages.debian.net
 327         ServerAdmin debian-admin@debian.org
 328         Redirect / https://manpages.debian.org/
 329 </VirtualHost>
 330
 331 # error pages
 332 #############
 333
 334 Use common-dsa-vhost-https-redirect archive.debian.net
 335 <VirtualHost <%= @vhost_listen_443 %> >
 336         ServerName archive.debian.net
 337         ServerAdmin debian-admin@debian.org
 338         ErrorLog /var/log/apache2/archive.debian.net-error.log
 339         CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
 340
 341         Use common-debian-service-ssl archive.debian.net
 342         Use common-ssl-HSTS
 343
 344         <IfModule mod_userdir.c>
 345                 UserDir disabled
 346         </IfModule>
 347         ServerSignature On
 348
 349         DocumentRoot /srv/static.debian.org/puppet/archive.debian.net
 350         <Directory /srv/static.debian.org/puppet/archive.debian.net>
 351                 AllowOverride FileInfo Indexes Options=Multiviews
 352                 Options Indexes SymLinksIfOwnerMatch
 353                 Require all granted
 354         </Directory>
 355
 356         RedirectMatch 503 ^/(?!503\.html)
 357         ErrorDocument 503 /503.html
 358         Header always set Retry-After "18000"
 359 </VirtualHost>
 360
 361
 362 # vim:ft=apache: