X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=adddd55b9d226bd4eafcede57a320ad5403dfec6;hb=775af04d2d69bcbfe143e8cc3c23a364a6bb4375;hp=184668b76f0b52954aa3e6679c1e3d14631a9a92;hpb=a28ed6fe4705cc3761484549aaf235f2f61bb265;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 184668b76..adddd55b9 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -4,15 +4,54 @@
# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
- Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
- Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/
- Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/
- Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
+ ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
+ ServerAlias http.debian.net
+
+ Redirect /debian http://cdn-fastly.deb.debian.org/debian
+ Redirect /debian-debug http://cdn-fastly.deb.debian.org/debian-debug
+ Redirect /debian-ports http://cdn-fastly.deb.debian.org/debian-ports
+ Redirect /debian-security http://cdn-fastly.deb.debian.org/debian-security
+
+ >
+ ServerName deb.debian.org
+
+ ErrorLog /var/log/apache2/deb.debian.org-error.log
+ CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
+
+ Use common-debian-service-ssl deb.debian.org
+ Use common-ssl-HSTS
+
+ ServerAdmin debian-admin@lists.debian.org
+
+ UserDir disabled
+
+ ServerSignature On
+
+ DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+
+
+ Header set Surrogate-Key <%= @hostname %>
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+
+ Redirect /debian https://cdn-aws.deb.debian.org/debian
+ Redirect /debian-debug https://cdn-aws.deb.debian.org/debian-debug
+ Redirect /debian-ports https://cdn-aws.deb.debian.org/debian-ports
+ Redirect /debian-security https://cdn-aws.deb.debian.org/debian-security
+
<% end -%>
ServerAlias network-test-backend.debian.org
+
+ Header set Cache-Control "must-revalidate, max-age=0"
+
@@ -23,6 +62,12 @@
AddDefaultCharset utf-8
+
+ # Rewrite away double slashes
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
+ RewriteRule . %1/%2 [L,NE]
+
ForceType text/plain
@@ -36,11 +81,11 @@
RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L]
RewriteRule ^/migration/testing.pl /migration/cache/_index.html
+ Alias /oldstable-proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
Require all granted
Options Indexes SymLinksIfOwnerMatch MultiViews
- IndexOptions FancyIndexing NameWidth=*
AddEncoding gzip .gz
FilterDeclare gzip CONTENT_SET
@@ -50,6 +95,11 @@
ForceType text/plain
AddDefaultCharset utf-8
+
+ ForceType text/html
+ AddDefaultCharset utf-8
+
+ AddType text/plain .wml
@@ -57,7 +107,6 @@
AllowOverride FileInfo Indexes Options=Multiviews
Options Multiviews Indexes FollowSymLinks Includes
- IndexOptions FancyIndexing NameWidth=*
Require all granted
@@ -78,10 +127,7 @@
AddEncoding x-gzip .gz
AddType text/plain .log
-
- AddOutputFilterByType DEFLATE image/svg+xml
- AddOutputFilterByType DEFLATE text/plain
-
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css image/svg+xml
@@ -94,8 +140,8 @@
RewriteMap source-map txt:/srv/static.debian.org/mirrors/lintian.debian.org/cur/lookup-tables/source-packages
# Re-direct from the "old" locations to the new ones
- RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L,R=permanent]
- RewriteRule ^/reports/(.*)$ /$1 [L,R=permanent]
+ RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L]
+ RewriteRule ^/reports/(.*)$ /$1 [L]
# Map source packages to reports (this mapping is re-written once per lintian run,
# serve it as a 302 rather than a permanent redirect)
@@ -103,6 +149,98 @@
RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
# Versioned request
RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+
+
+
+
+
+ ForceType text/html
+
+
+ ForceType text/html
+
+
+ RewriteEngine on
+ SSLProxyEngine on
+ RewriteRule ^/$ /wiki/Main_Page [L,P]
+ RewriteRule ^/wiki/$ /wiki/Main_Page [L]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=mediawiki.legacy.commonPrint,shared|skins.monobook(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=styles(&|$)
+ RewriteRule ^/load.php$ /load-monobook-styles.css [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=site(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=styles(&|$)
+ RewriteRule ^/load.php$ /load-site-styles.css [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=startup(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-startup-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=site(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-site-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery%2Cmediawiki(&|$)
+ RewriteCond %{QUERY_STRING} (^|&)only=scripts(&|$)
+ RewriteRule ^/load.php$ /load-jquery-scripts.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery.client%2Ccookie%2CmessageBox%2CmwExtension|mediawiki.legacy.ajax%2Cwikibits|mediawiki.page.startup|mediawiki.util(&|$)
+ RewriteRule ^/load.php$ /load-jquery.client.js [L,QSD]
+
+ RewriteCond %{QUERY_STRING} (^|&)modules=jquery.checkboxShiftClick%2CmakeCollapsible%2Cmw-jump%2Cplaceholder%7Cmediawiki.page.ready%7Cmediawiki.user(&|$)
+ RewriteRule ^/load.php$ /load-jquery.checkbox.js [L,QSD]
+
+
+
+ ServerAlias www-test.debconf.org
+
+
+ Options +IncludesNOEXEC
+ SSILegacyExprParser on
+ DirectoryIndex index.shtml
+
+
+ AddOutputFilter INCLUDES .shtml
+
+ RewriteEngine On
+ # A few redirects for older debconf sites, so old links work
+ RewriteRule ^/gallery/(.*)$ https://gallery.debconf.org/v/$1 [L]
+ RewriteRule ^/.*years$ https://10years.debconf.org/ [L]
+ RewriteRule ^/debconf2$ https://debconf2.debconf.org/ [L]
+ RewriteRule ^/debconf3$ https://debconf3.debconf.org/ [L]
+ RewriteRule ^/debconf4$ https://debconf4.debconf.org/ [L]
+ RewriteRule ^/debconf5$ https://debconf5.debconf.org/ [L]
+ RewriteRule ^/10years/(.*)$ https://10years.debconf.org/$1 [L]
+ RewriteRule ^/debconf2/(.*)$ https://debconf2.debconf.org/$1 [L]
+ RewriteRule ^/debconf3/(.*)$ https://debconf3.debconf.org/$1 [L]
+ RewriteRule ^/debconf4/(.*)$ https://debconf4.debconf.org/$1 [L]
+ RewriteRule ^/debconf5/(.*)$ https://debconf5.debconf.org/$1 [L]
+
+
+
+ # Legacy GPG versions (including 2.2.12 in buster/Debian 10) get redirections from
+ # the (not supposed to be default) direct method wrong.
+ # They ask for https://debian.org/.well-known/openpgpkey/hu/
+ # get a redirect to https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/
+ # and then try to fetch https://openpgpkey.debian.org/.well-known/openpgpkey/hu/
+ # *sigh*
+ # cf. https://dev.gnupg.org/T4603
+ Alias /.well-known/openpgpkey/hu/ /srv/static.debian.org/mirrors/openpgpkey.debian.org/cur/debian.org/hu/
+ Alias /.well-known/openpgpkey/policy /srv/static.debian.org/mirrors/openpgpkey.debian.org/cur/debian.org/policy
+
+ # The draft specified well-known place using the "advanced method"
+ Alias /.well-known/openpgpkey/ /srv/static.debian.org/mirrors/openpgpkey.debian.org/cur/
+
+ Options -Indexes
+
+
+ RewriteEngine on
+ RewriteRule ^/$ https://keyring.debian.org/ [L]
<%=
@@ -119,7 +257,10 @@ def vhost(lines, sn, kwargs={})
lines << "Use prepare-static-vhost #{sn}"
- if kwargs[:ssl]
+ if kwargs[:ssl] and kwargs[:ssl_optional]
+ lines << "Use static-vhost-plain-#{sn}"
+ lines << "Use static-vhost-ssl-#{sn}"
+ elsif kwargs[:ssl]
lines << "Use common-dsa-vhost-https-redirect #{sn}"
lines << "Use static-vhost-ssl-#{sn}"
else
@@ -134,45 +275,56 @@ def vhost(lines, sn, kwargs={})
end
lines = []
-vhost(lines, "mozilla.debian.net")
-vhost(lines, "backports.debian.org", :ssl => true)
-vhost(lines, "incoming.debian.org")
-vhost(lines, "incoming.ports.debian.org")
-vhost(lines, "debdeltas.debian.net")
-vhost(lines, "news.debian.net" , :ssl => true)
-vhost(lines, "debaday.debian.net" , :ssl => true)
-vhost(lines, "timeline.debian.net" , :ssl => true)
-vhost(lines, "network-test.debian.org" , :extra => true)
-vhost(lines, "blends.debian.org" , :ssl => true)
-vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
-vhost(lines, "security-team.debian.org", :ssl => true)
-vhost(lines, "d-i.debian.org" , :ssl => true)
-vhost(lines, "appstream.debian.org", :ssl => true)
-vhost(lines, "dsa.debian.org" , :ssl => true)
-vhost(lines, "rtc.debian.org" , :ssl => true)
-vhost(lines, "onion.debian.org" , :ssl => true)
-
-vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
-vhost(lines, "micronews.debian.net", :ssl => true)
+vhost(lines, "mozilla.debian.net" , :ssl => true, :ssl_optional => true)
+vhost(lines, "backports.debian.org" , :ssl => true)
+vhost(lines, "incoming.debian.org" , :ssl => true, :ssl_optional => true)
+vhost(lines, "incoming.ports.debian.org" , :ssl => true, :ssl_optional => true)
+vhost(lines, "debdeltas.debian.net" , :ssl => true, :ssl_optional => true)
+vhost(lines, "news.debian.net" , :ssl => true)
+vhost(lines, "bootstrap.debian.net" , :ssl => true)
+vhost(lines, "debaday.debian.net" , :ssl => true)
+vhost(lines, "timeline.debian.net" , :ssl => true)
+vhost(lines, "network-test.debian.org" , :extra => true)
+vhost(lines, "blends.debian.org" , :ssl => true)
+vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
+vhost(lines, "security-team.debian.org" , :ssl => true)
+vhost(lines, "d-i.debian.org" , :ssl => true)
+vhost(lines, "appstream.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
+vhost(lines, "dsa.debian.org" , :ssl => true)
+vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
+vhost(lines, "onion.debian.org" , :ssl => true)
+vhost(lines, "openpgpkey.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "cdbuilder-logs.debian.org" , :ssl => true)
+
+vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "micronews.debian.org" , :ssl => true)
vhost(lines, "metadata.ftp-master.debian.org", :extra => true)
-vhost(lines, "10years.debconf.org" , :ssl => true)
-vhost(lines, "debconf0.debconf.org", :ssl => true)
-vhost(lines, "debconf1.debconf.org", :ssl => true)
-vhost(lines, "debconf2.debconf.org", :ssl => true)
-vhost(lines, "debconf3.debconf.org", :ssl => true)
-vhost(lines, "debconf4.debconf.org", :ssl => true)
-vhost(lines, "debconf5.debconf.org", :ssl => true)
-vhost(lines, "debconf6.debconf.org", :ssl => true)
-vhost(lines, "debconf7.debconf.org", :ssl => true)
-vhost(lines, "es.debconf.org" , :ssl => true)
-vhost(lines, "fr.debconf.org" , :ssl => true)
-vhost(lines, "miniconf10.debconf.org" , :ssl => true)
-
-vhost(lines, "deb.debian.org", :extra => true)
-vhost(lines, "release.debian.org", :ssl => true, :extra => true)
-vhost(lines, "www.ports.debian.org", :ssl => true, :extra => true)
-vhost(lines, "lintian.debian.org", :ssl => true, :extra => true)
+vhost(lines, "10years.debconf.org" , :ssl => true)
+vhost(lines, "debconf0.debconf.org" , :ssl => true)
+vhost(lines, "debconf1.debconf.org" , :ssl => true)
+vhost(lines, "debconf2.debconf.org" , :ssl => true)
+vhost(lines, "debconf3.debconf.org" , :ssl => true)
+vhost(lines, "debconf4.debconf.org" , :ssl => true)
+vhost(lines, "debconf5.debconf.org" , :ssl => true)
+vhost(lines, "debconf6.debconf.org" , :ssl => true)
+vhost(lines, "debconf7.debconf.org" , :ssl => true)
+vhost(lines, "debconf16.debconf.org" , :ssl => true)
+vhost(lines, "debconf17.debconf.org" , :ssl => true)
+vhost(lines, "debconf18.debconf.org" , :ssl => true)
+vhost(lines, "es.debconf.org" , :ssl => true)
+vhost(lines, "fr.debconf.org" , :ssl => true)
+vhost(lines, "miniconf10.debconf.org" , :ssl => true)
+vhost(lines, "wiki.debconf.org" , :ssl => true, :extra => true)
+vhost(lines, "www.debconf.org" , :ssl => true, :extra => true)
+
+vhost(lines, "deb.debian.org" , :extra => true)
+vhost(lines, "release.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "www.ports.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "lintian.debian.org" , :ssl => true, :extra => true)
lines.join("\n")
-%>
@@ -182,80 +334,221 @@ lines.join("\n")
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
- >
+ >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://backports.debian.org/
+ RedirectPermanent / https://backports.debian.org/
######################
- >
+ >
ServerName www.debian-ports.org
ServerAlias debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName ports.debian.org
ServerAlias ports.debian.net
ServerAdmin debian-admin@debian.org
RedirectPermanent / https://www.ports.debian.org/
- >
+ >
ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://incoming.ports.debian.org/
- >
+ >
ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent /archive http://www.ports.debian.org
+ RedirectPermanent /archive https://www.ports.debian.org
RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
- RedirectPermanent /debian-cd http://ftp.ports.debian.org/debian-ports-cd
+ RedirectPermanent /debian-cd https://cdimage.debian.org/cdimage/ports/
RedirectPermanent / http://ftp.ports.debian.org/
- >
+
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
- Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
+ Redirect / https://meetings-archive.debian.net/pub/debian-meetings/
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+
+
+ >
+ Use vstatic-vhost-video.debian.net
+ Use common-debian-service-ssl video.debian.net
+ Use common-ssl-HSTS
+
+
+Use common-dsa-vhost-https-redirect lists.alioth.debian.org
+ >
+ ServerName lists.alioth.debian.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl lists.alioth.debian.org
+ Use common-ssl-HSTS
+ Redirect / https://alioth-lists.debian.net/
+
+
+Use common-dsa-vhost-https-redirect pkg-ruby-extras.alioth.debian.org
+ >
+ ServerName pkg-ruby-extras.alioth.debian.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl pkg-ruby-extras.alioth.debian.org
+ Use common-ssl-HSTS
+ Redirect / https://gemwatch.debian.net/
+
+
+Use common-dsa-vhost-https-redirect video.debconf.org
+ >
+ ServerName video.debconf.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl video.debconf.org
+ Use common-ssl-HSTS
+ Redirect / https://debconf-video-team.pages.debian.net/docs/
+
+
+<% if scope.function_has_static_component(['metadata.ftp-master.debian.org']) -%>
+ >
+ ServerName metadata.ftp-master.debian.org
+ ServerAlias metadata-backend.ftp-master.debian.org
+ # all self-referential URLs should use the public host name
+ UseCanonicalName On
+ Use common-debian-service-ssl metadata-backend.ftp-master.debian.org
+ ErrorLog /var/log/apache2/metadata-backend.ftp-master.debian.org-error.log
+ CustomLog /var/log/apache2/metadata-backend.ftp-master.debian.org-access.log privacy
+
+ Use static-vhost-base-metadata.ftp-master.debian.org
+
+<% end -%>
+
+Use common-dsa-vhost-https-redirect debconf.org
+ >
+ ServerName debconf.org
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl debconf.org
+ Use common-ssl-HSTS
+ Redirect / https://www.debconf.org/
# historical sites
##################
# now only redirects remain
- >
+ >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.debian.org/women/
-
- RedirectPermanent /about/ http://www.debian.org/women/about
- RedirectPermanent /contact/ http://www.debian.org/women/contact
- RedirectPermanent /faqs/ http://www.debian.org/women/faq
- RedirectPermanent /home/ http://www.debian.org/women/
- RedirectPermanent /images/dw.png http://www.debian.org/women/dw.png
- RedirectPermanent /involvement/ http://www.debian.org/women/participate
- RedirectPermanent /mentoring/ http://www.debian.org/women/mentoring
- RedirectPermanent /press/ http://wiki.debian.org/DebianWomen/Press
- RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
+ RedirectPermanent / https://www.debian.org/women/
+
+ RedirectPermanent /about/ https://www.debian.org/women/about
+ RedirectPermanent /contact/ https://www.debian.org/women/contact
+ RedirectPermanent /faqs/ https://www.debian.org/women/faq
+ RedirectPermanent /home/ https://www.debian.org/women/
+ RedirectPermanent /images/dw.png https://www.debian.org/women/dw.png
+ RedirectPermanent /involvement/ https://www.debian.org/women/participate
+ RedirectPermanent /mentoring/ https://www.debian.org/women/mentoring
+ RedirectPermanent /press/ https://wiki.debian.org/DebianWomen/Press
+ RedirectPermanent /profiles/ https://www.debian.org/women/profiles/
- >
+ >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.debian.org/volatile/
+ RedirectPermanent / https://www.debian.org/volatile/
- >
+ >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
+ >
+ ServerName backports-master.debian.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://backports.debian.org/
+
+
+ >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+
+
+Use common-dsa-vhost-https-redirect sources.debian.net
+ >
+ ServerName sources.debian.net
+ ServerAdmin debian-admin@debian.org
+ Use common-debian-service-ssl sources.debian.net
+ Use common-ssl-HSTS
+ Redirect permanent / https://sources.debian.org/
+
+
+# error pages
+#############
+
+Use common-dsa-vhost-https-redirect archive.debian.net
+ >
+ ServerName archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/archive.debian.net-error.log
+ CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
+ Use common-debian-service-ssl archive.debian.net
+ Use common-ssl-HSTS
+ Use common-disabled-service
+
+
+ >
+ ServerName cdimage.debian.org
+ ServerAlias cloud.debian.org
+ ServerAlias get.debian.org
+ ServerAlias bttracker.debian.org
+ ServerAlias meetings-archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/cdimage.debian.org-error.log
+ CustomLog /var/log/apache2/cdimage.debian.org-access.log privacyssl
+
+
+ UserDir disabled
+
+ DocumentRoot /srv/static.debian.org/puppet/cdimage.debian.org
+
+ Require all granted
+
+ RewriteEngine On
+ RewriteRule !^/503.html / [R=503]
+ ErrorDocument 503 /503.html
+
+
+ >
+ ServerName cdimage.debian.org
+ ServerAlias cloud.debian.org
+ ServerAlias get.debian.org
+ ServerAlias bttracker.debian.org
+ ServerAlias meetings-archive.debian.net
+ ServerAdmin debian-admin@debian.org
+ ErrorLog /var/log/apache2/cdimage.debian.org-error.log
+ CustomLog /var/log/apache2/cdimage.debian.org-access.log privacyssl
+ Use common-debian-service-ssl cdimage.debian.org
+
+
+ UserDir disabled
+
+ DocumentRoot /srv/static.debian.org/puppet/cdimage.debian.org
+
+ Require all granted
+
+ RewriteEngine On
+ RewriteRule !^/503.html / [R=503]
+ ErrorDocument 503 /503.html
+
+
+
# vim:ft=apache: