X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fsecurity_mirror%2Fsecurity.debian.org.erb;h=917732741af9c9b7020cbde18c49c50266432c81;hb=562a5017ec445c5a1fbf163b9d5a10667a9f17ea;hp=1f4cf6adc0d2262469676d3472ba135be4cd6e8b;hpb=2c9e56c30d184d40d77b48019269db96946b4377;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/templates/security_mirror/security.debian.org.erb b/modules/roles/templates/security_mirror/security.debian.org.erb index 1f4cf6adc..917732741 100644 --- a/modules/roles/templates/security_mirror/security.debian.org.erb +++ b/modules/roles/templates/security_mirror/security.debian.org.erb @@ -3,9 +3,9 @@ ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## - + ServerAdmin debian-admin@debian.org - DocumentRoot /srv/ftp.root/debian-security + DocumentRoot /srv/mirrors/debian-security ServerPath /debian-security ServerName security.debian.org ServerAlias security.ipv6.debian.org @@ -20,6 +20,7 @@ <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%> ServerAlias <%= scope.function_onion_global_service_hostname(['security.debian.org']) %> <% end %> + ServerAlias security.backend.mirrors.debian.org ServerAlias *.security.backend.mirrors.debian.org ServerAlias security.anycast-test.mirrors.debian.org @@ -27,26 +28,29 @@ ExpiresActive On ExpiresDefault "access plus 2 minutes" - Alias /debian-security /srv/ftp.root/debian-security - Use ftp-archive /srv/ftp.root/debian-security + Alias /debian-security /srv/mirrors/debian-security + Use ftp-archive /srv/mirrors/debian-security + + Alias /_health /run/dsa-mirror-health-security/health + + Require all granted + RewriteEngine on - RewriteRule ^/$ http://www.debian.org/security/ - - #RewriteCond %{HTTP:Fastly-Client-IP} !. [NV] - #RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront" - #<% if scope.function_onion_global_service_hostname(['security.debian.org']) -%> - #RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>" - #<% end %> - #RewriteRule ^/(pool/updates/main/l/linux/.*) http://security-cdn.debian.org/$1 [L,R=302] - #RewriteCond %{HTTP:Fastly-Client-IP} !. [NV] - #RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront" - #<% if scope.function_onion_global_service_hostname(['security.debian.org']) -%> - #RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>" - #<% end %> - #RewriteRule ^/debian-security/(pool/updates/main/l/linux/.*) http://security-cdn.debian.org/$1 [L,R=302] - - CustomLog /var/log/apache2/security.debian.org-access.log privacy + RewriteRule ^/$ https://www.debian.org/security/ + + RewriteCond %{HTTP:Fastly-Client-IP} !. [NV] + RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront" + RewriteCond %{HTTP_USER_AGENT} "!check_http" + RewriteCond %{HTTP_USER_AGENT} "!dsa-check-mirrorsync" + RewriteCond %{HTTP_USER_AGENT} "!mirror-health" + <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%> + RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>" + <% end %> + RewriteCond %{REQUEST_URI} "!=/_health" + RewriteRule ^/(.*) http://security-cdn.debian.org/$1 [L,R=302] + + CustomLog /var/log/apache2/security.debian.org-access.log combined ServerSignature On