# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
<Macro vstatic-vhost-extra-deb.debian.org>
+ ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
+ ServerAlias http.debian.net
+
Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/
Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/
Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
</Macro>
+
+<VirtualHost <%= @vhost_listen_443 %> >
+ ServerName deb.debian.org
+
+ ErrorLog /var/log/apache2/deb.debian.org-error.log
+ CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
+
+ Use common-debian-service-ssl deb.debian.org
+ Use common-ssl-HSTS
+
+ ServerAdmin debian-admin@lists.debian.org
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+ ServerSignature On
+
+ DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+ <Directory /srv/static.debian.org/mirrors/deb.debian.org/cur>
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+
+ Header set Surrogate-Key <%= @hostname %>
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+
+ Redirect /debian/ https://cdn-aws.deb.debian.org/debian/
+ Redirect /debian-debug/ https://cdn-aws.deb.debian.org/debian-debug/
+ Redirect /debian-ports/ https://cdn-aws.deb.debian.org/debian-ports/
+ Redirect /debian-security/ https://cdn-aws.deb.debian.org/debian-security/
+</VirtualHost>
<% end -%>
<Macro vstatic-vhost-extra-network-test.debian.org>
<Macro vstatic-vhost-extra-metadata.ftp-master.debian.org>
AddDefaultCharset utf-8
+
+ # Rewrite away double slashes
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
+ RewriteRule . %1/%2 [R=301,L,NE]
+
<LocationMatch "/changelogs/(main|contrib|non-free)">
ForceType text/plain
</LocationMatch>
<Directory /srv/static.debian.org/mirrors/release.debian.org-pu/cur>
Require all granted
Options Indexes SymLinksIfOwnerMatch MultiViews
- IndexOptions FancyIndexing NameWidth=*
AddEncoding gzip .gz
FilterDeclare gzip CONTENT_SET
ForceType text/plain
AddDefaultCharset utf-8
</Files>
+ <Files *.debdiff.html.gz>
+ ForceType text/html
+ AddDefaultCharset utf-8
+ </Files>
</Directory>
</Macro>
<Directory /srv/static.debian.org/mirrors/www.ports.debian.org/cur>
AllowOverride FileInfo Indexes Options=Multiviews
Options Multiviews Indexes FollowSymLinks Includes
- IndexOptions FancyIndexing NameWidth=*
Require all granted
</Directory>
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+ <FilesMatch "\.(svg)$">
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+ </FilesMatch>
</Macro>
<%=
vhost(lines, "security-team.debian.org" , :ssl => true)
vhost(lines, "d-i.debian.org" , :ssl => true)
vhost(lines, "appstream.debian.org" , :ssl => true)
+vhost(lines, "apt.buildd.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
vhost(lines, "dsa.debian.org" , :ssl => true)
vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
vhost(lines, "onion.debian.org" , :ssl => true)
+vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
vhost(lines, "micronews.debian.org" , :ssl => true)
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
</VirtualHost>
######################
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent /archive http://www.ports.debian.org
RedirectPermanent / http://ftp.ports.debian.org/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
# historical sites
##################
# now only redirects remain
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://www.debian.org/volatile/
</VirtualHost>
-<VirtualHost <%= vhost_listen %> >
+<VirtualHost <%= @vhost_listen %> >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
</VirtualHost>
+<VirtualHost <%= @vhost_listen %> >
+ ServerName backports-master.debian.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://backports.debian.org/
+</VirtualHost>
+
+<VirtualHost <%= @vhost_listen %> >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+</VirtualHost>
+
+# error pages
+#############
+
+Use common-dsa-vhost-https-redirect archive.debian.net
+<VirtualHost <%= @vhost_listen %> >
+ ServerName archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/archive.debian.net-error.log
+ CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
+
+ Use common-debian-service-ssl archive.debian.net
+ Use common-ssl-HSTS
+
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+ ServerSignature On
+
+ DocumentRoot /srv/static.debian.org/puppet/archive.debian.net
+ <Directory /srv/static.debian.org/puppet/archive.debian.net>
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+
+ RedirectMatch 503 ^/(?!503\.html)
+ ErrorDocument 503 /503.html
+ Header always set Retry-After "18000"
+</VirtualHost>
+
+
# vim:ft=apache: