X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fsecurity_mirror%2Fsecurity.debian.org.erb;h=91e4056e477a3de0f17aaf8e4e351170617399c7;hb=d0c4a3cffb9addbd57bb764ed917cb06e2f84e57;hp=5299f36aa6b409417365d8ab8c2ea03b59cbacd3;hpb=28d845a146f1b7259134059db896e8ff8bcc32d1;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/templates/security_mirror/security.debian.org.erb b/modules/roles/templates/security_mirror/security.debian.org.erb
index 5299f36aa..91e4056e4 100644
--- a/modules/roles/templates/security_mirror/security.debian.org.erb
+++ b/modules/roles/templates/security_mirror/security.debian.org.erb
@@ -3,16 +3,9 @@
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 ##
 
-<Directory /srv/ftp.root/debian-security>
-   IndexOptions NameWidth=* +SuppressDescription
-   Options +FollowSymLinks
-   Options +Indexes
-   FileETag MTime Size
-</Directory>
-
-<VirtualHost *:80>
+<VirtualHost <%= @vhost_listen %> 127.0.0.1:80 [::1]:80 >
    ServerAdmin debian-admin@debian.org
-   DocumentRoot /srv/ftp.root/debian-security
+   DocumentRoot /srv/mirrors/debian-security
    ServerPath /debian-security
    ServerName security.debian.org
    ServerAlias security.ipv6.debian.org
@@ -24,33 +17,41 @@
    ServerAlias security-cdn1.debian.org
    ServerAlias security-cdn2.debian.org
    ServerAlias security-nagios.debian.org
+   <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
+   ServerAlias <%= scope.function_onion_global_service_hostname(['security.debian.org']) %>
+   <% end %>
+   ServerAlias security.backend.mirrors.debian.org
+   ServerAlias *.security.backend.mirrors.debian.org
+   ServerAlias security.anycast-test.mirrors.debian.org
+
 
    ExpiresActive On
    ExpiresDefault "access plus 2 minutes"
 
-   Alias /debian-security /srv/ftp.root/debian-security
-
-   <Directory /srv/ftp.root/debian-security/pool>
-      <FilesMatch "\.(bz2|gz|deb|dsc|xz)$">
-         ExpiresDefault "access plus 1 month"
-         Header append Cache-Control "public"
-      </FilesMatch>
-   </Directory>
+   Alias /debian-security /srv/mirrors/debian-security
+   Use ftp-archive /srv/mirrors/debian-security
 
-   <Directory /srv/ftp.root/debian-security/dists>
-      ExpiresDefault "access plus 1 seconds"
-      Header append Cache-Control "public"
+   Alias /_health /run/dsa-mirror-health-security/health
+   <Directory /run/dsa-mirror-health-security/>
+      Require all granted
    </Directory>
 
    RewriteEngine on
-   RewriteRule ^/$      http://www.debian.org/security/
-
-   # Possible values include: debug, info, notice, warn, error, crit,
-   # alert, emerg.
-   LogLevel warn
-
-   CustomLog /var/log/apache2/security.debian.org-access.log privacy
+   RewriteRule ^/$      https://www.debian.org/security/
+
+   RewriteCond %{HTTP:Fastly-Client-IP} !. [NV]
+   RewriteCond %{HTTP_USER_AGENT} "!Amazon CloudFront"
+   RewriteCond %{HTTP_USER_AGENT} "!check_http"
+   RewriteCond %{HTTP_USER_AGENT} "!dsa-check-mirrorsync"
+   RewriteCond %{HTTP_USER_AGENT} "!mirror-health"
+   <% if scope.function_onion_global_service_hostname(['security.debian.org']) -%>
+   RewriteCond %{HTTP_HOST} "!=<%= scope.function_onion_global_service_hostname(['security.debian.org']) %>"
+   <% end %>
+   RewriteCond %{REQUEST_URI} "!=/_health"
+   RewriteRule ^/(.*) http://security-cdn.debian.org/$1 [L,R=302]
+
+   CustomLog /var/log/apache2/security.debian.org-access.log combined
    ServerSignature On
 </VirtualHost>
 
-# vim: set ts=3 sw=3 et:
+# vim:set syn=apache: