X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=21af9b111b0152d102029ab144fc2dce4c4cb5fa;hb=a9b74cf4ae86eafe8b17f05266203f46ad587d44;hp=a84e174393384469c5d595635f6844ebaecd1a12;hpb=673e64933019da594d2baf73c0b21593c20be7d9;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb index a84e17439..21af9b111 100644 --- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb +++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb @@ -8,13 +8,13 @@ ServerAlias cdn.debian.net ServerAlias http.debian.net - Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/ - Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/ - Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/ - Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/ + Redirect /debian http://cdn-fastly.deb.debian.org/debian + Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug + Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports + Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security - > + > ServerName deb.debian.org ErrorLog /var/log/apache2/deb.debian.org-error.log @@ -36,19 +36,22 @@ Require all granted - Header set Surrogate-Key <%= hostname %> + Header set Surrogate-Key <%= @hostname %> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css - Redirect /debian/ https://cdn-aws.deb.debian.org/debian/ - Redirect /debian-debug/ https://cdn-aws.deb.debian.org/debian-debug/ - Redirect /debian-ports/ https://cdn-aws.deb.debian.org/debian-ports/ - Redirect /debian-security/ https://cdn-aws.deb.debian.org/debian-security/ + Redirect /debian https://cdn-aws.deb.debian.org/debian + Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug + Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports + Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security <% end -%> ServerAlias network-test-backend.debian.org + + Header set Cache-Control "must-revalidate, max-age=0" + @@ -78,6 +81,7 @@ RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L] RewriteRule ^/migration/testing.pl /migration/cache/_index.html + Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/ Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/ Require all granted @@ -148,7 +152,10 @@ # Versioned request RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE] - Header always set Content-Security-Policy "default-src 'self';" + Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';" + + Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';" + <%= @@ -199,6 +206,7 @@ vhost(lines, "security-team.debian.org" , :ssl => true) vhost(lines, "d-i.debian.org" , :ssl => true) vhost(lines, "appstream.debian.org" , :ssl => true) vhost(lines, "apt.buildd.debian.org" , :ssl => true) +vhost(lines, "dpl.debian.org" , :ssl => true) vhost(lines, "dsa.debian.org" , :ssl => true) vhost(lines, "rtc.debian.org" , :ssl => true) vhost(lines, "mirror-master.debian.org" , :ssl => true) @@ -236,7 +244,7 @@ lines.join("\n") # www.backports.org is the historical place for the backports # website and archive. It is now a CNAME to backports.debian.org: # redirect http requests. - > + > ServerName www.backports.org ServerAlias lists.backports.org ServerAdmin debian-admin@debian.org @@ -244,27 +252,27 @@ lines.join("\n") ###################### - > + > ServerName www.debian-ports.org ServerAlias debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.ports.debian.org/ - > + > ServerName ports.debian.org ServerAlias ports.debian.net ServerAdmin debian-admin@debian.org RedirectPermanent / https://www.ports.debian.org/ - > + > ServerName incoming.debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent / http://incoming.ports.debian.org/ - > + > ServerName ftp.debian-ports.org ServerAdmin debian-admin@debian.org RedirectPermanent /archive http://www.ports.debian.org @@ -273,16 +281,26 @@ lines.join("\n") RedirectPermanent / http://ftp.ports.debian.org/ - > + ServerName video.debian.net ServerAdmin debian-admin@debian.org - Redirect / http://meetings-archive.debian.net/pub/debian-meetings/ + Redirect / https://meetings-archive.debian.net/pub/debian-meetings/ + + + > + Use vstatic-vhost-video.debian.net + + + > + Use vstatic-vhost-video.debian.net + Use common-debian-service-ssl video.debian.net + Use common-ssl-HSTS # historical sites ################## # now only redirects remain - > + > ServerName women.debian.org ServerAdmin debian-admin@debian.org @@ -299,29 +317,44 @@ lines.join("\n") RedirectPermanent /profiles/ http://www.debian.org/women/profiles/ - > + > ServerName volatile.debian.org ServerAlias volatile-master.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / http://www.debian.org/volatile/ - > + > ServerName ftp-master.metadata.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / http://metadata.ftp-master.debian.org/ - > + > ServerName backports-master.debian.org ServerAdmin debian-admin@debian.org RedirectPermanent / https://backports.debian.org/ - > + > ServerName manpages.debian.net ServerAdmin debian-admin@debian.org Redirect / https://manpages.debian.org/ +# error pages +############# + +Use common-dsa-vhost-https-redirect archive.debian.net + > + ServerName archive.debian.net + ServerAdmin debian-admin@debian.org + ErrorLog /var/log/apache2/archive.debian.net-error.log + CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl + Use common-debian-service-ssl archive.debian.net + Use common-ssl-HSTS + Use common-disabled-service + + + # vim:ft=apache: