X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=b9df97509ff7decf223ecf959dcdc4dc4916e4e8;hb=b529b139a60ea8355089511737c8264185d8d074;hp=81a9750af157f0a13c4278c1d608e40d72f43463;hpb=8d1e90322333f37b46f74d0724fad3563b71efce;p=mirror%2Fdsa-puppet.git
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 81a9750af..b9df97509 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -3,123 +3,244 @@
######################
# deb.debian.org
<% if scope.function_has_static_component(['deb.debian.org']) -%>
-
+
+ ServerAlias httpredir.debian.org
+ ServerAlias cdn.debian.net
+ ServerAlias http.debian.net
+
Redirect /debian/ http://cdn-fastly.deb.debian.org/debian/
Redirect /debian-debug/ http://cdn-fastly.deb.debian.org/debian-debug/
+ Redirect /debian-ports/ http://cdn-fastly.deb.debian.org/debian-ports/
Redirect /debian-security/ http://cdn-fastly.deb.debian.org/debian-security/
-<% end -%>
+ >
+ ServerName deb.debian.org
-<%=
+ ErrorLog /var/log/apache2/deb.debian.org-error.log
+ CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
-def vhost(lines, sn, type=nil, extra=nil)
- if scope.function_has_static_component([sn])
- t = 'common-static-vhost'
- if type then t += "-#{type}"; end
+ Use common-debian-service-ssl deb.debian.org
+ Use common-ssl-HSTS
- e = ''
- if extra then e += " #{extra}"; end
+ ServerAdmin debian-admin@lists.debian.org
+
+ UserDir disabled
+
+ ServerSignature On
- lines << "Use #{t} #{sn}#{e}"
- end
-end
+ DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Indexes SymLinksIfOwnerMatch
+ Require all granted
+
-lines = []
-vhost(lines, "mozilla.debian.net")
-vhost(lines, "backports.debian.org", "ssl")
-vhost(lines, "incoming.debian.org")
-vhost(lines, "debdeltas.debian.net")
-vhost(lines, "news.debian.net" , "ssl")
-vhost(lines, "debaday.debian.net" , "ssl")
-vhost(lines, "timeline.debian.net" , "ssl")
-vhost(lines, "network-test.debian.org" , "with-extra", '"ServerAlias network-test-backend.debian.org"')
-vhost(lines, "blends.debian.org" , "with-extra", '"ServerAlias blends-backend.debian.org"')
-vhost(lines, "wnpp-by-tags.debian.net" , "with-extra", '"ServerAlias wnpp-by-tags-backend.debian.org"')
-vhost(lines, "security-team.debian.org", "with-extra", '"ServerAlias security-team-backend.debian.org"')
-vhost(lines, "d-i.debian.org" , "ssl")
-vhost(lines, "appstream.debian.org", "ssl")
-vhost(lines, "dsa.debian.org" , "ssl")
-vhost(lines, "rtc.debian.org" , "ssl")
-
-vhost(lines, "10years.debconf.org" , "ssl")
-vhost(lines, "debconf0.debconf.org", "ssl")
-vhost(lines, "debconf1.debconf.org", "ssl")
-vhost(lines, "debconf2.debconf.org", "ssl")
-vhost(lines, "debconf3.debconf.org", "ssl")
-vhost(lines, "debconf4.debconf.org", "ssl")
-vhost(lines, "debconf5.debconf.org", "ssl")
-vhost(lines, "debconf6.debconf.org", "ssl")
-vhost(lines, "debconf7.debconf.org", "ssl")
-vhost(lines, "es.debconf.org" , "ssl")
-vhost(lines, "fr.debconf.org" , "ssl")
-vhost(lines, "miniconf10.debconf.org" , "ssl")
-
-vhost(lines, "deb.debian.org", "with-extra", '"Use vhost-deb.debian.org-extra"')
+ Header set Surrogate-Key <%= @hostname %>
-lines.join("\n")
--%>
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
-######################
-# metadata.ftp-master.debian.org
-<% if scope.function_has_static_component(['metadata.ftp-master.debian.org']) -%>
- >
- ServerName metadata.ftp-master.debian.org
- ServerAdmin debian-admin@lists.debian.org
+ Redirect /debian/ https://cdn-aws.deb.debian.org/debian/
+ Redirect /debian-debug/ https://cdn-aws.deb.debian.org/debian-debug/
+ Redirect /debian-ports/ https://cdn-aws.deb.debian.org/debian-ports/
+ Redirect /debian-security/ https://cdn-aws.deb.debian.org/debian-security/
+
+<% end -%>
- ErrorLog /var/log/apache2/metadata.ftp-master.debian.org-error.log
- CustomLog /var/log/apache2/metadata.ftp-master.debian.org-access.log privacy
+
+ ServerAlias network-test-backend.debian.org
+
- Use common-static-base metadata.ftp-master.debian.org
+
+
+ CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo
+
+
+
+
AddDefaultCharset utf-8
+
+ # Rewrite away double slashes
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
+ RewriteRule . %1/%2 [R=301,L,NE]
+
ForceType text/plain
-
-<% end -%>
+
-######################
-# bits.debian.org
-<% if scope.function_has_static_component(['bits.debian.org']) -%>
-
- ServerName bits.debian.org
- ServerAdmin debian-admin@lists.debian.org
+
+ RewriteEngine on
+ RewriteRule ^/migration/$ /migration/testing.pl
+ RewriteRule ^/migration/search/(.+)/$ /migration/testing.pl?package=$1
+ RewriteCond %{QUERY_STRING} package=((.)(.*))
+ RewriteRule ^/migration/testing.pl /migration/cache/%2/%1.html [PT,L]
+ RewriteRule ^/migration/testing.pl /migration/cache/_index.html
+
+ Alias /proposed-updates/ /srv/static.debian.org/mirrors/release.debian.org-pu/cur/
+
+ Require all granted
+ Options Indexes SymLinksIfOwnerMatch MultiViews
+
+ AddEncoding gzip .gz
+ FilterDeclare gzip CONTENT_SET
+ FilterProvider gzip inflate "%{req:Accept-Encoding} !~ /gzip/"
+ FilterChain gzip
+
+ ForceType text/plain
+ AddDefaultCharset utf-8
+
+
+ ForceType text/html
+ AddDefaultCharset utf-8
+
+
+
- ErrorLog /var/log/apache2/bits.debian.org-error.log
-
- CustomLog /var/log/apache2/bits.debian.org-public-access.log privacy+geo
-
+
+
+ AllowOverride FileInfo Indexes Options=Multiviews
+ Options Multiviews Indexes FollowSymLinks Includes
+ Require all granted
+
- Use common-static-base bits.debian.org
+ AddOutputFilter INCLUDES .xhtml
- >
+
+
+ AddDefaultCharset utf-8
+
+
+ Require all granted
+
+ # These three lines makes apache serve
+ # "lintian.log.gz" as a text/plain with encoding gzip
+ # making it easier to view the log in the browser.
+ RemoveType .gz
+ AddEncoding x-gzip .gz
+ AddType text/plain .log
+
+
+ AddOutputFilterByType DEFLATE image/svg+xml
+ AddOutputFilterByType DEFLATE text/plain
+
+
+
+
+ # Cache these for a year (3600 * 24 * 365.25)
+ # Files in here will change name if their content change
+ Header set Cache-Control "max-age=31557600, public"
+
+
RewriteEngine on
+ RewriteMap source-map txt:/srv/static.debian.org/mirrors/lintian.debian.org/cur/lookup-tables/source-packages
+
+ # Re-direct from the "old" locations to the new ones
+ RewriteRule ^/reports/T(.*)\.html$ /tags/$1.html [L,R=permanent]
+ RewriteRule ^/reports/(.*)$ /$1 [L,R=permanent]
+
+ # Map source packages to reports (this mapping is re-written once per lintian run,
+ # serve it as a 302 rather than a permanent redirect)
+ # Version-less request
+ RewriteRule ^/source/([a-z0-9-]+)/?$ /${source-map:$1} [L,R,NE]
+ # Versioned request
+ RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
+
+ Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+
+ Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+
+
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !^/feeds/
- RewriteRule ^/(.*)$ https://bits.debian.org/$1 [R,L]
- #RewriteRule ^/(.*)$ https://bits.debian.org/$1 [R=301,L]
+<%=
- Use static-bits.debian.org-base
- CustomLog /var/log/apache2/bits.debian.org-access.log privacy
-
+def vhost(lines, sn, kwargs={})
+ if scope.function_has_static_component([sn])
+ if not kwargs[:extra]
+ lines << ""
+ lines << " # mod macro does not like empty macros, so here's some content:"
+ lines << " "
+ lines << " "
+ lines << ""
+ end
+
+ lines << "Use prepare-static-vhost #{sn}"
+
+ if kwargs[:ssl] and kwargs[:ssl_optional]
+ lines << "Use static-vhost-plain-#{sn}"
+ lines << "Use static-vhost-ssl-#{sn}"
+ elsif kwargs[:ssl]
+ lines << "Use common-dsa-vhost-https-redirect #{sn}"
+ lines << "Use static-vhost-ssl-#{sn}"
+ else
+ lines << "Use static-vhost-plain-#{sn}"
+ end
+
+ onion = scope.function_onion_global_service_hostname([sn])
+ lines << "Use static-vhost-onion-#{sn} #{onion}" if onion
+
+ lines << ""
+ end
+end
- >
- Use static-bits.debian.org-base
- CustomLog /var/log/apache2/bits.debian.org-access.log privacyssl
+lines = []
+vhost(lines, "mozilla.debian.net" , :ssl => true, :ssl_optional => true)
+vhost(lines, "backports.debian.org" , :ssl => true)
+vhost(lines, "incoming.debian.org" , :ssl => true, :ssl_optional => true)
+vhost(lines, "incoming.ports.debian.org" , :ssl => true, :ssl_optional => true)
+vhost(lines, "debdeltas.debian.net" , :ssl => true, :ssl_optional => true)
+vhost(lines, "news.debian.net" , :ssl => true)
+vhost(lines, "bootstrap.debian.net" , :ssl => true)
+vhost(lines, "debaday.debian.net" , :ssl => true)
+vhost(lines, "timeline.debian.net" , :ssl => true)
+vhost(lines, "network-test.debian.org" , :extra => true)
+vhost(lines, "blends.debian.org" , :ssl => true)
+vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
+vhost(lines, "security-team.debian.org" , :ssl => true)
+vhost(lines, "d-i.debian.org" , :ssl => true)
+vhost(lines, "appstream.debian.org" , :ssl => true)
+vhost(lines, "apt.buildd.debian.org" , :ssl => true)
+vhost(lines, "dpl.debian.org" , :ssl => true)
+vhost(lines, "dsa.debian.org" , :ssl => true)
+vhost(lines, "rtc.debian.org" , :ssl => true)
+vhost(lines, "mirror-master.debian.org" , :ssl => true)
+vhost(lines, "onion.debian.org" , :ssl => true)
+vhost(lines, "manpages.debian.org" , :ssl => true, :extra => true)
+
+vhost(lines, "bits.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "micronews.debian.org" , :ssl => true)
+vhost(lines, "metadata.ftp-master.debian.org", :extra => true)
+
+vhost(lines, "10years.debconf.org" , :ssl => true)
+vhost(lines, "debconf0.debconf.org" , :ssl => true)
+vhost(lines, "debconf1.debconf.org" , :ssl => true)
+vhost(lines, "debconf2.debconf.org" , :ssl => true)
+vhost(lines, "debconf3.debconf.org" , :ssl => true)
+vhost(lines, "debconf4.debconf.org" , :ssl => true)
+vhost(lines, "debconf5.debconf.org" , :ssl => true)
+vhost(lines, "debconf6.debconf.org" , :ssl => true)
+vhost(lines, "debconf7.debconf.org" , :ssl => true)
+vhost(lines, "debconf16.debconf.org" , :ssl => true)
+vhost(lines, "es.debconf.org" , :ssl => true)
+vhost(lines, "fr.debconf.org" , :ssl => true)
+vhost(lines, "miniconf10.debconf.org" , :ssl => true)
+
+vhost(lines, "deb.debian.org" , :extra => true)
+vhost(lines, "release.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "www.ports.debian.org" , :ssl => true, :extra => true)
+vhost(lines, "lintian.debian.org" , :ssl => true, :extra => true)
- Use common-debian-service-ssl bits.debian.org
- Use common-ssl-HSTS
-
-<% end -%>
+lines.join("\n")
+-%>
# www.backports.org
###################
# www.backports.org is the historical place for the backports
# website and archive. It is now a CNAME to backports.debian.org:
# redirect http requests.
- >
+ >
ServerName www.backports.org
ServerAlias lists.backports.org
ServerAdmin debian-admin@debian.org
@@ -127,65 +248,45 @@ lines.join("\n")
######################
-# www.ports.debian.org
-<% if scope.function_has_static_component(['www.ports.debian.org']) -%>
- >
- ServerName www.ports.debian.org
- ServerAlias www.ports-backend.debian.org
- ServerAdmin debian-admin@lists.debian.org
-
- ErrorLog /var/log/apache2/www.ports.debian.org-error.log
- CustomLog /var/log/apache2/www.ports.debian.org-access.log privacy
-
-
- UserDir disabled
-
- ServerSignature On
-
- DocumentRoot /srv/static.debian.org/mirrors/www.ports.debian.org/cur
-
- AllowOverride FileInfo Indexes Options=Multiviews
- Options Multiviews Indexes FollowSymLinks Includes
- IndexOptions FancyIndexing NameWidth=*
- <% if @lsbmajdistrelease > '7' -%>
- Require all granted
- <% else -%>
- Order allow,deny
- Allow from all
- <% end -%>
-
+ >
+ ServerName www.debian-ports.org
+ ServerAlias debian-ports.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://www.ports.debian.org/
+
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
- AddOutputFilter INCLUDES .xhtml
+ >
+ ServerName ports.debian.org
+ ServerAlias ports.debian.net
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://www.ports.debian.org/
-<% end -%>
- >
- ServerName www.debian-ports.org
- ServerAlias debian-ports.org
+ >
+ ServerName incoming.debian-ports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.ports.debian.org/
+ RedirectPermanent / http://incoming.ports.debian.org/
- >
- ServerName ports.debian.net
+ >
+ ServerName ftp.debian-ports.org
ServerAdmin debian-admin@debian.org
- RedirectPermanent / http://www.ports.debian.org/
+ RedirectPermanent /archive http://www.ports.debian.org
+ RedirectPermanent /debian http://ftp.ports.debian.org/debian-ports
+ RedirectPermanent /debian-cd http://ftp.ports.debian.org/debian-ports-cd
+ RedirectPermanent / http://ftp.ports.debian.org/
-# video.debian.net
-###################
- >
+ >
ServerName video.debian.net
ServerAdmin debian-admin@debian.org
-
Redirect / http://meetings-archive.debian.net/pub/debian-meetings/
# historical sites
##################
# now only redirects remain
- >
+ >
ServerName women.debian.org
ServerAdmin debian-admin@debian.org
@@ -202,17 +303,29 @@ lines.join("\n")
RedirectPermanent /profiles/ http://www.debian.org/women/profiles/
- >
+ >
ServerName volatile.debian.org
ServerAlias volatile-master.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://www.debian.org/volatile/
- >
+ >
ServerName ftp-master.metadata.debian.org
ServerAdmin debian-admin@debian.org
RedirectPermanent / http://metadata.ftp-master.debian.org/
+ >
+ ServerName backports-master.debian.org
+ ServerAdmin debian-admin@debian.org
+ RedirectPermanent / https://backports.debian.org/
+
+
+ >
+ ServerName manpages.debian.net
+ ServerAdmin debian-admin@debian.org
+ Redirect / https://manpages.debian.org/
+
+
# vim:ft=apache: