X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fapache-www.debian.org.erb;h=3d235ee9e1623201d0afd2f23d837d86519243e5;hb=126b889e3c4302ba95d770cc946e0a37c4160116;hp=ed50778d895828d20aa8c3fd5802aa2b7759f438;hpb=06f9a20372d9023517b87780bb5a411a37d0c4b0;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/apache-www.debian.org.erb b/modules/roles/templates/apache-www.debian.org.erb
index ed50778d8..3d235ee9e 100644
--- a/modules/roles/templates/apache-www.debian.org.erb
+++ b/modules/roles/templates/apache-www.debian.org.erb
@@ -97,9 +97,6 @@
ServerAlias www.debian.eu
ServerAlias debian.eu
- ServerAlias www.debian.fi
- ServerAlias debian.fi
-
ServerAlias www.debian.nl
ServerAlias debian.nl
@@ -133,24 +130,41 @@
# this behavior, and proxies will be allowed to cache the documents.
CacheNegotiatedDocs On
+ # The UI for language selection in browsers is rarely used or known about
+ # by visitors so websites need to provide a way for visitors to influence
+ # content negotiation using the website itself in addition to the browser.
+ # Setting a cookie is the simplest option for us as the URLs don't change.
+ # The GDPR does not apply and to satisfy the EU cookie law we can include
+ # some explanatory text around the form that sets the cookie.
+ # The use of POST requests will ensure each cookie is only set explictly.
+ # When a cookie is set by the user, update it on every visit so it doesn't
+ # expire unless the user stops visiting the website for the cookie duration.
+ # Since Apache mod_rewrite cannot inspect POST data, we use URLs instead.
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} ^POST$
+ RewriteRule /intro/cn/setlang/([a-z]{2}(?:-[a-z]{2})?)/(.*) /$2 [last,redirect,cookie=lang:$1:%{HTTP_HOST}:40320:/:secure:]
+ RewriteCond %{REQUEST_METHOD} ^POST$
+ RewriteRule /intro/cn/unsetlang/(.*) /$1 [last,redirect,cookie=lang:invalid:%{HTTP_HOST}:-1:/:secure:]
+ RewriteCond %{HTTP_COOKIE} /^lang=([a-z]{2}(?:-[a-z]{2})?)$/
+ RewriteRule . - [cookie=lang:%1:%{HTTP_HOST}:40320:/:secure:]
+ SetEnvIf Cookie "lang=(.+)" prefer-language=$1
+ Header append Vary cookie
+
# Custom Error
ErrorDocument 404 /devel/website/errors/404
RewriteCond %{DOCUMENT_ROOT}/devel/website/errors/404.$2.html -f
RewriteRule ^/(?!devel/website/errors/)(.*/)?404\.(.+)\.html$ /devel/website/errors/404.$2.html [L]
# the joys of backwards compatibility
- RedirectPermanent /cgi-bin/cvsweb https://cvs.debian.org
- RedirectPermanent /Lists-Archives https://lists.debian.org
- RedirectPermanent /search https://search.debian.org
- RedirectPermanent /Packages https://packages.debian.org
- RedirectPermanent /lintian https://lintian.debian.org
-
- RedirectPermanent /SPI https://www.spi-inc.org
-# RedirectPermanent /OpenHardware http://www.openhardware.org
- RedirectPermanent /OpenSource https://opensource.org
-
- RedirectPermanent /Bugs/db/ix/pseudopackages.html /Bugs/pseudo-packages
- RewriteEngine on
+ Redirect /Lists-Archives https://lists.debian.org
+ Redirect /search https://search.debian.org
+ Redirect /Packages https://packages.debian.org
+ Redirect /lintian https://lintian.debian.org
+
+ Redirect /SPI https://www.spi-inc.org
+# Redirect /OpenHardware http://www.openhardware.org
+ Redirect /OpenSource https://opensource.org
+ Redirect /Bugs/db/ix/pseudopackages.html /Bugs/pseudo-packages
RewriteRule ^/Bugs/db/pa/l([^/]+).html$ https://bugs.debian.org/$1
RewriteRule ^/Bugs/db/[[:digit:]][[:digit:]]/([[:digit:]][[:digit:]][[:digit:]]+).html$ https://bugs.debian.org/$1
