add onion.d.o
[mirror/dsa-puppet.git] / modules / roles / templates / static-mirroring / vhost / static-vhosts-simple.erb
index 3bbdaba..983264e 100644 (file)
 # puppet maintained
 
-Use common-static-vhost mozilla.debian.net
-Use common-static-vhost backports.debian.org
-Use common-static-vhost incoming.debian.org
-Use common-static-vhost news.debian.net
-Use common-static-vhost debaday.debian.net
-Use common-static-vhost debdeltas.debian.net
-Use common-static-vhost-with-extra metadata.ftp-master.debian.org "AddDefaultCharset utf-8"
-Use common-static-vhost-with-extra d-i.debian.org "ServerAlias d-i-backend.debian.org"
-Use common-static-vhost-with-extra network-test.debian.org "ServerAlias network-test-backend.debian.org"
-Use common-static-vhost-with-extra blends.debian.org "ServerAlias blends-backend.debian.org"
-Use common-static-vhost-with-extra wnpp-by-tags.debian.net "ServerAlias wnpp-by-tags-backend.debian.org"
-Use common-static-vhost     appstream.debian.org
-Use common-static-vhost-ssl dsa.debian.org
-Use common-static-vhost-ssl rtc.debian.org
-Use common-static-vhost-with-extra security-team.debian.org "ServerAlias security-team-backend.debian.org"
-
-
-# bits.debian.org
 ######################
-<Macro static-bits.debian.org-base>
-       ServerName bits.debian.org
-       ServerAdmin debian-admin@lists.debian.org
+# deb.debian.org
+<% if scope.function_has_static_component(['deb.debian.org']) -%>
+<Macro vhost-deb.debian.org-extra>
+       Redirect /debian/           http://cdn-fastly.deb.debian.org/debian/
+       Redirect /debian-debug/     http://cdn-fastly.deb.debian.org/debian-debug/
+       Redirect /debian-ports/     http://cdn-fastly.deb.debian.org/debian-ports/
+       Redirect /debian-security/  http://cdn-fastly.deb.debian.org/debian-security/
+</Macro>
+<% end -%>
+
+<Macro vhost-network-test.debian.org-extra>
+       ServerAlias network-test-backend.debian.org
+</Macro>
 
-       ErrorLog /var/log/apache2/bits.debian.org-error.log
+<Macro vhost-bits.debian.org-extra>
        <IfModule mod_geoip.c>
                CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo
        </IfModule>
+</Macro>
 
-       Use common-static-base bits.debian.org
+<Macro vhost-metadata.ftp-master.debian.org-extra>
+       AddDefaultCharset utf-8
+       <LocationMatch "/changelogs/(main|contrib|non-free)">
+               ForceType text/plain
+       </LocationMatch>
 </Macro>
 
-<Virtualhost <%= vhost_listen %> >
-       RewriteEngine on
+<%=
 
-       RewriteEngine On
-       RewriteCond %{REQUEST_URI} !^/feeds/
-       RewriteRule ^/(.*)$ https://bits.debian.org/$1 [R,L]
-       #RewriteRule ^/(.*)$ https://bits.debian.org/$1 [R=301,L]
+def vhost(lines, sn, type=nil)
+  if scope.function_has_static_component([sn])
+    t = 'common-static-vhost'
+    if type then t += "-#{type}"; end
 
-       Use static-bits.debian.org-base
-       CustomLog /var/log/apache2/bits.debian.org-access.log privacy
-</VirtualHost>
+    onion = scope.function_onion_global_service_hostname([sn])
+    onion = "unavailable-onion.invalid" if onion.nil?
 
-<Virtualhost <%= vhost_listen_443 %> >
-       Use static-bits.debian.org-base
-       CustomLog /var/log/apache2/bits.debian.org-access.log privacyssl
+    lines << "Use #{t} #{sn} #{onion}"
+  end
+end
+
+lines = []
+vhost(lines, "mozilla.debian.net")
+vhost(lines, "backports.debian.org", "ssl")
+vhost(lines, "incoming.debian.org")
+vhost(lines, "incoming.ports.debian.org")
+vhost(lines, "debdeltas.debian.net")
+vhost(lines, "news.debian.net"         , "ssl")
+vhost(lines, "debaday.debian.net"      , "ssl")
+vhost(lines, "timeline.debian.net"     , "ssl")
+vhost(lines, "network-test.debian.org" , "with-extra")
+vhost(lines, "blends.debian.org"       , "ssl")
+vhost(lines, "wnpp-by-tags.debian.net" , "ssl")
+vhost(lines, "security-team.debian.org", "ssl")
+vhost(lines, "d-i.debian.org"      , "ssl")
+vhost(lines, "appstream.debian.org", "ssl")
+vhost(lines, "dsa.debian.org"      , "ssl")
+vhost(lines, "rtc.debian.org"      , "ssl")
+vhost(lines, "onion.debian.org"    , "ssl")
+
+vhost(lines, "bits.debian.org", "ssl-with-extra")
+vhost(lines, "metadata.ftp-master.debian.org", "with-extra")
+
+vhost(lines, "10years.debconf.org" , "ssl")
+vhost(lines, "debconf0.debconf.org", "ssl")
+vhost(lines, "debconf1.debconf.org", "ssl")
+vhost(lines, "debconf2.debconf.org", "ssl")
+vhost(lines, "debconf3.debconf.org", "ssl")
+vhost(lines, "debconf4.debconf.org", "ssl")
+vhost(lines, "debconf5.debconf.org", "ssl")
+vhost(lines, "debconf6.debconf.org", "ssl")
+vhost(lines, "debconf7.debconf.org", "ssl")
+vhost(lines, "es.debconf.org"      , "ssl")
+vhost(lines, "fr.debconf.org"      , "ssl")
+vhost(lines, "miniconf10.debconf.org" , "ssl")
+
+vhost(lines, "deb.debian.org", "with-extra")
+
+lines.join("\n")
+-%>
+
+######################
+# release.debian.org
+<% if scope.function_has_static_component(['release.debian.org']) -%>
+Use common-dsa-vhost-https-redirect release.debian.org
 
-       Use common-debian-service-ssl bits.debian.org
+<Macro vhost-inner-release.debian.org>
+
+       ServerAdmin debian-admin@debian.org
+
+       ErrorLog /var/log/apache2/release.debian.org-error.log
+       CustomLog /var/log/apache2/release.debian.org-access.log privacy
+
+       Use common-static-base release.debian.org
+
+       RewriteEngine   on
+       RewriteRule             ^/migration/$                   /migration/testing.pl
+       RewriteRule             ^/migration/search/(.+)/$       /migration/testing.pl?package=$1
+       RewriteCond             %{QUERY_STRING} package=((.)(.*))
+       RewriteRule             ^/migration/testing.pl          /migration/cache/%2/%1.html [PT,L]
+       RewriteRule             ^/migration/testing.pl          /migration/cache/_index.html
+
+       Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
+       <Directory /srv/static.debian.org/mirrors/release.debian.org-pu/cur>
+               Require all granted
+               Options Indexes SymLinksIfOwnerMatch MultiViews
+               IndexOptions FancyIndexing NameWidth=*
+
+               AddEncoding gzip .gz
+               FilterDeclare gzip CONTENT_SET
+               FilterProvider gzip inflate "%{req:Accept-Encoding} !~ /gzip/"
+               FilterChain gzip
+               <Files *.debdiff.gz>
+                       ForceType text/plain
+               </Files>
+       </Directory>
+</Macro>
+
+<VirtualHost <%= vhost_listen_443 %> >
+       ServerName release.debian.org
+       Use common-debian-service-ssl release.debian.org
        Use common-ssl-HSTS
+       Use vhost-inner-release.debian.org
 </VirtualHost>
+<% if scope.function_onion_global_service_hostname(['release.debian.org']) -%>
+<Virtualhost <%= vhost_listen %> >
+       ServerName <%= scope.function_onion_global_service_hostname(['release.debian.org']) %>
+       Use vhost-inner-release.debian.org
+</VirtualHost>
+<% end -%>
+
+<% end -%>
 
 # www.backports.org
 ###################
@@ -60,23 +143,22 @@ Use common-static-vhost-with-extra security-team.debian.org "ServerAlias securit
        ServerName www.backports.org
        ServerAlias lists.backports.org
        ServerAdmin debian-admin@debian.org
-       RedirectPermanent /debian/           http://backports.debian.org/debian-backports/
-       RedirectPermanent /backports.org/    http://backports.debian.org/debian-backports/
-       RedirectPermanent /debian-backports/ http://backports.debian.org/debian-backports/
        RedirectPermanent / http://backports.debian.org/
 </VirtualHost>
 
-
-# www.ports.debian.org
 ######################
-<Virtualhost <%= vhost_listen %> >
-       ServerName www.ports.debian.org
-       ServerAlias www.ports-backend.debian.org
+# www.ports.debian.org
+<% if scope.function_has_static_component(['www.ports.debian.org']) -%>
+
+Use common-dsa-vhost-https-redirect www.ports.debian.org
+
+<Macro vhost-inner-www.ports.debian.org>
        ServerAdmin debian-admin@lists.debian.org
 
        ErrorLog /var/log/apache2/www.ports.debian.org-error.log
        CustomLog /var/log/apache2/www.ports.debian.org-access.log privacy
 
+
        <IfModule mod_userdir.c>
                UserDir disabled
        </IfModule>
@@ -87,34 +169,64 @@ Use common-static-vhost-with-extra security-team.debian.org "ServerAlias securit
                AllowOverride FileInfo Indexes Options=Multiviews
                Options Multiviews Indexes FollowSymLinks Includes
                IndexOptions FancyIndexing NameWidth=*
-               <% if @lsbmajdistrelease > '7' -%>
-                       Require all granted
-               <% else -%>
-                       Order allow,deny
-                       Allow from all
-               <% end -%>
+               Require all granted
        </Directory>
 
-       DefaultType text/plain
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
        AddOutputFilter INCLUDES .xhtml
+</Macro>
+
+<Virtualhost <%= vhost_listen_443 %> >
+       ServerName www.ports.debian.org
+       ServerAlias www.ports-backend.debian.org
+       Use common-debian-service-ssl www.ports.debian.org
+       Use common-ssl-HSTS
+       Use vhost-inner-www.ports.debian.org
+</VirtualHost>
+<% if scope.function_onion_global_service_hostname(['www.ports.debian.org']) -%>
+<Virtualhost <%= vhost_listen %> >
+       ServerName <%= scope.function_onion_global_service_hostname(['www.ports.debian.org']) %>
+       Use vhost-inner-www.ports.debian.org
 </VirtualHost>
+<% end -%>
+<% end -%>
 
 <VirtualHost <%= vhost_listen %> >
        ServerName www.debian-ports.org
        ServerAlias debian-ports.org
        ServerAdmin debian-admin@debian.org
-       RedirectPermanent /archive/           http://archive.ports.debian.org/archive/
-       RedirectPermanent /debian-cd/         http://archive.ports.debian.org/debian-cd/
-       RedirectPermanent /debian-snapshot/   http://archive.ports.debian.org/debian-snapshot/
-       RedirectPermanent /debian/            http://archive.ports.debian.org/debian/
-       RedirectPermanent / http://www.ports.debian.org/
+       RedirectPermanent / https://www.ports.debian.org/
+</VirtualHost>
+
+<VirtualHost <%= vhost_listen %> >
+       ServerName ports.debian.org
+       ServerAlias ports.debian.net
+       ServerAdmin debian-admin@debian.org
+       RedirectPermanent / https://www.ports.debian.org/
 </VirtualHost>
 
 <VirtualHost <%= vhost_listen %> >
-       ServerName ports.debian.net
+       ServerName incoming.debian-ports.org
        ServerAdmin debian-admin@debian.org
-       RedirectPermanent / http://www.ports.debian.org/
+       RedirectPermanent / http://incoming.ports.debian.org/
+</VirtualHost>
+
+<VirtualHost <%= vhost_listen %> >
+       ServerName ftp.debian-ports.org
+       ServerAdmin debian-admin@debian.org
+       RedirectPermanent /archive http://www.ports.debian.org
+       RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
+       RedirectPermanent /debian-cd http://ftp.ports.debian.org/debian-ports-cd
+       RedirectPermanent / http://ftp.ports.debian.org/
+</VirtualHost>
+
+# video.debian.net
+###################
+<VirtualHost <%= vhost_listen %> >
+       ServerName video.debian.net
+       ServerAdmin debian-admin@debian.org
+
+       Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
 </VirtualHost>
 
 # historical sites