- ServerName debtags.debian.org
- ServerAdmin debian-admin@lists.debian.org
-
- Use common-debian-service-ssl debtags.debian.org
- Use common-ssl-HSTS
-
- SSLCACertificateFile /var/lib/dsa/sso/ca.crt
- SSLCARevocationCheck chain
- SSLCARevocationFile /var/lib/dsa/sso/ca.crl
- SSLVerifyClient optional
-
- SSLOptions +StdEnvVars
-
- <IfModule mod_userdir.c>
- UserDir disabled
- </IfModule>
- ErrorLog /var/log/apache2/debtags.debian.org-error.log
- CustomLog /var/log/apache2/debtags.debian.org-access.log privacy
- ServerSignature On
-
-
- <Directory /srv/debtags.debian.org/htdocs>
- Require all granted
- </Directory>
- Alias /static/ /srv/debtags.debian.org/htdocs/
-
- <Directory /srv/debtags.debian.org/debtagsd/debtagsd>
- <Files wsgi.py>
- Require all granted
- </Files>
- WSGIScriptReloading On
- </Directory>
-
- WSGIScriptAlias / /srv/debtags.debian.org/debtagsd/debtagsd/wsgi.py
- WSGIProcessGroup debtags.debian.org
- WSGIPassAuthorization On
+ ServerName debtags.debian.org
+ ServerAdmin debian-admin@lists.debian.org
+
+ Use common-debian-service-ssl debtags.debian.org
+ Use common-ssl-HSTS
+ Use http-pkp-debtags.debian.org
+
+ SSLCACertificateFile /var/lib/dsa/sso/ca.crt
+ SSLCARevocationCheck chain
+ SSLCARevocationFile /var/lib/dsa/sso/ca.crl
+ SSLVerifyClient optional
+
+ SSLOptions +StdEnvVars
+
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+ ErrorLog /var/log/apache2/debtags.debian.org-error.log
+ CustomLog /var/log/apache2/debtags.debian.org-access.log privacy
+ ServerSignature On
+
+
+ <Directory /srv/debtags.debian.org/htdocs>
+ Require all granted
+ </Directory>
+ Alias /static/ /srv/debtags.debian.org/htdocs/
+
+ <Directory /srv/debtags.debian.org/debtagsd/debtagsd>
+ <Files wsgi.py>
+ Require all granted
+ </Files>
+ </Directory>
+
+ WSGIScriptAlias / /srv/debtags.debian.org/debtagsd/debtagsd/wsgi.py
+ WSGIProcessGroup debtags.debian.org
+ WSGIPassAuthorization On
+
+ Header always set Referrer-Policy "same-origin"