RewriteRule ^/Bugs/db/ma/l([^/]+).html$ https://bugs.debian.org/cgi-bin/pkgreport.cgi?maintenc=$1
@@ -159,117 +173,140 @@
UserDir disabled
- RedirectPermanent /devel/todo/ /devel/wnpp/help_requested_bypop
- RedirectPermanent /doc/FAQ /doc/manuals/debian-faq
- RedirectPermanent /doc/manuals/debian-fr-howto /doc/manuals/fr/debian-fr-howto
- RedirectPermanent /doc/manuals/reference /doc/manuals/debian-reference
- RedirectPermanent /doc/packaging-manuals/developers-reference /doc/manuals/developers-reference
- RedirectPermanent /doc/packaging-manuals/packaging-tutorial /doc/manuals/packaging-tutorial
- RedirectPermanent /doc/prospective-packages /devel/wnpp/
- RedirectPermanent /devel/maintainer_contacts /intro/organization
- RedirectPermanent /devel/debian-installer/gtk-frontend https://wiki.debian.org/DebianInstaller/GUI
- RedirectPermanent /zh/ /international/Chinese/
- RedirectPermanent /chinese/ /international/Chinese/
- RedirectPermanent /devel/help /devel/join/
- RedirectPermanent /distrib/books /doc/books
- RedirectPermanent /distrib/floppyinst /distrib/netinst
- RedirectPermanent /distrib/netboot /distrib/netinst
- RedirectPermanent /distrib/vendors /CD/vendors/
- RedirectPermanent /distrib/cd /CD/
- RedirectPermanent /distrib/cdinfo /CD/vendors/info
- RedirectPermanent /related_links /misc/related_links
- RedirectPermanent /ports/laptops /misc/laptops/
- RedirectPermanent /misc/README.mirrors /mirror/list
- RedirectPermanent /misc/README.non-US /mirror/list.non-US
- RedirectPermanent /intl /international
- RedirectPermanent /ports/armel /ports/arm
- RedirectPermanent /ports/armhf /ports/arm
- RedirectPermanent /ports/arm64 /ports/arm
- RedirectPermanent /ports/mipsel /ports/mips
- RedirectPermanent /ports/mips64el /ports/mips
- RedirectPermanent /ports/kfreebsd-amd64 /ports/kfreebsd-gnu
- RedirectPermanent /ports/kfreebsd-i386 /ports/kfreebsd-gnu
- RedirectPermanent /ports/sparc64 /ports/sparc
- RedirectPermanent /ports/s390x /ports/s390
- RedirectPermanent /ports/ppc64 /ports/powerpc
- RedirectPermanent /ports/ppc64el /ports/powerpc
- RedirectPermanent /ports/powerpcspe /ports/powerpc
- RedirectPermanent /mirror/official_sponsors /mirror/sponsors
- RedirectPermanent /mirror/official /mirror/list
- RedirectPermanent /mirror/mirrors_full.html /mirror/list-full.html
- RedirectPermanent /mirrors /mirror
- RedirectPermanent /News/project /News/weekly
- RedirectPermanent /releases/2.0 /releases/hamm
- RedirectPermanent /releases/2.1 /releases/slink
- RedirectPermanent /releases/2.2 /releases/potato
- RedirectPermanent /releases/3.0 /releases/woody
- RedirectPermanent /releases/3.1 /releases/sarge
- RedirectPermanent /releases/4.0 /releases/etch
- RedirectPermanent /releases/5.0 /releases/lenny
- RedirectPermanent /releases/6.0 /releases/squeeze
- RedirectPermanent /releases/7 /releases/wheezy
- RedirectPermanent /releases/8 /releases/jessie
- RedirectPermanent /releases/9 /releases/stretch
- RedirectPermanent /releases/10 /releases/buster
- RedirectPermanent /releases/unstable /releases/sid
- RedirectPermanent /support/ /support
+ Redirect /devel/todo/ /devel/wnpp/help_requested_bypop
+ Redirect /doc/FAQ /doc/manuals/debian-faq
+ Redirect /doc/manuals/debian-fr-howto /doc/manuals/fr/debian-fr-howto
+ Redirect /doc/manuals/reference /doc/manuals/debian-reference
+ Redirect /doc/packaging-manuals/developers-reference /doc/manuals/developers-reference
+ Redirect /doc/packaging-manuals/packaging-tutorial /doc/manuals/packaging-tutorial
+ Redirect /doc/prospective-packages /devel/wnpp/
+ Redirect /devel/maintainer_contacts /intro/organization
+ Redirect /devel/debian-installer/gtk-frontend https://wiki.debian.org/DebianInstaller/GUI
+ Redirect /zh/ /international/Chinese/
+ Redirect /chinese/ /international/Chinese/
+ Redirect /devel/help /devel/join/
+ Redirect /distrib/books /doc/books
+ Redirect /distrib/floppyinst /distrib/netinst
+ Redirect /distrib/netboot /distrib/netinst
+ Redirect /distrib/vendors /CD/vendors/
+ Redirect /distrib/cd /CD/
+ Redirect /distrib/cdinfo /CD/vendors/info
+ Redirect /related_links /misc/related_links
+ Redirect /ports/laptops /misc/laptops/
+ Redirect /misc/README.mirrors /mirror/list
+ Redirect /misc/README.non-US /mirror/list.non-US
+ Redirect /misc/awards /News/awards
+ Redirect /misc/bsd.license https://opensource.org/licenses/BSD-3-Clause
+ Redirect /misc/laptops https://wiki.debian.org/InstallingDebianOn
+ Redirect /misc/memberships /intro/organization#memberships
+ Redirect /misc/merchandise /events/merchandise
+ Redirect /intl /international
+ Redirect /ports/armel /ports/arm
+ Redirect /ports/armhf /ports/arm
+ Redirect /ports/arm64 /ports/arm
+ Redirect /ports/mipsel /ports/mips
+ Redirect /ports/mips64el /ports/mips
+ Redirect /ports/kfreebsd-amd64 /ports/kfreebsd-gnu
+ Redirect /ports/kfreebsd-i386 /ports/kfreebsd-gnu
+ Redirect /ports/sparc64 /ports/sparc
+ Redirect /ports/s390x /ports/s390
+ Redirect /ports/ppc64 /ports/powerpc
+ Redirect /ports/ppc64el /ports/powerpc
+ Redirect /ports/powerpcspe /ports/powerpc
+ Redirect /ports/riscv64 https://wiki.debian.org/RISC-V
+ Redirect /ports/x32 https://wiki.debian.org/X32Port
+ Redirect /ports/sh4 https://wiki.debian.org/SH4
+ Redirect /mirror/official_sponsors /mirror/sponsors
+ Redirect /mirror/official /mirror/list
+ Redirect /mirror/mirrors_full.html /mirror/list-full.html
+ Redirect /mirrors /mirror
+ Redirect /News/project /News/weekly
+ Redirect /releases/2.0 /releases/hamm
+ Redirect /releases/2.1 /releases/slink
+ Redirect /releases/2.2 /releases/potato
+ Redirect /releases/3.0 /releases/woody
+ Redirect /releases/3.1 /releases/sarge
+ Redirect /releases/4.0 /releases/etch
+ Redirect /releases/5.0 /releases/lenny
+ Redirect /releases/6.0 /releases/squeeze
+ Redirect /releases/7 /releases/wheezy
+ Redirect /releases/8 /releases/jessie
+ Redirect /releases/9 /releases/stretch
+ Redirect /releases/10 /releases/buster
+ Redirect /releases/unstable /releases/sid
+ Redirect /support/ /support
# Upper-case URLs were a bad idea
- RedirectPermanent /bugs /Bugs
- RedirectPermanent /news /News
- RedirectPermanent /mailinglists /MailingLists
- RedirectPermanent /cd /CD
+ Redirect /bugs /Bugs
+ Redirect /news /News
+ Redirect /mailinglists /MailingLists
+ Redirect /cd /CD
- RewriteRule ^/ports/freebsd(.*) /ports/kfreebsd-gnu/ [R=301]
- RewriteRule ^/devel/debian-installer/report-template(.*) /releases/stable/i386/ch05s04.html#submit-bug [NE,R=301]
- RewriteRule ^/devel/debian-installer/hooks(.*) https://d-i.alioth.debian.org/doc/internals/apb.html [R=301]
- RewriteRule ^/doc/packaging-manuals/mime-policy(.*) /doc/debian-policy/ch-opersys.html#s-mime [NE,R=302]
+ RewriteRule ^/ports/freebsd(.*) /ports/kfreebsd-gnu/ [R]
+ RewriteRule ^/devel/debian-installer/report-template(.*) /releases/stable/i386/ch05s04#submit-bug [NE,R]
+ RewriteRule ^/devel/debian-installer/hooks(.*) https://d-i.debian.org/doc/internals/apb.html [R]
+ RewriteRule ^/doc/packaging-manuals/mime-policy(.*) /doc/debian-policy/ch-opersys.html#s-mime [NE,R]
RewriteRule ^/volatile/index.* - [S=1]
- RewriteRule ^/volatile/.+ /volatile/ [L,R=301]
- RewriteRule ^/devel/debian-volatile/.* /volatile/ [R=301]
+ RewriteRule ^/volatile/.+ /volatile/ [L,R]
+ RewriteRule ^/devel/debian-volatile/.* /volatile/ [R]
# Offer a Redirect to DSA without knowing year #474730
RewriteMap dsa txt:<%= @wwwdo_document_root %>/security/map-dsa.txt
- RewriteRule ^/security/dsa-(\d+)(\..*)? /security/${dsa:$1}$2 [R=301]
+ RewriteRule ^/security/dsa-(\d+)(\..*)? /security/${dsa:$1}$2 [R]
# Compatibility after SGML -> DocBook
# Debian Reference #624239
RewriteMap reference txt:<%= @wwwdo_document_root %>/doc/map-reference.txt
RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/ch-support$1 !-f
- RewriteRule ^/doc/manuals/debian-reference/ch-support(.*) /support$1 [L,R=301]
+ RewriteRule ^/doc/manuals/debian-reference/ch-support(.*) /support$1 [L,R]
RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/${reference:$1}$2 -f
- RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)(.+) /doc/manuals/debian-reference/${reference:$1}$2 [L,R=301]
- RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)$ /doc/manuals/debian-reference/${reference:$1} [R=301]
+ RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)(.+) /doc/manuals/debian-reference/${reference:$1}$2 [L,R]
+ RewriteRule ^/doc/manuals/debian-reference/ch-([^\.]+)$ /doc/manuals/debian-reference/${reference:$1} [R]
RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/apa$1 -f
- RewriteRule ^/doc/manuals/debian-reference/ap-appendix(.+) /doc/manuals/debian-reference/apa$1 [L,R=301]
- RewriteRule ^/doc/manuals/debian-reference/ap-appendix$ /doc/manuals/debian-reference/apa [R=301]
+ RewriteRule ^/doc/manuals/debian-reference/ap-appendix(.+) /doc/manuals/debian-reference/apa$1 [L,R]
+ RewriteRule ^/doc/manuals/debian-reference/ap-appendix$ /doc/manuals/debian-reference/apa [R]
RewriteCond %{DOCUMENT_ROOT}/doc/manuals/debian-reference/footnotes$1 !-f
- RewriteRule ^/doc/manuals/debian-reference/footnotes(.+) /doc/manuals/debian-reference/index$1 [L,R=301]
- RewriteRule ^/doc/manuals/debian-reference/footnotes$ /doc/manuals/debian-reference/ [R=301]
+ RewriteRule ^/doc/manuals/debian-reference/footnotes(.+) /doc/manuals/debian-reference/index$1 [L,R]
+ RewriteRule ^/doc/manuals/debian-reference/footnotes$ /doc/manuals/debian-reference/ [R]
+
+# DevRef filename changes c2019 (#931548, migration to Sphinx)
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch01(\.[a-z]{2})?.html $1/scope$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch02(\.[a-z]{2})?.html $1/new-maintainer$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch03(\.[a-z]{2})?.html $1/developer-duties$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch04(\.[a-z]{2})?.html $1/resources$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch05(\.[a-z]{2})?.html $1/pkgs$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch06(\.[a-z]{2})?.html $1/best-pkging-practices$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch07(\.[a-z]{2})?.html $1/beyond-pkging$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/ch08(\.[a-z]{2})?.html $1/l10n$2.html
+ RedirectMatch ^(/doc/manuals/developers-reference)/apa(\.[a-z]{2})?.html $1/tools$2.html
+
# New Maintainers' Guide
- RewriteRule ^/doc/(manuals/)?maint-guide/ch-(.*) /doc/manuals/maint-guide/$2 [R=301]
- RewriteRule ^/doc/(manuals/)?maint-guide/footnotes(.*) /doc/manuals/maint-guide/index$2 [R=301]
+ RewriteRule ^/doc/(manuals/)?maint-guide/ch-(.*) /doc/manuals/maint-guide/$2 [R]
+ RewriteRule ^/doc/(manuals/)?maint-guide/footnotes(.*) /doc/manuals/maint-guide/index$2 [R]
# Compatibility after Debian Policy changed to build with Sphinx (bug #877367)
- RewriteRule ^/doc/debian-policy/footnotes.html(.*) /doc/debian-policy/ [R=301,L]
+ RewriteRule ^/doc/debian-policy/footnotes.html(.*) /doc/debian-policy/ [R,L]
# Canonical place for manuals under /doc/manuals/
RewriteCond %{DOCUMENT_ROOT}/doc/manuals/$1 -d
- RewriteRule ^/doc/([^/]+)/?(.*)? /doc/manuals/$1/$2 [L,R=301]
- RewriteRule ^/doc/manuals/?$ /doc/ [L,R=301]
+ RewriteRule ^/doc/([^/]+)/?(.*)? /doc/manuals/$1/$2 [L,R]
+ RewriteRule ^/doc/manuals/?$ /doc/ [L,R]
# Relocation of blends pages
- RewriteRule ^/devel/hamradio(.*)$ /blends/hamradio$1 [R=301,L]
+ RewriteRule ^/devel/hamradio(.*)$ /blends/hamradio$1 [R,L]
# Relocation of derivatives pages
- RewriteRule ^/misc/children-distros(?:\.html)?$ /derivatives/ [R=301,L]
- RewriteRule ^/misc/children-distros(\.[^\.]+(?:\.html)?)$ /derivatives/index$1 [R=301,L]
+ RewriteRule ^/misc/children-distros(?:\.html)?$ /derivatives/ [R,L]
+ RewriteRule ^/misc/children-distros(\.[^\.]+(?:\.html)?)$ /derivatives/index$1 [R,L]
+
+# Relocation of memberships information
+ RewriteRule ^/misc/memberships(?:\.html)?$ /intro/organization$1#memberships [R,L]
+ RewriteRule ^/misc/memberships(\.[^\.]+(?:\.html)?)$ /intro/organization$1#memberships [R,L]
- ServerName www.debian.org
- ServerAlias www-*.debian.org
+ ServerName <%= @wwwdo_server_name %>
Use common-www.d.o-inner
@@ -279,8 +316,8 @@
ErrorLog /var/log/apache2/www.debian.org-error.log
CustomLog /var/log/apache2/www.debian.org-access.log privacy
- ServerName www.debian.org
- Redirect / https://www.debian.org/
+ ServerName <%= @wwwdo_server_name %>
+ Redirect / https://<%= @wwwdo_server_name %>/
>
ErrorLog /var/log/apache2/www.debian.org-error.log
@@ -288,22 +325,22 @@
Use common-www.d.o
- Use common-debian-service-ssl www.debian.org
+ Use common-debian-service-ssl <%= @wwwdo_server_name %>
Use common-ssl-HSTS
-
-<% if scope.function_onion_global_service_hostname(['www.debian.org']) -%>
+<% if scope.function_onion_global_service_hostname([@wwwdo_server_name]) -%>
>
ErrorLog /var/log/apache2/www.debian.org-error.log
CustomLog /var/log/apache2/www.debian.org-access.log privacy
- ServerName <%= scope.function_onion_global_service_hostname(['www.debian.org']) %>
+ ServerName <%= scope.function_onion_global_service_hostname([@wwwdo_server_name]) %>
Use common-www.d.o-inner
<% end %>
+<%- if @redirect_vhosts -%>
# www other
###########
>
@@ -312,7 +349,7 @@
ErrorLog /var/log/apache2/www-other.debian.org-error.log
CustomLog /var/log/apache2/www-other.debian.org-access.log privacy
- Redirect permanent / https://www.debian.org/
+ Redirect / https://www.debian.org/
>
Use common-www-other.d.o
@@ -320,9 +357,16 @@
CustomLog /var/log/apache2/www-other-access.log privacyssl
ErrorLog /var/log/apache2/www-other-error.log
- Redirect permanent / https://www.debian.org/
+ # Legacy GPG versions (including 2.2.12 in buster/Debian 10) use the "direct method" instead
+ # of the "advanced method" which should be tried first according to the draft
+ # https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ # also cf. RT#7828
+ Redirect /.well-known/openpgpkey/ https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/
+
+ Redirect / https://www.debian.org/
Use common-debian-service-ssl debian.org
Use common-ssl-HSTS
+<%- end -%>
# vim:set syn=apache: