X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fapache-www.debian.org.erb;h=2253aa7d2cfe47cd5198842700d43c8b8e99668a;hb=3ce41982d7ff5837f7ae448258aa68465b1fd883;hp=a4a4e8dc2cbfdc0b8f8b9466acf9caba65ad1255;hpb=9ad4acf729fd2f69e2e358c67be24efe13f588b7;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/templates/apache-www.debian.org.erb b/modules/roles/templates/apache-www.debian.org.erb index a4a4e8dc2..2253aa7d2 100644 --- a/modules/roles/templates/apache-www.debian.org.erb +++ b/modules/roles/templates/apache-www.debian.org.erb @@ -4,12 +4,13 @@ ## # Need to turn on negotiation_module -/> +/> Options +MultiViews +FollowSymLinks +Indexes AddHandler type-map var # Make sure that the srm.conf directive is commented out. AddDefaultCharSet Off AllowOverride AuthConfig FileInfo + Require all granted # Serve icons as image/x-icon AddType image/x-icon .ico @@ -86,18 +87,19 @@ - > + ServerName debian.org ServerAdmin webmaster@debian.org - ServerAlias www.*.debian.org - ServerAlias www.debian.net ServerAlias debian.net ServerAlias www.debian.eu ServerAlias debian.eu + ServerAlias www.debian.nl + ServerAlias debian.nl + ServerAlias www.debian.com ServerAlias debian.com @@ -111,26 +113,16 @@ ServerAlias debian.es ServerAlias www.debian.at - ServerAlias www.debian.de - ServerAlias newwww.deb.at - DocumentRoot <%= wwwdo_document_root %>/ + DocumentRoot <%= @wwwdo_document_root %>/ + LogFormat "0.0.0.0 - %u %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %b \"%{Referer}i\" \"-\" %V" privacy+host ErrorLog /var/log/apache2/www-other.debian.org-error.log - CustomLog /var/log/apache2/www-other.debian.org-access.log privacy - RewriteLog /var/log/apache2/www-other.debian.org-redirect.log - RewriteLogLevel 1 - - RewriteEngine on - RewriteRule ^/(.*)$ http://www.debian.org/$1 [R=301,L] - + CustomLog /var/log/apache2/www-other.debian.org-access.log privacy+host + - > - ServerName www.debian.org + ServerAdmin webmaster@debian.org - ServerAlias www-*.debian.org - DocumentRoot <%= wwwdo_document_root %>/ - ErrorLog /var/log/apache2/www.debian.org-error.log - CustomLog /var/log/apache2/www.debian.org-access.log privacy + DocumentRoot <%= @wwwdo_document_root %>/ # CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each # document that was negotiated on the basis of content. This asks proxy @@ -138,110 +130,239 @@ # this behavior, and proxies will be allowed to cache the documents. CacheNegotiatedDocs On + # The UI for language selection in browsers is rarely used or known about + # by visitors so websites need to provide a way for visitors to influence + # content negotiation using the website itself in addition to the browser. + # Setting a cookie is the simplest option for us as the URLs don't change. + # The GDPR does not apply and to satisfy the EU cookie law we can include + # some explanatory text around the form that sets the cookie. + # The use of POST requests will ensure each cookie is only set explictly. + # Since Apache mod_rewrite cannot inspect POST data, we use URLs instead. + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^POST$ + RewriteRule /intro/cn/setlang/([a-z]{2}(?:-[a-z]{2})?)/(.*) /$2 [last,redirect,cookie=lang:$1:%{HTTP_HOST}:40320:/:secure:] + RewriteCond %{REQUEST_METHOD} ^POST$ + RewriteRule /intro/cn/unsetlang/(.*) /$1 [last,redirect,cookie=lang:invalid:%{HTTP_HOST}:-1:/:secure:] + SetEnvIf Cookie "lang=(.+)" prefer-language=$1 + Header append Vary cookie + # Custom Error ErrorDocument 404 /devel/website/errors/404 RewriteCond %{DOCUMENT_ROOT}/devel/website/errors/404.$2.html -f RewriteRule ^/(?!devel/website/errors/)(.*/)?404\.(.+)\.html$ /devel/website/errors/404.$2.html [L] # the joys of backwards compatibility - RedirectPermanent /cgi-bin/cvsweb http://cvs.debian.org - RedirectPermanent /Lists-Archives http://lists.debian.org - RedirectPermanent /search http://search.debian.org - RedirectPermanent /Packages http://packages.debian.org - RedirectPermanent /lintian http://lintian.debian.org - - RedirectPermanent /SPI http://www.spi-inc.org -# RedirectPermanent /OpenHardware http://www.openhardware.org - RedirectPermanent /OpenSource http://www.opensource.org - - RedirectPermanent /Bugs/db/ix/pseudopackages.html /Bugs/pseudo-packages - RewriteEngine on - RewriteRule ^/Bugs/db/pa/l([^/]+).html$ http://bugs.debian.org/$1 - RewriteRule ^/Bugs/db/[[:digit:]][[:digit:]]/([[:digit:]][[:digit:]][[:digit:]]+).html$ http://bugs.debian.org/$1 - RewriteRule ^/Bugs/db/ma/l([^/]+).html$ http://bugs.debian.org/cgi-bin/pkgreport.cgi?maintenc=$1 + Redirect /Lists-Archives https://lists.debian.org + Redirect /search https://search.debian.org + Redirect /Packages https://packages.debian.org + Redirect /lintian https://lintian.debian.org + + Redirect /SPI https://www.spi-inc.org +# Redirect /OpenHardware http://www.openhardware.org + Redirect /OpenSource https://opensource.org + Redirect /Bugs/db/ix/pseudopackages.html /Bugs/pseudo-packages + RewriteRule ^/Bugs/db/pa/l([^/]+).html$ https://bugs.debian.org/$1 + RewriteRule ^/Bugs/db/[[:digit:]][[:digit:]]/([[:digit:]][[:digit:]][[:digit:]]+).html$ https://bugs.debian.org/$1 + RewriteRule ^/Bugs/db/ma/l([^/]+).html$ https://bugs.debian.org/cgi-bin/pkgreport.cgi?maintenc=$1 UserDir disabled - RedirectPermanent /devel/todo/ /devel/wnpp/help_requested_bypop - RedirectPermanent /doc/FAQ /doc/manuals/debian-faq - RedirectPermanent /doc/manuals/debian-fr-howto /doc/manuals/fr/debian-fr-howto - RedirectPermanent /doc/manuals/reference /doc/manuals/debian-reference - RedirectPermanent /doc/packaging-manuals/developers-reference /doc/manuals/developers-reference - RedirectPermanent /doc/packaging-manuals/packaging-tutorial /doc/manuals/packaging-tutorial - RedirectPermanent /doc/prospective-packages /devel/wnpp/ - RedirectPermanent /devel/maintainer_contacts /intro/organization - RedirectPermanent /devel/debian-installer/gtk-frontend http://wiki.debian.org/DebianInstaller/GUI - RedirectPermanent /zh/ /international/Chinese/ - RedirectPermanent /chinese/ /international/Chinese/ - RedirectPermanent /devel/help /devel/join/ - RedirectPermanent /distrib/books /doc/books - RedirectPermanent /distrib/floppyinst /distrib/netinst - RedirectPermanent /distrib/netboot /distrib/netinst - RedirectPermanent /distrib/vendors /CD/vendors/ - RedirectPermanent /distrib/cd /CD/ - RedirectPermanent /distrib/cdinfo /CD/vendors/info - RedirectPermanent /related_links /misc/related_links - RedirectPermanent /ports/laptops /misc/laptops/ - RedirectPermanent /misc/README.mirrors /mirror/list - RedirectPermanent /misc/README.non-US /mirror/list.non-US - RedirectPermanent /intl /international - RedirectPermanent /ports/armel /ports/arm - RedirectPermanent /ports/armhf /ports/arm - RedirectPermanent /ports/mipsel /ports/mips - RedirectPermanent /ports/kfreebsd-amd64 /ports/kfreebsd-gnu - RedirectPermanent /ports/kfreebsd-i386 /ports/kfreebsd-gnu - RedirectPermanent /ports/sparc64 /ports/sparc - RedirectPermanent /ports/s390x /ports/s390 - RedirectPermanent /mirror/mirrors_full.html /mirror/list-full.html - RedirectPermanent /mirrors /mirror - RedirectPermanent /News/project /News/weekly - RedirectPermanent /releases/2.0 /releases/hamm - RedirectPermanent /releases/2.1 /releases/slink - RedirectPermanent /releases/2.2 /releases/potato - RedirectPermanent /releases/3.0 /releases/woody - RedirectPermanent /releases/3.1 /releases/sarge - RedirectPermanent /releases/4.0 /releases/etch - RedirectPermanent /releases/5.0 /releases/lenny - RedirectPermanent /releases/6.0 /releases/squeeze - RedirectPermanent /releases/7 /releases/wheezy - RedirectPermanent /releases/8 /releases/jessie - RedirectPermanent /releases/unstable /releases/sid - - RewriteRule ^/ports/freebsd(.*) /ports/kfreebsd-gnu/ [R=301] - RewriteRule ^/devel/debian-installer/report-template(.*) /releases/stable/i386/ch05s04.html#submit-bug [NE,R=301] - RewriteRule ^/devel/debian-installer/hooks(.*) http://d-i.alioth.debian.org/doc/internals/apb.html [R=301] - RewriteRule ^/doc/packaging-manuals/mime-policy(.*) /doc/debian-policy/ch-opersys.html#s-mime [NE,R=301] + Redirect /devel/todo/ /devel/wnpp/help_requested_bypop + Redirect /doc/FAQ /doc/manuals/debian-faq + Redirect /doc/manuals/debian-fr-howto /doc/manuals/fr/debian-fr-howto + Redirect /doc/manuals/reference /doc/manuals/debian-reference + Redirect /doc/packaging-manuals/developers-reference /doc/manuals/developers-reference + Redirect /doc/packaging-manuals/packaging-tutorial /doc/manuals/packaging-tutorial + Redirect /doc/prospective-packages /devel/wnpp/ + Redirect /devel/maintainer_contacts /intro/organization + Redirect /devel/debian-installer/gtk-frontend https://wiki.debian.org/DebianInstaller/GUI + Redirect /zh/ /international/Chinese/ + Redirect /chinese/ /international/Chinese/ + Redirect /devel/help /devel/join/ + Redirect /distrib/books /doc/books + Redirect /distrib/floppyinst /distrib/netinst + Redirect /distrib/netboot /distrib/netinst + Redirect /distrib/vendors /CD/vendors/ + Redirect /distrib/cd /CD/ + Redirect /distrib/cdinfo /CD/vendors/info + Redirect /related_links /misc/related_links + Redirect /ports/laptops /misc/laptops/ + Redirect /misc/README.mirrors /mirror/list + Redirect /misc/README.non-US /mirror/list.non-US + Redirect /misc/awards /News/awards + Redirect /misc/bsd.license https://opensource.org/licenses/BSD-3-Clause + Redirect /misc/laptops https://wiki.debian.org/InstallingDebianOn + Redirect /misc/memberships /intro/organization#memberships + Redirect /misc/merchandise /events/merchandise + Redirect /intl /international + Redirect /ports/armel /ports/arm + Redirect /ports/armhf /ports/arm + Redirect /ports/arm64 /ports/arm + Redirect /ports/mipsel /ports/mips + Redirect /ports/mips64el /ports/mips + Redirect /ports/kfreebsd-amd64 /ports/kfreebsd-gnu + Redirect /ports/kfreebsd-i386 /ports/kfreebsd-gnu + Redirect /ports/sparc64 /ports/sparc + Redirect /ports/s390x /ports/s390 + Redirect /ports/ppc64 /ports/powerpc + Redirect /ports/ppc64el /ports/powerpc + Redirect /ports/powerpcspe /ports/powerpc + Redirect /ports/riscv64 https://wiki.debian.org/RISC-V + Redirect /ports/x32 https://wiki.debian.org/X32Port + Redirect /ports/sh4 https://wiki.debian.org/SH4 + Redirect /mirror/official_sponsors /mirror/sponsors + Redirect /mirror/official /mirror/list + Redirect /mirror/mirrors_full.html /mirror/list-full.html + Redirect /mirrors /mirror + Redirect /News/project /News/weekly + Redirect /releases/2.0 /releases/hamm + Redirect /releases/2.1 /releases/slink + Redirect /releases/2.2 /releases/potato + Redirect /releases/3.0 /releases/woody + Redirect /releases/3.1 /releases/sarge + Redirect /releases/4.0 /releases/etch + Redirect /releases/5.0 /releases/lenny + Redirect /releases/6.0 /releases/squeeze + Redirect /releases/7 /releases/wheezy + Redirect /releases/8 /releases/jessie + Redirect /releases/9 /releases/stretch + Redirect /releases/10 /releases/buster + Redirect /releases/unstable /releases/sid + Redirect /support/ /support + +# Upper-case URLs were a bad idea + Redirect /bugs /Bugs + Redirect /news /News + Redirect /mailinglists /MailingLists + Redirect /cd /CD + + RewriteRule ^/ports/freebsd(.*) /ports/kfreebsd-gnu/ [R] + RewriteRule ^/devel/debian-installer/report-template(.*) /releases/stable/i386/ch05s04.html#submit-bug [NE,R] + RewriteRule ^/devel/debian-installer/hooks(.*) https://d-i.alioth.debian.org/doc/internals/apb.html [R] + RewriteRule ^/doc/packaging-manuals/mime-policy(.*) /doc/debian-policy/ch-opersys.html#s-mime [NE,R] RewriteRule ^/volatile/index.* - [S=1] - RewriteRule ^/volatile/.+ /volatile/ [L,R=301] - RewriteRule ^/devel/debian-volatile/.* /volatile/ [R=301] + RewriteRule ^/volatile/.+ /volatile/ [L,R] + RewriteRule ^/devel/debian-volatile/.* /volatile/ [R] # Offer a Redirect to DSA without knowing year #474730 - RewriteMap dsa txt:<%= wwwdo_document_root %>/security/map-dsa.txt - RewriteRule ^/security/dsa-(\d+)(\..*)? /security/${dsa:$1}$2 [R=301] + RewriteMap dsa txt:<%= @wwwdo_document_root %>/security/map-dsa.txt + RewriteRule ^/security/dsa-(\d+)(\..*)? /security/${dsa:$1}$2 [R] # Compatibility after SGML -> DocBook # Debian Reference #624239 - RewriteMap reference txt:<%= wwwdo_document_root %>/doc/map-reference.txt + RewriteMap reference txt:<%= @wwwdo_document_root %>/doc/map-reference.txt RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/ch-support$1 !-f - RewriteRule ^/doc/manuals/debian-reference/ch-support(.*) /support$1 [L,R=301] + RewriteRule ^/doc/manuals/debian-reference/ch-support(.*) /support$1 [L,R] RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/${reference:$1}$2 -f - RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)(.+) /doc/manuals/debian-reference/${reference:$1}$2 [L,R=301] - RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)$ /doc/manuals/debian-reference/${reference:$1} [R=301] + RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)(.+) /doc/manuals/debian-reference/${reference:$1}$2 [L,R] + RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)$ /doc/manuals/debian-reference/${reference:$1} [R] RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/apa$1 -f - RewriteRule ^/doc/manuals/debian-reference/ap-appendix(.+) /doc/manuals/debian-reference/apa$1 [L,R=301] - RewriteRule ^/doc/manuals/debian-reference/ap-appendix$ /doc/manuals/debian-reference/apa [R=301] + RewriteRule ^/doc/manuals/debian-reference/ap-appendix(.+) /doc/manuals/debian-reference/apa$1 [L,R] + RewriteRule ^/doc/manuals/debian-reference/ap-appendix$ /doc/manuals/debian-reference/apa [R] RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/footnotes$1 !-f - RewriteRule ^/doc/manuals/debian-reference/footnotes(.+) /doc/manuals/debian-reference/index$1 [L,R=301] - RewriteRule ^/doc/manuals/debian-reference/footnotes$ /doc/manuals/debian-reference/ [R=301] + RewriteRule ^/doc/manuals/debian-reference/footnotes(.+) /doc/manuals/debian-reference/index$1 [L,R] + RewriteRule ^/doc/manuals/debian-reference/footnotes$ /doc/manuals/debian-reference/ [R] + +# DevRef filename changes c2016 + RedirectMatch ^(/doc/manuals/developers-reference)/scope(\.[a-z]{2})?.html $1/ch01$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/new-maintainer(\.[a-z]{2})?.html $1/ch02$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/developer-duties(\.[a-z]{2})?.html $1/ch03$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/resources(\.