class roles::security_tracker {
+ include apache2::ssl
+ include apache2::proxy_http
+ include apache2::expires
+
ssl::service { 'security-tracker.debian.org':
notify => Exec['service apache2 reload'],
key => true,
}
+
+ apache2::site { 'security-tracker.debian.org':
+ site => 'security-tracker.debian.org',
+ content => template('roles/apache-security-tracker.debian.org.conf.erb')
+ }
}
--- /dev/null
+Use common-debian-service-https-redirect * security-tracker.debian.org
+
+<VirtualHost *:443>
+ ServerAdmin team@security.debian.org
+ ServerName security-tracker.debian.org
+
+ Use common-debian-service-ssl security-tracker.debian.org
+ Use common-ssl-HSTS
+ Use http-pkp-security-tracker.debian.org
+
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/security-tracker.debian.org-error.log
+ CustomLog /var/log/apache2/security-tracker.debian.org-access.log privacyssl
+ ServerSignature On
+
+ RewriteEngine on
+ RewriteRule ^/tracker(?:/|$) - [L]
+ # The next rule matches favicon.ico, robots.txt etc.
+ RewriteRule ^/[^./]+[.][a-z]{3}$ - [L]
+ RewriteRule ^/((?:TEMP|CVE)[^/]+)$ /tracker/$1 [R]
+ RewriteRule ^/((?:old|un)?stable|testing)$ /tracker/status/release/$1 [R]
+ RewriteRule ^/((?:old)?stable-backports)$ /tracker/status/release/$1 [R]
+ RewriteRule ^/([a-z0-9.+-]+)$ /tracker/$1 [R]
+ RewriteRule ^/+$ /tracker/ [R]
+
+ DocumentRoot /srv/security-tracker.debian.org/htdocs/security-tracker
+ <Directory /srv/security-tracker.debian.org/htdocs/security-tracker>
+ AllowOverride none
+ Options +Indexes
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "\.svn" >
+ Require all denied
+ </DirectoryMatch>
+
+ <Location /tracker/data/json>
+ SetOutputFilter DEFLATE
+ </Location>
+
+ ProxyRequests off
+ ProxyPass /tracker http://localhost:25648/tracker retry=1
+ ProxyPassReverse /tracker http://localhost:25648/tracker
+</VirtualHost>
+# vim: set filetype=apache:
projects / mirror / dsa-puppet.git / commitdiff