# puppet maintained
######################
# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
ServerAlias httpredir.debian.org
ServerAlias cdn.debian.net
ServerAlias http.debian.net
Redirect /debian http://cdn-fastly.deb.debian.org/debian
Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug
Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports
Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security
>
ServerName deb.debian.org
ErrorLog /var/log/apache2/deb.debian.org-error.log
CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
Use common-debian-service-ssl deb.debian.org
Use common-ssl-HSTS
ServerAdmin debian-admin@lists.debian.org
UserDir disabled
ServerSignature On
DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
AllowOverride FileInfo Indexes Options=Multiviews
Options Indexes SymLinksIfOwnerMatch
Require all granted
Header set Surrogate-Key <%= @hostname %>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
Redirect /debian https://cdn-aws.deb.debian.org/debian
Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug
Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports
Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security
<% end -%>
ServerAlias network-test-backend.debian.org
Header set Cache-Control "must-revalidate, max-age=0"
CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo
AddDefaultCharset utf-8
# Rewrite away double slashes
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
RewriteRule . %1/%2 [R=301,L,NE]
ForceType text/plain
RewriteEngine on
RewriteRule ^/migration/$ /migration/testing.pl
RewriteRule ^/migration/search/(.+)/$ /migration/testing.pl?package=$1
RewriteCond %{QUERY_STRING} package=((.)(.*))
RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L]
RewriteRule ^/migration/testing.pl /migration/cache/_index.html
Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Require all granted
Options Indexes SymLinksIfOwnerMatch MultiViews
AddEncoding gzip .gz
FilterDeclare gzip CONTENT_SET
FilterProvider gzip inflate "%{req:Accept-Encoding} !~ /gzip/"
FilterChain gzip
ForceType text/plain
AddDefaultCharset utf-8
ForceType text/html
AddDefaultCharset utf-8
AllowOverride FileInfo Indexes Options=Multiviews
Options Multiviews Indexes FollowSymLinks Includes
Require all granted
AddOutputFilter INCLUDES .xhtml
AddDefaultCharset utf-8
Require all granted
# These three lines makes apache serve
# "lintian.log.gz" as a text/plain with encoding gzip
# making it easier to view the log in the browser.
RemoveType .gz
AddEncoding x-gzip .gz
AddType text/plain .log
AddOutputFilterByType DEFLATE text/plain
# Cache these for a year (3600 * 24 * 365.25)
# Files in here will change name if their content change
Header set Cache-Control "max-age=31557600, public"
AddOutputFilterByType DEFLATE image/svg+xml
RewriteEngine on
RewriteMap source-map txt:/srv/static.debian.org/mirrors/lintian.debian.org/cur/lookup-tables/source-packages
# Re-direct from the "old" locations to the new ones
RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L,R=permanent]
RewriteRule ^/reports/(.*)$ /$1 [L,R=permanent]
# Map source packages to reports (this mapping is re-written once per lintian run,
# serve it as a 302 rather than a permanent redirect)
# Version-less request
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
<%=
def vhost(lines, sn, kwargs={})
if scope.function_has_static_component([sn])
if not kwargs[:extra]
lines << ""
lines << " # mod macro does not like empty macros, so here's some content:"
lines << " "
lines << " "
lines << ""
end
lines << "Use prepare-static-vhost #{sn}"
if kwargs[:ssl] and kwargs[:ssl_optional]
lines << "Use static-vhost-plain-#{sn}"
lines << "Use static-vhost-ssl-#{sn}"
elsif kwargs[:ssl]
lines << "Use common-dsa-vhost-https-redirect #{sn}"
lines << "Use static-vhost-ssl-#{sn}"
else
lines << "Use static-vhost-plain-#{sn}"
end
onion = scope.function_onion_global_service_hostname([sn])
lines << "Use static-vhost-onion-#{sn} #{onion}" if onion
lines << ""
end
end
lines = []
vhost(lines, "mozilla.debian.net" , :ssl => true, :ssl_optional => true)
vhost(lines, "backports.debian.org" , :ssl => true)
vhost(lines, "incoming.debian.org" , :ssl => true, :ssl_optional => true)
vhost(lines, "incoming.ports.debian.org" , :ssl => true, :ssl_optional => true)
vhost(lines, "debdeltas.debian.net" , :ssl => true, :ssl_optional => true)
vhost(lines, "news.debian.net" , :ssl => true)
vhost(lines, "bootstrap.debian.net" , :ssl => true)
vhost(lines, "debaday.debian.net" , :ssl => true)
vhost(lines, "timeline.debian.net" , :ssl => true)
