X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Ftemplates%2Fstatic-mirroring%2Fvhost%2Fstatic-vhosts-simple.erb;h=f3f650277941f2517fc472fa596af135f70af802;hb=f03d2175076a3c06865412f819e6886fc30c6bf6;hp=7c99f652ebf7260cf326e6f956f0a46704718bef;hpb=7997b09aa6fcd6bb60ed9b82b1bce4247589a187;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 7c99f652e..f3f650277 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -9,6 +9,39 @@
 	Redirect /debian-ports/     http://cdn-fastly.deb.debian.org/debian-ports/
 	Redirect /debian-security/  http://cdn-fastly.deb.debian.org/debian-security/
 </Macro>
+
+<VirtualHost <%= vhost_listen_443 %> >
+	ServerName deb.debian.org
+
+	ErrorLog /var/log/apache2/deb.debian.org-error.log
+	CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
+
+	Use common-debian-service-ssl deb.debian.org
+	Use common-ssl-HSTS
+
+	ServerAdmin debian-admin@lists.debian.org
+	<IfModule mod_userdir.c>
+		UserDir disabled
+	</IfModule>
+	ServerSignature On
+
+	DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+	<Directory /srv/static.debian.org/mirrors/deb.debian.org/cur>
+		AllowOverride FileInfo Indexes Options=Multiviews
+		Options Indexes SymLinksIfOwnerMatch
+		IndexOptions FancyIndexing NameWidth=*
+		Require all granted
+	</Directory>
+
+	Header set Surrogate-Key <%= hostname %>
+
+	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+
+	Redirect /debian/           https://cdn-aws.deb.debian.org/debian/
+	Redirect /debian-debug/     https://cdn-aws.deb.debian.org/debian-debug/
+	Redirect /debian-ports/     https://cdn-aws.deb.debian.org/debian-ports/
+	Redirect /debian-security/  https://cdn-aws.deb.debian.org/debian-security/
+</VirtualHost>
 <% end -%>
 
 <Macro vstatic-vhost-extra-network-test.debian.org>
@@ -23,6 +56,12 @@
 
 <Macro vstatic-vhost-extra-metadata.ftp-master.debian.org>
 	AddDefaultCharset utf-8
+
+	# Rewrite away double slashes
+	RewriteEngine on
+	RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ [NC]
+	RewriteRule . %1/%2 [R=301,L,NE]
+
 	<LocationMatch "/changelogs/(main|contrib|non-free)">
 		ForceType text/plain
 	</LocationMatch>
@@ -50,6 +89,10 @@
 			ForceType text/plain
 			AddDefaultCharset utf-8
 		</Files>
+		<Files *.debdiff.html.gz>
+			ForceType text/html
+			AddDefaultCharset utf-8
+		</Files>
 	</Directory>
 </Macro>
 
@@ -119,7 +162,10 @@ def vhost(lines, sn, kwargs={})
 
 		lines << "Use prepare-static-vhost #{sn}"
 
-		if kwargs[:ssl]
+		if kwargs[:ssl] and kwargs[:ssl_optional]
+			lines << "Use static-vhost-plain-#{sn}"
+			lines << "Use static-vhost-ssl-#{sn}"
+		elsif kwargs[:ssl]
 			lines << "Use common-dsa-vhost-https-redirect #{sn}"
 			lines << "Use static-vhost-ssl-#{sn}"
 		else
@@ -134,46 +180,48 @@ def vhost(lines, sn, kwargs={})
 end
 
 lines = []
-vhost(lines, "mozilla.debian.net")
-vhost(lines, "backports.debian.org", :ssl => true)
-vhost(lines, "incoming.debian.org")
-vhost(lines, "incoming.ports.debian.org")
-vhost(lines, "debdeltas.debian.net")
-vhost(lines, "news.debian.net"         , :ssl => true)
-vhost(lines, "debaday.debian.net"      , :ssl => true)
-vhost(lines, "timeline.debian.net"     , :ssl => true)
-vhost(lines, "network-test.debian.org" , :extra => true)
-vhost(lines, "blends.debian.org"       , :ssl => true)
-vhost(lines, "wnpp-by-tags.debian.net" , :ssl => true)
-vhost(lines, "security-team.debian.org", :ssl => true)
-vhost(lines, "d-i.debian.org"      , :ssl => true)
-vhost(lines, "appstream.debian.org", :ssl => true)
-vhost(lines, "dsa.debian.org"      , :ssl => true)
-vhost(lines, "rtc.debian.org"      , :ssl => true)
-vhost(lines, "onion.debian.org"    , :ssl => true)
-
-vhost(lines, "bits.debian.org"     , :ssl => true, :extra => true)
-vhost(lines, "micronews.debian.net", :ssl => true)
+vhost(lines, "mozilla.debian.net"            , :ssl => true, :ssl_optional => true)
+vhost(lines, "backports.debian.org"          , :ssl => true)
+vhost(lines, "incoming.debian.org"           , :ssl => true, :ssl_optional => true)
+vhost(lines, "incoming.ports.debian.org"     , :ssl => true, :ssl_optional => true)
+vhost(lines, "debdeltas.debian.net"          , :ssl => true, :ssl_optional => true)
+vhost(lines, "news.debian.net"               , :ssl => true)
+vhost(lines, "bootstrap.debian.net"          , :ssl => true)
+vhost(lines, "debaday.debian.net"            , :ssl => true)
+vhost(lines, "timeline.debian.net"           , :ssl => true)
+vhost(lines, "network-test.debian.org"       , :extra => true)
+vhost(lines, "blends.debian.org"             , :ssl => true)
+vhost(lines, "wnpp-by-tags.debian.net"       , :ssl => true)
+vhost(lines, "security-team.debian.org"      , :ssl => true)
+vhost(lines, "d-i.debian.org"                , :ssl => true)
+vhost(lines, "appstream.debian.org"          , :ssl => true)
+vhost(lines, "apt.buildd.debian.org"         , :ssl => true)
+vhost(lines, "dsa.debian.org"                , :ssl => true)
+vhost(lines, "rtc.debian.org"                , :ssl => true)
+vhost(lines, "onion.debian.org"              , :ssl => true)
+
+vhost(lines, "bits.debian.org"               , :ssl => true, :extra => true)
+vhost(lines, "micronews.debian.org"          , :ssl => true)
 vhost(lines, "metadata.ftp-master.debian.org", :extra => true)
 
-vhost(lines, "10years.debconf.org" , :ssl => true)
-vhost(lines, "debconf0.debconf.org", :ssl => true)
-vhost(lines, "debconf1.debconf.org", :ssl => true)
-vhost(lines, "debconf2.debconf.org", :ssl => true)
-vhost(lines, "debconf3.debconf.org", :ssl => true)
-vhost(lines, "debconf4.debconf.org", :ssl => true)
-vhost(lines, "debconf5.debconf.org", :ssl => true)
-vhost(lines, "debconf6.debconf.org", :ssl => true)
-vhost(lines, "debconf7.debconf.org", :ssl => true)
-vhost(lines, "debconf16.debconf.org", :ssl => true)
-vhost(lines, "es.debconf.org"      , :ssl => true)
-vhost(lines, "fr.debconf.org"      , :ssl => true)
-vhost(lines, "miniconf10.debconf.org" , :ssl => true)
-
-vhost(lines, "deb.debian.org", :extra => true)
-vhost(lines, "release.debian.org", :ssl => true, :extra => true)
-vhost(lines, "www.ports.debian.org", :ssl => true, :extra => true)
-vhost(lines, "lintian.debian.org", :ssl => true, :extra => true)
+vhost(lines, "10years.debconf.org"           , :ssl => true)
+vhost(lines, "debconf0.debconf.org"          , :ssl => true)
+vhost(lines, "debconf1.debconf.org"          , :ssl => true)
+vhost(lines, "debconf2.debconf.org"          , :ssl => true)
+vhost(lines, "debconf3.debconf.org"          , :ssl => true)
+vhost(lines, "debconf4.debconf.org"          , :ssl => true)
+vhost(lines, "debconf5.debconf.org"          , :ssl => true)
+vhost(lines, "debconf6.debconf.org"          , :ssl => true)
+vhost(lines, "debconf7.debconf.org"          , :ssl => true)
+vhost(lines, "debconf16.debconf.org"         , :ssl => true)
+vhost(lines, "es.debconf.org"                , :ssl => true)
+vhost(lines, "fr.debconf.org"                , :ssl => true)
+vhost(lines, "miniconf10.debconf.org"        , :ssl => true)
+
+vhost(lines, "deb.debian.org"                , :extra => true)
+vhost(lines, "release.debian.org"            , :ssl => true, :extra => true)
+vhost(lines, "www.ports.debian.org"          , :ssl => true, :extra => true)
+vhost(lines, "lintian.debian.org"            , :ssl => true, :extra => true)
 
 lines.join("\n")
 -%>
@@ -259,4 +307,10 @@ lines.join("\n")
 	RedirectPermanent / http://metadata.ftp-master.debian.org/
 </VirtualHost>
 
+<VirtualHost <%= vhost_listen %> >
+	ServerName backports-master.debian.org
+	ServerAdmin debian-admin@debian.org
+	RedirectPermanent / https://backports.debian.org/
+</VirtualHost>
+
 # vim:ft=apache: