Move release.d.o to static and letsencrypt

author Julien Cristau <jcristau@debian.org>

Mon, 4 Jul 2016 12:15:01 +0000 (14:15 +0200)

committer Julien Cristau <jcristau@debian.org>

Mon, 4 Jul 2016 12:20:01 +0000 (14:20 +0200)
author Julien Cristau <jcristau@debian.org>
Mon, 4 Jul 2016 12:15:01 +0000 (14:15 +0200)
committer Julien Cristau <jcristau@debian.org>
Mon, 4 Jul 2016 12:20:01 +0000 (14:20 +0200)
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb

index 49ff465..3d1bc84 100644 (file)
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -234,4 +234,33 @@ Use common-dsa-vhost-https-redirect www.ports.debian.org
         RedirectPermanent / http://metadata.ftp-master.debian.org/
  </VirtualHost>
  
+<VirtualHost <%= vhost_listen %> >
+       ServerName release.debian.org
+       ServerAdmin debian-admin@debian.org
+       RedirectPermanent / https://release.debian.org/
+</VirtualHost>
+<VirtualHost <%= vhost_listen_443 %> >
+       ServerName release.debian.org
+       ServerAdmin debian-admin@debian.org
+
+       ErrorLog /var/log/apache2/release.debian.org-error.log
+       CustomLog /var/log/apache2/release.debian.org-access.log privacy
+
+       Use common-debian-service-ssl release.debian.org
+       Use common-ssl-HSTS
+
+       <IfModule mod_userdir.c>
+               UserDir disabled
+       </IfModule>
+       ServerSignature On
+
+       DocumentRoot /srv/static.debian.org/mirrors/release.debian.org/cur
+       <Directory /srv/static.debian.org/mirrors/release.debian.org/cur>
+               AllowOverride FileInfo Indexes Options=Multiviews
+               Options Multiviews Indexes FollowSymLinks Includes
+               IndexOptions FancyIndexing NameWidth=*
+               Require all granted
+       </Directory>
+</VirtualHost>
+
  # vim:ft=apache:
diff --git a/modules/ssl/files/chains/release.debian.org.crt b/modules/ssl/files/chains/release.debian.org.crt

deleted file mode 120000 (symlink)

index 50d224a..0000000
--- a/modules/ssl/files/chains/release.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
-\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/release.debian.org.crt b/modules/ssl/files/servicecerts/release.debian.org.crt

deleted file mode 100644 (file)

index 7483cc5..0000000
--- a/modules/ssl/files/servicecerts/release.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            12:97:47:ac:41:81:cb:17:3f:79:b9:11:35:7b:8d:c9
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 22 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=release.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:d0:01:5d:db:bf:ec:18:6d:35:94:3d:7b:20:4b:
-                    e7:70:a2:11:2d:f1:ac:31:6f:fc:52:f0:06:7e:fe:
-                    de:a6:6d:5c:ff:0a:08:a3:d5:eb:7b:ae:09:b8:ce:
-                    cd:41:50:d0:bf:9f:ae:ca:4d:2b:e5:fe:2d:c0:c0:
-                    f3:44:eb:5a:00:46:d0:f4:92:70:10:dc:b4:d8:60:
-                    2b:91:9f:b5:cc:ac:77:6b:ca:3a:44:9e:60:7d:bf:
-                    b4:6c:7a:46:8c:b0:11:ab:54:52:19:84:04:59:83:
-                    d9:9d:fd:76:08:82:64:73:9b:ce:e6:e1:7e:33:ef:
-                    ed:64:3d:05:cb:51:ba:03:e0:2d:0c:56:7b:70:8c:
-                    d4:c3:cc:ff:f7:58:d6:3f:39:1e:8d:9e:67:99:30:
-                    d5:a7:05:02:70:8d:0c:54:4f:4e:fd:e3:89:76:61:
-                    21:16:6b:51:f6:8a:f0:e5:f0:2a:dd:0e:e4:70:e7:
-                    52:2b:30:cc:32:82:ec:51:b3:8d:46:fd:24:37:6e:
-                    74:95:36:49:80:b0:ea:d4:bc:8e:a1:59:ed:0f:3a:
-                    66:67:c8:32:6e:08:b2:0e:a0:d6:10:6c:eb:2e:cb:
-                    a1:f9:5f:aa:27:73:e1:9f:bc:c2:98:bb:1d:97:4f:
-                    8a:45:7f:d5:a4:1f:7e:4c:fe:db:ae:25:75:69:71:
-                    bb:ce:d2:a3:d1:29:f9:a3:ed:33:c7:e2:c3:3c:47:
-                    91:43:0a:0c:66:dd:57:05:64:cf:4a:ba:ec:61:b0:
-                    29:99:77:ab:d5:ff:89:fe:69:3c:96:5a:a6:18:89:
-                    b3:0c:25:3b:ab:7a:bf:1f:e1:8b:64:67:bb:94:2c:
-                    43:e4:a7:f0:d9:3a:66:09:17:78:28:1f:07:0c:65:
-                    9c:fc:f1:ab:4e:a1:61:91:7e:07:78:25:48:7c:f1:
-                    c5:ea:e3:13:63:db:87:33:9e:41:84:6b:d2:4f:fd:
-                    0f:67:88:09:3d:f3:68:d6:41:00:5e:4f:f1:e4:d3:
-                    ec:b4:46:b2:ef:50:a3:87:34:8b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                54:27:64:9E:DE:45:13:69:13:18:87:0D:67:2F:B0:8D:82:29:91:DA
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:release.debian.org, DNS:www.release.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         36:78:86:0a:70:23:50:70:a9:33:93:e2:eb:39:ee:a9:02:51:
-         47:17:e1:5d:48:32:ad:b7:93:aa:df:2f:e4:fb:4c:69:39:20:
-         25:8a:2f:f3:a3:9d:45:65:5e:47:ed:09:69:d7:6f:7c:d5:16:
-         5b:73:27:7b:fe:93:08:1d:43:83:d8:43:d5:ba:f0:47:39:c1:
-         1f:8c:fe:25:35:e2:6a:58:67:7d:15:75:a6:3c:e1:77:c8:c8:
-         84:ec:b9:7b:3b:a7:85:e7:92:41:41:34:47:f3:a4:04:b0:d7:
-         b7:41:71:4f:f8:69:3f:d0:87:0f:14:61:ce:17:66:b9:20:45:
-         e3:4d:8e:f9:5d:d9:64:51:c8:43:ea:ce:0c:d9:2d:1f:e2:1f:
-         9d:b7:70:c5:86:36:ae:24:56:a5:05:75:ce:8d:5c:bd:a3:34:
-         23:ab:a7:1e:15:fc:f4:b6:f2:50:95:f2:54:d8:c3:2e:25:60:
-         4d:ad:75:b2:20:d7:98:97:2e:40:b9:f7:98:ae:9c:85:ad:c8:
-         04:28:7b:e6:a9:3d:d8:3d:0c:63:da:6b:95:69:ca:15:50:ff:
-         08:7d:f9:cb:9b:f2:1e:f3:ad:c5:fb:8e:7d:ea:4c:d6:01:9f:
-         32:e3:d9:38:a8:19:16:08:72:f4:de:1b:b4:d9:a8:31:cb:74:
-         53:f1:7b:42
------BEGIN CERTIFICATE-----
-MIIFhTCCBG2gAwIBAgIQEpdHrEGByxc/ebkRNXuNyTANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIyMjM1OTU5WjBdMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEbMBkGA1UEAxMScmVsZWFzZS5kZWJpYW4ub3JnMIIBojANBgkqhkiG9w0BAQEF
-AAOCAY8AMIIBigKCAYEA0AFd27/sGG01lD17IEvncKIRLfGsMW/8UvAGfv7epm1c
-/woIo9Xre64JuM7NQVDQv5+uyk0r5f4twMDzROtaAEbQ9JJwENy02GArkZ+1zKx3
-a8o6RJ5gfb+0bHpGjLARq1RSGYQEWYPZnf12CIJkc5vO5uF+M+/tZD0Fy1G6A+At
-DFZ7cIzUw8z/91jWPzkejZ5nmTDVpwUCcI0MVE9O/eOJdmEhFmtR9orw5fAq3Q7k
-cOdSKzDMMoLsUbONRv0kN250lTZJgLDq1LyOoVntDzpmZ8gybgiyDqDWEGzrLsuh
-+V+qJ3Phn7zCmLsdl0+KRX/VpB9+TP7briV1aXG7ztKj0Sn5o+0zx+LDPEeRQwoM
-Zt1XBWTPSrrsYbApmXer1f+J/mk8llqmGImzDCU7q3q/H+GLZGe7lCxD5Kfw2Tpm
-CRd4KB8HDGWc/PGrTqFhkX4HeCVIfPHF6uMTY9uHM55BhGvST/0PZ4gJPfNo1kEA
-Xk/x5NPstEay71CjhzSLAgMBAAGjggG9MIIBuTAfBgNVHSMEGDAWgBSzkKfYya9O
-zWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUVCdknt5FE2kTGIcNZy+wjYIpkdowDgYD
-VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcC
-ARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDow
-ODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRT
-U0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2Ny
-dC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUF
-BzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMDUGA1UdEQQuMCyCEnJlbGVh
-c2UuZGViaWFuLm9yZ4IWd3d3LnJlbGVhc2UuZGViaWFuLm9yZzANBgkqhkiG9w0B
-AQsFAAOCAQEANniGCnAjUHCpM5Pi6znuqQJRRxfhXUgyrbeTqt8v5PtMaTkgJYov
-86OdRWVeR+0JaddvfNUWW3Mne/6TCB1Dg9hD1brwRznBH4z+JTXialhnfRV1pjzh
-d8jIhOy5ezunheeSQUE0R/OkBLDXt0FxT/hpP9CHDxRhzhdmuSBF402O+V3ZZFHI
-Q+rODNktH+IfnbdwxYY2riRWpQV1zo1cvaM0I6unHhX89LbyUJXyVNjDLiVgTa11
-siDXmJcuQLn3mK6cha3IBCh75qk92D0MY9prlWnKFVD/CH35y5vyHvOtxfuOfepM
-1gGfMuPZOKgZFghy9N4btNmoMct0U/F7Qg==
------END CERTIFICATE-----
author	Julien Cristau <jcristau@debian.org>
	Mon, 4 Jul 2016 12:15:01 +0000 (14:15 +0200)
committer	Julien Cristau <jcristau@debian.org>
	Mon, 4 Jul 2016 12:20:01 +0000 (14:20 +0200)
modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb		patch \| blob \| history
modules/ssl/files/chains/release.debian.org.crt	[deleted symlink]	patch \| blob \| history
modules/ssl/files/servicecerts/release.debian.org.crt	[deleted file]	patch \| blob \| history