X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=4c33fe192f850fef140f46112b229344361fcd57;hb=540105b4935b33f9805206bf78a143f778292418;hp=48b1d803f5471a3f5deae790092bf26609886222;hpb=27e5ca03d936794fba94a521de8cf93148a7cb31;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 48b1d803f..4c33fe192 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -5,6 +5,7 @@
<% if scope.function_has_static_component(['deb.debian.org']) -%>
ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
ServerAlias http.debian.net
Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
@@ -13,7 +14,7 @@
Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
- >
+ >
ServerName deb.debian.org
ErrorLog /var/log/apache2/deb.debian.org-error.log
@@ -35,7 +36,7 @@
Require all granted
- Header set Surrogate-Key <%= hostname %>
+ Header set Surrogate-Key <%= @hostname %>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
@@ -146,6 +147,11 @@
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+
<%=
@@ -196,8 +202,10 @@ vhost(lines, "security-team.debian.org" , :ssl => true)
vhost(lines, "d-i.debian.org" , :ssl => true)
vhost(lines, "appstream.debian.org" , :ssl => true)
vhost(lines, "apt.buildd.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
vhost(lines, "dsa.debian.org" , :ssl => true)
vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
vhost(lines, "onion.debian.org" , :ssl => true)
vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
@@ -232,7 +240,7 @@ lines.join("\n")
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
- >
+ >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
@@ -240,27 +248,27 @@ lines.join("\n")
######################
- >
+ >
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
- >
+ >
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent /archive http://www.ports.debian.org
@@ -269,7 +277,7 @@ lines.join("\n")
RedirectPermanent / http://ftp.ports.debian.org/
- >
+ >
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
@@ -278,7 +286,7 @@ lines.join("\n")
# historical sites
##################
# now only redirects remain
- >
+ >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
@@ -295,23 +303,60 @@ lines.join("\n")
RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
- >
+ >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://www.debian.org/volatile/
- >
+ >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
- >
+ >
ServerName backports-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://backports.debian.org/
+ >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+
+
+# error pages
+#############
+
+Use common-dsa-vhost-https-redirect archive.debian.net
+ >
+ ServerName archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/archive.debian.net-error.log
+ CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
+
+ Use common-debian-service-ssl archive.debian.net
+ Use common-ssl-HSTS
+
+
+ UserDir disabled
+
+ ServerSignature On
+
+ DocumentRoot /srv/static.debian.org/puppet/archive.debian.net
+
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+
+
+ RedirectMatch 503 ^/(?!503\.html)
+ ErrorDocument 503 /503.html
+ Header always set Retry-After "18000"
+
+
+
# vim:ft=apache: