# puppet maintained ###################### # deb.debian.org <% if scope.function_has_static_component(['deb.debian.org']) -%> ServerAlias httpredir.debian.org ServerAlias cdn.debian.net ServerAlias http.debian.net Redirect /debian http://cdn-fastly.deb.debian.org/debian Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security > ServerName deb.debian.org ErrorLog /var/log/apache2/deb.debian.org-error.log CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl Use common-debian-service-ssl deb.debian.org Use common-ssl-HSTS ServerAdmin debian-admin@lists.debian.org UserDir disabled ServerSignature On DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur AllowOverride FileInfo Indexes Options=Multiviews Options Indexes SymLinksIfOwnerMatch Require all granted Header set Surrogate-Key <%= @hostname %> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css Redirect /debian https://cdn-aws.deb.debian.org/debian Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security <% end -%> ServerAlias network-test-backend.debian.org Header set Cache-Control "must-revalidate, max-age=0" CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo AddDefaultCharset utf-8 # Rewrite away double slashes RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC] RewriteRule . %1/%2 [R=301,L,NE] ForceType text/plain RewriteEngine on RewriteRule ^/migration/$ /migration/testing.pl RewriteRule ^/migration/search/(.+)/$ /migration/testing.pl?package=$1 RewriteCond %{QUERY_STRING} package=((.)(.*)) RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L] RewriteRule ^/migration/testing.pl /migration/cache/_index.html Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/ Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/ Require all granted Options Indexes SymLinksIfOwnerMatch MultiViews AddEncoding gzip .gz FilterDeclare gzip CONTENT_SET FilterProvider gzip inflate "%{req:Accept-Encoding} !~ /gzip/" FilterChain gzip ForceType text/plain AddDefaultCharset utf-8 ForceType text/html AddDefaultCharset utf-8 AllowOverride FileInfo Indexes Options=Multiviews Options Multiviews Indexes FollowSymLinks Includes Require all granted AddOutputFilter INCLUDES .xhtml AddDefaultCharset utf-8 Require all granted # These three lines makes apache serve # "lintian.log.gz" as a text/plain with encoding gzip # making it easier to view the log in the browser. RemoveType .gz AddEncoding x-gzip .gz AddType text/plain .log AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE text/plain # Cache these for a year (3600 * 24 * 365.25) # Files in here will change name if their content change Header set Cache-Control "max-age=31557600, public" RewriteEngine on RewriteMap source-map txt:/srv/static.debian.org/mirrors/lintian.debian.org/cur/lookup-tables/source-packages # Re-direct from the "old" locations to the new ones RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L,R=permanent] RewriteRule ^/reports/(.*)$ /$1 [L,R=permanent] # Map source packages to reports (this mapping is re-written once per lintian run, # serve it as a 302 rather than a permanent redirect) # Version-less request RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE] # Versioned request RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE] Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';" Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';" <%= def vhost(lines, sn, kwargs={}) if scope.function_has_static_component([sn]) if not kwargs[:extra] lines << "" lines << " # mod macro does not like empty macros, so here's some content:" lines << " " lines << " " lines << "" end lines << "Use prepare-static-vhost #{sn}" if kwargs[:ssl] and kwargs[:ssl_optional] lines << "Use static-vhost-plain-#{sn}" lines << "Use static-vhost-ssl-#{sn}" elsif kwargs[:ssl] lines << "Use common-dsa-vhost-https-redirect #{sn}" lines << "Use static-vhost-ssl-#{sn}" else lines << "Use static-vhost-plain-#{sn}" end onion = scope.function_onion_global_service_hostname([sn]) lines << "Use static-vhost-onion-#{sn} #{onion}" if onion lines << "" end end lines = [] vhost(lines, "mozilla.debian.net" , :ssl => true, :ssl_optional => true) vhost(lines, "backports.debian.org" , :ssl => true) vhost(lines, "incoming.debian.org" , :ssl => true, :ssl_optional => true) vhost(lines, "incoming.ports.debian.org" , :ssl => true, :ssl_optional => true) vhost(lines, "debdeltas.debian.net" , :ssl => true, :ssl_optional => true) vhost(lines, "news.debian.net" , :ssl => true) vhost(lines, "bootstrap.debian.net" , :ssl => true) vhost(lines, "debaday.debian.net" , :ssl => true) vhost(lines, "timeline.debian.net" , :ssl => true) vhost(lines, "network-test.debian.org" , :extra => true) vhost(lines, "blends.debian.org" , :ssl => true) vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true) vhost(lines, "security-team.debian.org" , :ssl => true) vhost(lines, "d-i.debian.org" , :ssl => true) vhost(lines, "appstream.debian.org" , :ssl => true) vhost(lines, "apt.buildd.debian.org" , :ssl => true) vhost(lines, "dpl.debian.org" , :ssl => true) vhost(lines, "dsa.debian.org" , :ssl => true) vhost(lines, "rtc.debian.org" , :ssl => true) vhost(lines, "mirror-master.debian.org" , :ssl => true) vhost(lines, "onion.debian.org" , :ssl => true) vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true) vhost(lines, "planet.debian.net") vhost(lines, "cdbuilder-logs.debian.org" , :ssl => true) vhost(lines, "bits.debian.org" , :ssl => true, :extra => true) vhost(lines, "micronews.debian.org" , :ssl => true) vhost(lines, "metadata.ftp-master.debian.org", :extra => true) vhost(lines, "10years.debconf.org" , :ssl => true) vhost(lines, "debconf0.debconf.org" , :ssl => true) vhost(lines, "debconf1.debconf.org" , :ssl => true) vhost(lines, "debconf2.debconf.org" , :ssl => true) vhost(lines, "debconf3.debconf.org" , :ssl => true) vhost(lines, "debconf4.debconf.org" , :ssl => true) vhost(lines, "debconf5.debconf.org" , :ssl => true) vhost(lines, "debconf6.debconf.org" , :ssl => true) vhost(lines, "debconf7.debconf.org" , :ssl => true) vhost(lines, "debconf16.debconf.org" , :ssl => true) vhost(lines, "debconf17.debconf.org" , :ssl => true) vhost(lines, "debconf18.debconf.org" , :ssl => true) vhost(lines, "es.debconf.org" , :ssl => true) vhost(lines, "fr.debconf.org" , :ssl => true) vhost(lines, "miniconf10.debconf.org" , :ssl => true) vhost(lines, "deb.debian.org" , :extra => true) vhost(lines, "release.debian.org" , :ssl => true, :extra => true) vhost(lines, "www.ports.debian.org" , :ssl => true, :extra => true) vhost(lines, "lintian.debian.org" , :ssl => true, :extra => true) lines.join("\n") -%> # www.backports.org ################### # www.backports.org is the historical place for the backports # website and archive. It is now a CNAME to backports.debian.org: # redirect http requests. > ServerName www.backports.org ServerAlias lists.backports.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://backports.debian.org/ ###################### > ServerName www.debian-ports.org ServerAlias debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.ports.debian.org/ > ServerName ports.debian.org ServerAlias ports.debian.net ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.ports.debian.org/ > ServerName incoming.debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent / http://incoming.ports.debian.org/ > ServerName ftp.debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent /archive https://www.ports.debian.org RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports RedirectPermanent /debian-cd https://cdimage.debian.org/cdimage/ports/ RedirectPermanent / http://ftp.ports.debian.org/ ServerName video.debian.net ServerAdmin debian-admin@debian.org Redirect / https://meetings-archive.debian.net/pub/debian-meetings/ > Use vstatic-vhost-video.debian.net > Use vstatic-vhost-video.debian.net Use common-debian-service-ssl video.debian.net Use common-ssl-HSTS # historical sites ################## # now only redirects remain > ServerName women.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.debian.org/women/ RedirectPermanent /about/ https://www.debian.org/women/about RedirectPermanent /contact/ https://www.debian.org/women/contact RedirectPermanent /faqs/ https://www.debian.org/women/faq RedirectPermanent /home/ https://www.debian.org/women/ RedirectPermanent /images/dw.png https://www.debian.org/women/dw.png RedirectPermanent /involvement/ https://www.debian.org/women/participate RedirectPermanent /mentoring/ https://www.debian.org/women/mentoring RedirectPermanent /press/ https://wiki.debian.org/DebianWomen/Press RedirectPermanent /profiles/ https://www.debian.org/women/profiles/ > ServerName volatile.debian.org ServerAlias volatile-master.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.debian.org/volatile/ > ServerName ftp-master.metadata.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / http://metadata.ftp-master.debian.org/ > ServerName backports-master.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://backports.debian.org/ > ServerName manpages.debian.net ServerAdmin debian-admin@debian.org Redirect / https://manpages.debian.org/ Use common-dsa-vhost-https-redirect sources.debian.net > ServerName sources.debian.net ServerAdmin debian-admin@debian.org Use common-debian-service-ssl sources.debian.net Use common-ssl-HSTS Redirect permanent / https://sources.debian.org/ # error pages ############# Use common-dsa-vhost-https-redirect archive.debian.net > ServerName archive.debian.net ServerAdmin debian-admin@debian.org ErrorLog /var/log/apache2/archive.debian.net-error.log CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl Use common-debian-service-ssl archive.debian.net Use common-ssl-HSTS Use common-disabled-service # vim:ft=apache: