From 955db7615e417fc4f8864ec059b7e0aef79d89f5 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 22 Jun 2019 21:02:45 +0200
Subject: [PATCH] 010-security.debian.org.conf: explicitly bind to localhost

On hosts having services on different IP addresses, *:80 is not enough
to run the security vhost on localhost, as other services might also
explicitly bind to localhost. This breaks mirror-health check.

For example on schmelzer.d.o:

010-archive.debian.org.conf
  <VirtualHost 217.196.149.234:80 [2a02:16a8:dc41:100::234]:80>

010-debug.mirrors.debian.org.conf
  <VirtualHost 217.196.149.232:80 [2a02:16a8:dc41:100::232]:80 127.0.0.1:80 [::1]:80 >

010-ftp.debian.org.conf
  <VirtualHost 217.196.149.232:80 [2a02:16a8:dc41:100::232]:80 127.0.0.1:80 [::1]:80 >

010-security.debian.org.conf
  <VirtualHost *:80>

Without this fix, it means that a request to security.backend.mirrors.d.o
on localhost ends up in the debug.mirrors.d.o vhost, and is thus
answered as 404.
---
 modules/roles/templates/security_mirror/security.debian.org.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/roles/templates/security_mirror/security.debian.org.erb b/modules/roles/templates/security_mirror/security.debian.org.erb
index 7d56aeca9..917732741 100644
--- a/modules/roles/templates/security_mirror/security.debian.org.erb
+++ b/modules/roles/templates/security_mirror/security.debian.org.erb
@@ -3,7 +3,7 @@
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 ##
 
-<VirtualHost *:80>
+<VirtualHost *:80 127.0.0.1:80 [::1]:80>
    ServerAdmin debian-admin@debian.org
    DocumentRoot /srv/mirrors/debian-security
    ServerPath /debian-security
-- 
2.20.1