[a-z]{2})?.html $1/ch04$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/pkgs(\.[a-z]{2})?.html $1/ch05$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/best-pkging-practices(\.[a-z]{2})?.html $1/ch06$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/beyond-pkging(\.[a-z]{2})?.html $1/ch07$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/l10n(\.[a-z]{2})?.html $1/ch08$2.html + RedirectMatch ^(/doc/manuals/developers-reference)/tools(\.[a-z]{2})?.html $1/apa$2.html + # New Maintainers' Guide - RewriteRule ^/doc/(manuals/)?maint-guide/ch-(.*) /doc/manuals/maint-guide/$2 [R=301] - RewriteRule ^/doc/(manuals/)?maint-guide/footnotes(.*) /doc/manuals/maint-guide/index$2 [R=301] + RewriteRule ^/doc/(manuals/)?maint-guide/ch-(.*) /doc/manuals/maint-guide/$2 [R] + RewriteRule ^/doc/(manuals/)?maint-guide/footnotes(.*) /doc/manuals/maint-guide/index$2 [R] + +# Compatibility after Debian Policy changed to build with Sphinx (bug #877367) + RewriteRule ^/doc/debian-policy/footnotes.html(.*) /doc/debian-policy/ [R,L] # Canonical place for manuals under /doc/manuals/ RewriteCond %{DOCUMENT_ROOT}/doc/manuals/$1 -d - RewriteRule ^/doc/([^/]+)/?(.*)? /doc/manuals/$1/$2 [L,R=301] + RewriteRule ^/doc/([^/]+)/?(.*)? /doc/manuals/$1/$2 [L,R] + RewriteRule ^/doc/manuals/?$ /doc/ [L,R] + +# Relocation of blends pages + RewriteRule ^/devel/hamradio(.*)$ /blends/hamradio$1 [R,L] + +# Relocation of derivatives pages + RewriteRule ^/misc/children-distros(?:\.html)?$ /derivatives/ [R,L] + RewriteRule ^/misc/children-distros(\.[^\.]+(?:\.html)?)$ /derivatives/index$1 [R,L] + +# Relocation of memberships information + RewriteRule ^/misc/memberships(?:\.html)?$ /intro/organization$1#memberships [R,L] + RewriteRule ^/misc/memberships(\.[^\.]+(?:\.html)?)$ /intro/organization$1#memberships [R,L] + + + + ServerName <%= @wwwdo_server_name %> + + Use common-www.d.o-inner + + + + > + ErrorLog /var/log/apache2/www.debian.org-error.log + CustomLog /var/log/apache2/www.debian.org-access.log privacy + + ServerName <%= @wwwdo_server_name %> + Redirect / https://<%= @wwwdo_server_name %>/ + + > + ErrorLog /var/log/apache2/www.debian.org-error.log + CustomLog /var/log/apache2/www.debian.org-access.log privacyssl + + Use common-www.d.o + + Use common-debian-service-ssl <%= @wwwdo_server_name %> + Use common-ssl-HSTS + +<% if scope.function_onion_global_service_hostname([@wwwdo_server_name]) -%> + > + ErrorLog /var/log/apache2/www.debian.org-error.log + CustomLog /var/log/apache2/www.debian.org-access.log privacy + + ServerName <%= scope.function_onion_global_service_hostname([@wwwdo_server_name]) %> + + Use common-www.d.o-inner + +<% end %> + + +<%- if @redirect_vhosts -%> +# www other +########### + > + Use common-www-other.d.o + + ErrorLog /var/log/apache2/www-other.debian.org-error.log + CustomLog /var/log/apache2/www-other.debian.org-access.log privacy + + Redirect / https://www.debian.org/ + + > + Use common-www-other.d.o + + CustomLog /var/log/apache2/www-other-access.log privacyssl + ErrorLog /var/log/apache2/www-other-error.log + + # Legacy GPG versions (including 2.2.12 in buster/Debian 10) use the "direct method" instead + # of the "advanced method" which should be tried first according to the draft + # https://tools.ietf.org/html/draft-koch-openpgp-webkey-service + # also cf. RT#7828 + Redirect /.well-known/openpgpkey/ https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/ + + Redirect / https://www.debian.org/ + Use common-debian-service-ssl debian.org + Use common-ssl-HSTS +<%- end -%> +# vim:set syn=apache: