Add deb.debian.org https vhost

A bit special: no HPKP, and redirects are currently different from the
HTTP vhost.

diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index 784d53b..fbe5e34 100644 (file)
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -89,6 +89,7 @@ class roles::static_mirror {
        ssl::service { 'bits.debian.org'               : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
        ssl::service { 'blends.debian.org'             : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
        ssl::service { 'd-i.debian.org'                : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true }
+       ssl::service { 'deb.debian.org'                : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true }
        ssl::service { 'dsa.debian.org'                : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true }
        ssl::service { 'incoming.debian.org'           : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }
        ssl::service { 'incoming.ports.debian.org'     : ensure => "ifstatic", notify  => Exec['service apache2 reload'], key => true, }

diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 0acb605..7517f19 100644 (file)
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -9,6 +9,39 @@
        Redirect /debian-ports/     http://cdn-fastly.deb.debian.org/debian-ports/
        Redirect /debian-security/  http://cdn-fastly.deb.debian.org/debian-security/
 </Macro>
+
+<VirtualHost <%= vhost_listen_443 %> >
+       ServerName deb.debian.org
+
+       ErrorLog /var/log/apache2/deb.debian.org-error.log
+       CustomLog /var/log/apache2/deb.debian.org-access.log privacyssl
+
+       Use common-debian-service-ssl deb.debian.org
+       Use common-ssl-HSTS
+
+       ServerAdmin debian-admin@lists.debian.org
+       <IfModule mod_userdir.c>
+               UserDir disabled
+       </IfModule>
+       ServerSignature On
+
+       DocumentRoot /srv/static.debian.org/mirrors/deb.debian.org/cur
+       <Directory /srv/static.debian.org/mirrors/deb.debian.org/cur>
+               AllowOverride FileInfo Indexes Options=Multiviews
+               Options Indexes SymLinksIfOwnerMatch
+               IndexOptions FancyIndexing NameWidth=*
+               Require all granted
+       </Directory>
+
+       Header set Surrogate-Key <%= hostname %>
+
+       AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+
+       Redirect /debian/           https://cdn-aws.deb.debian.org/debian/
+       Redirect /debian-debug/     https://cdn-aws.deb.debian.org/debian-debug/
+       Redirect /debian-ports/     https://cdn-aws.deb.debian.org/debian-ports/
+       Redirect /debian-security/  https://cdn-aws.deb.debian.org/debian-security/
+</VirtualHost>
 <% end -%>
 
 <Macro vstatic-vhost-extra-network-test.debian.org>