vhost(lines, "network-test.debian.org" , :extra => true)
vhost(lines, "blends.debian.org" , :ssl => true)
vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
vhost(lines, "security-team.debian.org" , :ssl => true)
vhost(lines, "d-i.debian.org" , :ssl => true)
vhost(lines, "appstream.debian.org" , :ssl => true)
vhost(lines, "apt.buildd.debian.org" , :ssl => true)
vhost(lines, "dpl.debian.org" , :ssl => true)
vhost(lines, "dsa.debian.org" , :ssl => true)
vhost(lines, "rtc.debian.org" , :ssl => true)
vhost(lines, "mirror-master.debian.org" , :ssl => true)
vhost(lines, "onion.debian.org" , :ssl => true)
vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
vhost(lines, "planet.debian.net")
vhost(lines, "cdbuilder-logs.debian.org" , :ssl => true)
vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
vhost(lines, "micronews.debian.org" , :ssl => true)
vhost(lines, "metadata.ftp-master.debian.org", :extra => true)
vhost(lines, "10years.debconf.org" , :ssl => true)
vhost(lines, "debconf0.debconf.org" , :ssl => true)
vhost(lines, "debconf1.debconf.org" , :ssl => true)
vhost(lines, "debconf2.debconf.org" , :ssl => true)
vhost(lines, "debconf3.debconf.org" , :ssl => true)
vhost(lines, "debconf4.debconf.org" , :ssl => true)
vhost(lines, "debconf5.debconf.org" , :ssl => true)
vhost(lines, "debconf6.debconf.org" , :ssl => true)
vhost(lines, "debconf7.debconf.org" , :ssl => true)
vhost(lines, "debconf16.debconf.org" , :ssl => true)
vhost(lines, "debconf17.debconf.org" , :ssl => true)
vhost(lines, "debconf18.debconf.org" , :ssl => true)
vhost(lines, "es.debconf.org" , :ssl => true)
vhost(lines, "fr.debconf.org" , :ssl => true)
vhost(lines, "miniconf10.debconf.org" , :ssl => true)
vhost(lines, "deb.debian.org" , :extra => true)
vhost(lines, "release.debian.org" , :ssl => true, :extra => true)
vhost(lines, "www.ports.debian.org" , :ssl => true, :extra => true)
vhost(lines, "lintian.debian.org" , :ssl => true, :extra => true)
lines.join("\n")
-%>
# www.backports.org
###################
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
>
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://backports.debian.org/
######################
>
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
>
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
>
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
>
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent /archive https://www.ports.debian.org
RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
RedirectPermanent /debian-cd https://cdimage.debian.org/cdimage/ports/
RedirectPermanent / http://ftp.ports.debian.org/
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
Redirect / https://meetings-archive.debian.net/pub/debian-meetings/
>
Use vstatic-vhost-video.debian.net
>
Use vstatic-vhost-video.debian.net
Use common-debian-service-ssl video.debian.net
Use common-ssl-HSTS
# historical sites
##################
# now only redirects remain
>
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.debian.org/women/
RedirectPermanent /about/ https://www.debian.org/women/about
RedirectPermanent /contact/ https://www.debian.org/women/contact
RedirectPermanent /faqs/ https://www.debian.org/women/faq
RedirectPermanent /home/ https://www.debian.org/women/
RedirectPermanent /images/dw.png https://www.debian.org/women/dw.png
RedirectPermanent /involvement/ https://www.debian.org/women/participate
RedirectPermanent /mentoring/ https://www.debian.org/women/mentoring
RedirectPermanent /press/ https://wiki.debian.org/DebianWomen/Press
RedirectPermanent /profiles/ https://www.debian.org/women/profiles/
>
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.debian.org/volatile/
>
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
>
ServerName backports-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://backports.debian.org/
>
ServerName manpages.debian.net
ServerAdmin debian-admin@debian.org
Redirect / https://manpages.debian.org/
Use common-dsa-vhost-https-redirect sources.debian.net
>
ServerName sources.debian.net
ServerAdmin debian-admin@debian.org
Use common-debian-service-ssl sources.debian.net
Use common-ssl-HSTS
Redirect permanent / https://sources.debian.org/
# error pages
#############
Use common-dsa-vhost-https-redirect archive.debian.net
>
ServerName archive.debian.net
ServerAdmin debian-admin@debian.org
ErrorLog /var/log/apache2/archive.debian.net-error.log
CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
Use common-debian-service-ssl archive.debian.net
Use common-ssl-HSTS
Use common-disabled-service
# vim:ft=apache: