diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2019-02-06 01:52:12 -0600 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2019-02-08 23:51:44 +0000 |
commit | adad0d81fabc3019090c6b2919dd7c0e62dab228 (patch) | |
tree | bc4f71f77a3465e480710fe7bc2425c010206926 | |
parent | 23bc578e1e29317d1d33bb49da28aeb7ab6e7e35 (diff) |
apache: update apache config for hosted projects to use includes
This review updates the configuration for
tf.o and mlp.o servers to use the new
include method for apache configuration.
It also renames the config files for mlp
to use the proper hostnames.
Change-Id: I60c6b55655176093d1115e160a6eb26326a2e9a2
Reviewed-on: https://review.linaro.org/30153
Reviewed-by: Kelley Spoon <kelley.spoon@linaro.org>
l--------- | files/apache/git.mlplatform.org.conf (renamed from files/apache/git-mi.linaro.org.conf) | 0 | ||||
-rw-r--r-- | files/apache/git.trustedfirmware.org.conf | 27 | ||||
-rw-r--r-- | files/apache/review.mlplatform.org.conf (renamed from files/apache/mi.linaro.org.conf) | 18 | ||||
-rw-r--r-- | files/apache/review.trustedfirmware.org.conf | 46 |
4 files changed, 41 insertions, 50 deletions
diff --git a/files/apache/git-mi.linaro.org.conf b/files/apache/git.mlplatform.org.conf index f6fbf658..f6fbf658 120000 --- a/files/apache/git-mi.linaro.org.conf +++ b/files/apache/git.mlplatform.org.conf diff --git a/files/apache/git.trustedfirmware.org.conf b/files/apache/git.trustedfirmware.org.conf index 0ac7e2af..8e401cd2 100644 --- a/files/apache/git.trustedfirmware.org.conf +++ b/files/apache/git.trustedfirmware.org.conf @@ -22,6 +22,7 @@ ServerTokens Prod ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" + Include /etc/apache2/linaro/headers-http.conf Header append Cache-Control "no-transform" <FilesMatch "\.(html|htm)$"> @@ -51,10 +52,6 @@ ServerTokens Prod MaxKeepAliveRequests 150 RewriteEngine On - # Following directives removed from Apache 2.4 - # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging - #RewriteLog ${APACHE_LOG_DIR}/git.trustedfirmware.org-rewrite.log - #RewriteLogLevel 0 AllowEncodedSlashes On @@ -95,10 +92,7 @@ ServerTokens Prod ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" /var/www/cgit/git-http-backend.cgi - Alias "/.well-known/acme-challenge/" "/srv/certbot/.well-known/acme-challenge/" - <Directory "/srv/certbot/.well-known/acme-challenge/"> - Require all granted - </Directory> + Include /etc/apache2/linaro/letsencrypt.conf <Directory "/srv/repositories"> AllowOverride None @@ -126,16 +120,7 @@ ServerTokens Prod ServerName git.trustedfirmware.org ServerAlias git.trustedfirmware.org - SSLEngine On - SSLProtocol All -SSLv2 -SSLv3 - SSLCompression Off - SSLHonorCipherOrder On - SSLOptions +StdEnvVars - SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\ - EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\ - !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\ - CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" - + Include /etc/apache2/linaro/settings-ssl.conf SSLCertificateFile {{ssl_cert}} SSLCertificateKeyFile {{ssl_key}} SSLCACertificateFile {{ssl_ca}} @@ -155,7 +140,7 @@ ServerTokens Prod ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" - Header always set Strict-Transport-Security "max-age=63072000" + Include /etc/apache2/linaro/headers-https.conf Header append Cache-Control "no-transform" <FilesMatch "\.(html|htm)$"> @@ -187,10 +172,6 @@ ServerTokens Prod AllowEncodedSlashes On RewriteEngine On - # Following directives removed from Apache 2.4 - # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging - #RewriteLog ${APACHE_LOG_DIR}/git.trustedfirmware.org-rewrite.log - #RewriteLogLevel 0 RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|bingbot|Baidu|Baiduspider|360Spider|360) [nocase] RewriteRule ^(.*)$ - [forbidden,last] diff --git a/files/apache/mi.linaro.org.conf b/files/apache/review.mlplatform.org.conf index e6e57706..e517b1eb 100644 --- a/files/apache/mi.linaro.org.conf +++ b/files/apache/review.mlplatform.org.conf @@ -2,20 +2,21 @@ ServerName {{inventory_hostname}} ServerAlias {{inventory_hostname}} - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + Header set Cache-Control private + <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> + Header set Cache-Control "max-age=86400, public" + </FilesMatch> - Alias "/.well-known/acme-challenge/" "/srv/certbot/.well-known/acme-challenge/" - <Directory "/srv/certbot/.well-known/acme-challenge/"> - Require all granted - </Directory> + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + Include /etc/apache2/linaro/letsencrypt.conf </VirtualHost> <VirtualHost *:443> ServerName {{inventory_hostname}} ServerAlias {{inventory_hostname}} - SSLEngine On + Include /etc/apache2/linaro/settings-ssl.conf SSLCertificateFile /etc/letsencrypt/live/{{gerrit_host}}/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{gerrit_host}}/privkey.pem @@ -26,6 +27,11 @@ CustomLog /var/log/apache2/{{inventory_hostname}}-access.log combined ErrorLog /var/log/apache2/{{inventory_hostname}}-error.log + Header set Cache-Control private + <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> + Header set Cache-Control "max-age=86400, public" + </FilesMatch> + ProxyRequests Off ProxyVia Off ProxyPreserveHost On diff --git a/files/apache/review.trustedfirmware.org.conf b/files/apache/review.trustedfirmware.org.conf index 5f63d700..23c90fc6 100644 --- a/files/apache/review.trustedfirmware.org.conf +++ b/files/apache/review.trustedfirmware.org.conf @@ -2,38 +2,42 @@ ServerName {{inventory_hostname}} ServerAlias {{inventory_hostname}} - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" - - Alias "/.well-known/acme-challenge/" "/srv/certbot/.well-known/acme-challenge/" - <Directory "/srv/certbot/.well-known/acme-challenge/"> - Require all granted - </Directory> + Header set Cache-Control private + <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> + Header set Cache-Control "max-age=86400, public" + </FilesMatch> + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + Include /etc/apache2/linaro/letsencrypt.conf </VirtualHost> <VirtualHost *:443> ServerName {{inventory_hostname}} ServerAlias {{inventory_hostname}} - SSLEngine On - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} - SSLCACertificateFile {{ssl_ca}} + Include /etc/apache2/linaro/settings-ssl.conf + SSLCertificateFile {{ssl_cert}} + SSLCertificateKeyFile {{ssl_key}} + SSLCACertificateFile {{ssl_ca}} DocumentRoot /srv/gerrit - CustomLog /var/log/apache2/{{inventory_hostname}}.linaro.org-access.log combined - ErrorLog /var/log/apache2/{{inventory_hostname}}.linaro.org-error.log + CustomLog /var/log/apache2/{{inventory_hostname}}.linaro.org-access.log combined + ErrorLog /var/log/apache2/{{inventory_hostname}}.linaro.org-error.log - ProxyRequests Off - ProxyVia Off - ProxyPreserveHost On - <Proxy *> - Order deny,allow - Allow from all - </Proxy> + Header set Cache-Control private + <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> + Header set Cache-Control "max-age=86400, public" + </FilesMatch> + + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + <Proxy *> + Order deny,allow + Allow from all + </Proxy> AllowEncodedSlashes On - ProxyPass / http://127.0.0.1:8080/ nocanon + ProxyPass / http://127.0.0.1:8080/ nocanon </VirtualHost> - |