X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=21af9b111b0152d102029ab144fc2dce4c4cb5fa;hb=a9b74cf4ae86eafe8b17f05266203f46ad587d44;hp=7517f19d26ed58bb2594158c6a33cee913c31d14;hpb=11156c791adec21b9f4938e7ad49694a1b6d306b;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 7517f19d2..21af9b111 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -4,13 +4,17 @@
# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
- Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
- Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/
- Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/
- Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
+ ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
+ ServerAlias http.debian.net
+
+ Redirect /debian http://cdn-fastly.deb.debian.org/debian
+ Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug
+ Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports
+ Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security
- >
+ >
ServerName deb.debian.org
ErrorLog /var/log/apache2/deb.debian.org-error.log
@@ -29,23 +33,25 @@
AllowOverride FileInfo Indexes Options=Multiviews
Options Indexes SymLinksIfOwnerMatch
- IndexOptions FancyIndexing NameWidth=*
Require all granted
- Header set Surrogate-Key <%= hostname %>
+ Header set Surrogate-Key <%= @hostname %>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
- Redirect /debian/ https://cdn-aws.deb.debian.org/debian/
- Redirect /debian-debug/ https://cdn-aws.deb.debian.org/debian-debug/
- Redirect /debian-ports/ https://cdn-aws.deb.debian.org/debian-ports/
- Redirect /debian-security/ https://cdn-aws.deb.debian.org/debian-security/
+ Redirect /debian https://cdn-aws.deb.debian.org/debian
+ Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug
+ Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports
+ Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security
<% end -%>
ServerAlias network-test-backend.debian.org
+
+ Header set Cache-Control "must-revalidate, max-age=0"
+
@@ -75,11 +81,11 @@
RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L]
RewriteRule ^/migration/testing.pl /migration/cache/_index.html
+ Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Require all granted
Options Indexes SymLinksIfOwnerMatch MultiViews
- IndexOptions FancyIndexing NameWidth=*
AddEncoding gzip .gz
FilterDeclare gzip CONTENT_SET
@@ -89,6 +95,10 @@
ForceType text/plain
AddDefaultCharset utf-8
+
+ ForceType text/html
+ AddDefaultCharset utf-8
+
@@ -96,7 +106,6 @@
AllowOverride FileInfo Indexes Options=Multiviews
Options Multiviews Indexes FollowSymLinks Includes
- IndexOptions FancyIndexing NameWidth=*
Require all granted
@@ -142,6 +151,11 @@
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+
<%=
@@ -191,9 +205,13 @@ vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
vhost(lines, "security-team.debian.org" , :ssl => true)
vhost(lines, "d-i.debian.org" , :ssl => true)
vhost(lines, "appstream.debian.org" , :ssl => true)
+vhost(lines, "apt.buildd.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
vhost(lines, "dsa.debian.org" , :ssl => true)
vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
vhost(lines, "onion.debian.org" , :ssl => true)
+vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
vhost(lines, "micronews.debian.org" , :ssl => true)
@@ -226,7 +244,7 @@ lines.join("\n")
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
- >
+ >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
@@ -234,27 +252,27 @@ lines.join("\n")
######################
- >
+ >
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
- >
+ >
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent /archive http://www.ports.debian.org
@@ -263,16 +281,26 @@ lines.join("\n")
RedirectPermanent / http://ftp.ports.debian.org/
- >
+
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
- Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
+ Redirect / https://meetings-archive.debian.net/pub/debian-meetings/
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+ Use common-debian-service-ssl video.debian.net
+ Use common-ssl-HSTS
# historical sites
##################
# now only redirects remain
- >
+ >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
@@ -289,17 +317,44 @@ lines.join("\n")
RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
- >
+ >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://www.debian.org/volatile/
- >
+ >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
+ >
+ ServerName backports-master.debian.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://backports.debian.org/
+
+
+ >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+
+
+# error pages
+#############
+
+Use common-dsa-vhost-https-redirect archive.debian.net
+ >
+ ServerName archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/archive.debian.net-error.log
+ CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
+ Use common-debian-service-ssl archive.debian.net
+ Use common-ssl-HSTS
+ Use common-disabled-service
+
+
+
# vim:ft=apache: