diff options
-rw-r--r-- | files/apache/android-git.linaro.org.conf | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/files/apache/android-git.linaro.org.conf b/files/apache/android-git.linaro.org.conf new file mode 100644 index 00000000..5d98b4f0 --- /dev/null +++ b/files/apache/android-git.linaro.org.conf @@ -0,0 +1,160 @@ +Mutex default rewrite-map + +<VirtualHost *:80> + ServerName {{ git_host }} + ServerAlias {{ inventory_hostname }} + ServerAlias android.git.linaro.org + Alias "/.well-known/acme-challenge" "/tmp/.well-known/acme-challenge" + <Directory /tmp/.well-known/acme-challenge> + Require all granted + </Directory> + + AllowEncodedSlashes On + RewriteEngine on + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^(.*)$ https://{{ git_host }}$1 [R=301,L] +</VirtualHost> + +{% if inventory_hostname == 'android-git-us.linaro.org' %} +# Support for deprecated android.git.linaro.org subdomain +<VirtualHost *:443> + ServerName android.git.linaro.org + + RewriteEngine On + RewriteRule ^(.*) https://android-git.linaro.org$1 [redirect=301,noescape,last] + + AllowEncodedSlashes On + + SSLEngine On + SSLOptions +StdEnvVars + SSLProtocol All -SSLv2 -SSLv3 + SSLCompression Off + SSLHonorCipherOrder On + SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\ + EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\ + !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\ + CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" + + SSLCertificateFile /etc/letsencrypt/live/android-git-us.linaro.org/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/android-git-us.linaro.org/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/android-git-us.linaro.org/chain.pem +</VirtualHost> + +{% endif %} +<VirtualHost *:443> + ServerName {{ git_host }} + ServerAlias {{ inventory_hostname }} + ServerAlias android-us.git.linaro.org + ServerAdmin webmaster@linaro.org + + CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog + ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log + + DocumentRoot {{ apache_root }}/{{ git_host }} + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=5356800" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + KeepAlive On + KeepAliveTimeout 9 + MaxKeepAliveRequests 150 + + AllowEncodedSlashes On + + SSLEngine On + SSLProxyEngine On + SSLOptions +StdEnvVars + SSLProtocol All -SSLv2 -SSLv3 + SSLCompression Off + SSLHonorCipherOrder On + SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\ + EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\ + !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\ + CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" + + SSLCertificateFile {{ssl_cert}} + SSLCertificateKeyFile {{ssl_key}} + SSLCACertificateFile {{ssl_ca}} + + RewriteEngine On + # Following directives removed from Apache 2.4 + # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging + #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log + #RewriteLogLevel 0 + + RewriteMap gitdirs prg:{{tools_checkout_dir}}/linaro-git-tools/git-repo-url-rewrite/git-directory-rewritemap.py + RewriteRule ^/git-ro/(.*) /git-http/${gitdirs:$1} [P,L] + + RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|Baiduspider) [NC] + RewriteRule .* - [R=403,L] + + SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog + + Alias /git-http/ {{ repo_root }}/ + + AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1 + AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1 + Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz + + ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi + + <Directory "{{ repo_root }}"> + AllowOverride None + Require all granted + + Options +FollowSymLinks -ExecCGI + ExpiresActive Off + FileEtag None + Header set Cache-Control "no-cache, no-store, no-transform" + <FilesMatch "\.(bundle)$"> + FileEtag MTime + Header set Cache-Control "no-transform, must-revalidate, max-age=518400" + </FilesMatch> + </Directory> + + # We have to keep an alias around for gitweb because we used to have a + # redirect permanent rule for / -> /gitweb + RewriteRule ^/gitweb(.*)$ $1 [P,L] + + # We have things in ci and user bookmarks for gitweb URLs to raw file downloads like: + # curl -L http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py + RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301] + + Alias /cgit-css "/var/www/cgit/cgit-css/" + ScriptAlias / "{{ apache_root}}/cgit/cgit/" + <Directory "{{ apache_root }}/cgit/"> + AllowOverride None + Options ExecCGI FollowSymlinks + Require all granted + </Directory> +</VirtualHost> |