From: Julien Cristau Date: Mon, 4 Jul 2016 12:15:01 +0000 (+0200) Subject: Move release.d.o to static and letsencrypt X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4e95e6f4d2918b5c72c106fac3b29789dcb4101f;p=mirror%2Fdsa-puppet.git Move release.d.o to static and letsencrypt Signed-off-by: Julien Cristau --- diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb index 49ff465b4..3d1bc8413 100644 --- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb +++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb @@ -234,4 +234,33 @@ Use common-dsa-vhost-https-redirect www.ports.debian.org RedirectPermanent / http://metadata.ftp-master.debian.org/ + > + ServerName release.debian.org + ServerAdmin debian-admin@debian.org + RedirectPermanent / https://release.debian.org/ + + > + ServerName release.debian.org + ServerAdmin debian-admin@debian.org + + ErrorLog /var/log/apache2/release.debian.org-error.log + CustomLog /var/log/apache2/release.debian.org-access.log privacy + + Use common-debian-service-ssl release.debian.org + Use common-ssl-HSTS + + + UserDir disabled + + ServerSignature On + + DocumentRoot /srv/static.debian.org/mirrors/release.debian.org/cur + + AllowOverride FileInfo Indexes Options=Multiviews + Options Multiviews Indexes FollowSymLinks Includes + IndexOptions FancyIndexing NameWidth=* + Require all granted + + + # vim:ft=apache: diff --git a/modules/ssl/files/chains/release.debian.org.crt b/modules/ssl/files/chains/release.debian.org.crt deleted file mode 120000 index 50d224a83..000000000 --- a/modules/ssl/files/chains/release.debian.org.crt +++ /dev/null @@ -1 +0,0 @@ -GANDI-2-CA \ No newline at end of file diff --git a/modules/ssl/files/servicecerts/release.debian.org.crt b/modules/ssl/files/servicecerts/release.debian.org.crt deleted file mode 100644 index 7483cc5b5..000000000 --- a/modules/ssl/files/servicecerts/release.debian.org.crt +++ /dev/null @@ -1,118 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 12:97:47:ac:41:81:cb:17:3f:79:b9:11:35:7b:8d:c9 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 - Validity - Not Before: Dec 11 00:00:00 2015 GMT - Not After : Jan 22 23:59:59 2017 GMT - Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=release.debian.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (3072 bit) - Modulus: - 00:d0:01:5d:db:bf:ec:18:6d:35:94:3d:7b:20:4b: - e7:70:a2:11:2d:f1:ac:31:6f:fc:52:f0:06:7e:fe: - de:a6:6d:5c:ff:0a:08:a3:d5:eb:7b:ae:09:b8:ce: - cd:41:50:d0:bf:9f:ae:ca:4d:2b:e5:fe:2d:c0:c0: - f3:44:eb:5a:00:46:d0:f4:92:70:10:dc:b4:d8:60: - 2b:91:9f:b5:cc:ac:77:6b:ca:3a:44:9e:60:7d:bf: - b4:6c:7a:46:8c:b0:11:ab:54:52:19:84:04:59:83: - d9:9d:fd:76:08:82:64:73:9b:ce:e6:e1:7e:33:ef: - ed:64:3d:05:cb:51:ba:03:e0:2d:0c:56:7b:70:8c: - d4:c3:cc:ff:f7:58:d6:3f:39:1e:8d:9e:67:99:30: - d5:a7:05:02:70:8d:0c:54:4f:4e:fd:e3:89:76:61: - 21:16:6b:51:f6:8a:f0:e5:f0:2a:dd:0e:e4:70:e7: - 52:2b:30:cc:32:82:ec:51:b3:8d:46:fd:24:37:6e: - 74:95:36:49:80:b0:ea:d4:bc:8e:a1:59:ed:0f:3a: - 66:67:c8:32:6e:08:b2:0e:a0:d6:10:6c:eb:2e:cb: - a1:f9:5f:aa:27:73:e1:9f:bc:c2:98:bb:1d:97:4f: - 8a:45:7f:d5:a4:1f:7e:4c:fe:db:ae:25:75:69:71: - bb:ce:d2:a3:d1:29:f9:a3:ed:33:c7:e2:c3:3c:47: - 91:43:0a:0c:66:dd:57:05:64:cf:4a:ba:ec:61:b0: - 29:99:77:ab:d5:ff:89:fe:69:3c:96:5a:a6:18:89: - b3:0c:25:3b:ab:7a:bf:1f:e1:8b:64:67:bb:94:2c: - 43:e4:a7:f0:d9:3a:66:09:17:78:28:1f:07:0c:65: - 9c:fc:f1:ab:4e:a1:61:91:7e:07:78:25:48:7c:f1: - c5:ea:e3:13:63:db:87:33:9e:41:84:6b:d2:4f:fd: - 0f:67:88:09:3d:f3:68:d6:41:00:5e:4f:f1:e4:d3: - ec:b4:46:b2:ef:50:a3:87:34:8b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA - - X509v3 Subject Key Identifier: - 54:27:64:9E:DE:45:13:69:13:18:87:0D:67:2F:B0:8D:82:29:91:DA - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Certificate Policies: - Policy: 1.3.6.1.4.1.6449.1.2.2.26 - CPS: https://cps.usertrust.com - Policy: 2.23.140.1.2.1 - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl - - Authority Information Access: - CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt - OCSP - URI:http://ocsp.usertrust.com - - X509v3 Subject Alternative Name: - DNS:release.debian.org, DNS:www.release.debian.org - Signature Algorithm: sha256WithRSAEncryption - 36:78:86:0a:70:23:50:70:a9:33:93:e2:eb:39:ee:a9:02:51: - 47:17:e1:5d:48:32:ad:b7:93:aa:df:2f:e4:fb:4c:69:39:20: - 25:8a:2f:f3:a3:9d:45:65:5e:47:ed:09:69:d7:6f:7c:d5:16: - 5b:73:27:7b:fe:93:08:1d:43:83:d8:43:d5:ba:f0:47:39:c1: - 1f:8c:fe:25:35:e2:6a:58:67:7d:15:75:a6:3c:e1:77:c8:c8: - 84:ec:b9:7b:3b:a7:85:e7:92:41:41:34:47:f3:a4:04:b0:d7: - b7:41:71:4f:f8:69:3f:d0:87:0f:14:61:ce:17:66:b9:20:45: - e3:4d:8e:f9:5d:d9:64:51:c8:43:ea:ce:0c:d9:2d:1f:e2:1f: - 9d:b7:70:c5:86:36:ae:24:56:a5:05:75:ce:8d:5c:bd:a3:34: - 23:ab:a7:1e:15:fc:f4:b6:f2:50:95:f2:54:d8:c3:2e:25:60: - 4d:ad:75:b2:20:d7:98:97:2e:40:b9:f7:98:ae:9c:85:ad:c8: - 04:28:7b:e6:a9:3d:d8:3d:0c:63:da:6b:95:69:ca:15:50:ff: - 08:7d:f9:cb:9b:f2:1e:f3:ad:c5:fb:8e:7d:ea:4c:d6:01:9f: - 32:e3:d9:38:a8:19:16:08:72:f4:de:1b:b4:d9:a8:31:cb:74: - 53:f1:7b:42 ------BEGIN CERTIFICATE----- -MIIFhTCCBG2gAwIBAgIQEpdHrEGByxc/ebkRNXuNyTANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIyMjM1OTU5WjBdMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEbMBkGA1UEAxMScmVsZWFzZS5kZWJpYW4ub3JnMIIBojANBgkqhkiG9w0BAQEF -AAOCAY8AMIIBigKCAYEA0AFd27/sGG01lD17IEvncKIRLfGsMW/8UvAGfv7epm1c -/woIo9Xre64JuM7NQVDQv5+uyk0r5f4twMDzROtaAEbQ9JJwENy02GArkZ+1zKx3 -a8o6RJ5gfb+0bHpGjLARq1RSGYQEWYPZnf12CIJkc5vO5uF+M+/tZD0Fy1G6A+At -DFZ7cIzUw8z/91jWPzkejZ5nmTDVpwUCcI0MVE9O/eOJdmEhFmtR9orw5fAq3Q7k -cOdSKzDMMoLsUbONRv0kN250lTZJgLDq1LyOoVntDzpmZ8gybgiyDqDWEGzrLsuh -+V+qJ3Phn7zCmLsdl0+KRX/VpB9+TP7briV1aXG7ztKj0Sn5o+0zx+LDPEeRQwoM -Zt1XBWTPSrrsYbApmXer1f+J/mk8llqmGImzDCU7q3q/H+GLZGe7lCxD5Kfw2Tpm -CRd4KB8HDGWc/PGrTqFhkX4HeCVIfPHF6uMTY9uHM55BhGvST/0PZ4gJPfNo1kEA -Xk/x5NPstEay71CjhzSLAgMBAAGjggG9MIIBuTAfBgNVHSMEGDAWgBSzkKfYya9O -zWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUVCdknt5FE2kTGIcNZy+wjYIpkdowDgYD -VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG -CCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhowJzAlBggrBgEFBQcC -ARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwQQYDVR0fBDow -ODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRT -U0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcwAoYwaHR0cDovL2Ny -dC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIuY3J0MCUGCCsGAQUF -BzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMDUGA1UdEQQuMCyCEnJlbGVh -c2UuZGViaWFuLm9yZ4IWd3d3LnJlbGVhc2UuZGViaWFuLm9yZzANBgkqhkiG9w0B -AQsFAAOCAQEANniGCnAjUHCpM5Pi6znuqQJRRxfhXUgyrbeTqt8v5PtMaTkgJYov -86OdRWVeR+0JaddvfNUWW3Mne/6TCB1Dg9hD1brwRznBH4z+JTXialhnfRV1pjzh -d8jIhOy5ezunheeSQUE0R/OkBLDXt0FxT/hpP9CHDxRhzhdmuSBF402O+V3ZZFHI -Q+rODNktH+IfnbdwxYY2riRWpQV1zo1cvaM0I6unHhX89LbyUJXyVNjDLiVgTa11 -siDXmJcuQLn3mK6cha3IBCh75qk92D0MY9prlWnKFVD/CH35y5vyHvOtxfuOfepM -1gGfMuPZOKgZFghy9N4btNmoMct0U/F7Qg== ------END CERTIFICATE-----