# Managed by ansible, do not edit.
ServerSignature Off
ServerTokens Prod
ServerName {{ git_host }}
ServerAlias {{ inventory_hostname }}
ServerAlias git-geo.linaro.org
ServerAdmin webmaster@linaro.org
CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog
ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log
DocumentRoot {{ apache_root }}/cgit
ExpiresActive On
ExpiresDefault "access plus 0 seconds"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header append Cache-Control "no-transform"
Header add Cache-Control "must-revalidate"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
Header add Cache-Control "max-age=5356800"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
KeepAlive On
KeepAliveTimeout 10
MaxKeepAliveRequests 150
RewriteEngine On
# Following directives removed from Apache 2.4
# http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging
#RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log
#RewriteLogLevel 0
AllowEncodedSlashes On
RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|bingbot|Baidu|Baiduspider|360Spider|360) [nocase]
RewriteRule ^(.*)$ - [forbidden,last]
RewriteCond %{HTTP_USER_AGENT} !git [nocase]
RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301]
RewriteCond %{HTTP_USER_AGENT} git [nocase]
RewriteCond %{REQUEST_URI} !^/git/(.*)$
RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$
RewriteRule ^/(.*)$ /git/$1 [nosubreq,nocase,passthrough]
# we have things in ci and user bookmarks for gitweb URLs to raw file downloads like:
# curl -L http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py
RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301]
AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1
AliasMatch ^/git-http/(.*) {{ repo_root }}/$1
AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1
Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz
ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi
AllowOverride None
Require all granted
Options +FollowSymLinks -ExecCGI +Indexes
ExpiresActive Off
FileEtag None
Header set Cache-Control "no-cache, no-store, no-transform"
FileEtag MTime
Header set Cache-Control "no-transform, must-revalidate, max-age=518400"
Alias /cgit-css "/var/www/cgit/cgit-css/"
ScriptAlias / "{{ apache_root}}/cgit/cgit/"
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted
ServerName {{ git_host }}
ServerAlias {{ inventory_hostname }}
ServerAlias git-geo.linaro.org
ServerAdmin webmaster@linaro.org
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLOptions +StdEnvVars
SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
SSLCertificateFile {{ssl_cert}}
SSLCertificateKeyFile {{ssl_key}}
SSLCACertificateFile {{ssl_ca}}
CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog
ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log
DocumentRoot {{ apache_root }}/cgit
ExpiresActive On
ExpiresDefault "access plus 0 seconds"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header always set Strict-Transport-Security "max-age=63072000"
Header append Cache-Control "no-transform"
Header add Cache-Control "must-revalidate"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
Header add Cache-Control "max-age=5356800"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
KeepAlive On
KeepAliveTimeout 9
MaxKeepAliveRequests 150
AllowEncodedSlashes On
RewriteEngine On
# Following directives removed from Apache 2.4
# http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging
#RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log
#RewriteLogLevel 0
RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|bingbot|Baidu|Baiduspider|360Spider|360) [nocase]
RewriteRule ^(.*)$ - [forbidden,last]
RewriteCond %{HTTP_USER_AGENT} !git [nocase]
RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301]
RewriteCond %{HTTP_USER_AGENT} git [nocase]
RewriteCond %{REQUEST_URI} !^/git/(.*)$
RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$
RewriteRule ^/(.*)$ /git/$1 [nocase,noescape,passthrough]
# we have things in ci and user bookmarks for gitweb URLs to raw file downloads like:
# curl -L http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py
RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301]
AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1
AliasMatch ^/git-http/(.*) {{ repo_root }}/$1
AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz
SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1
ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi
AllowOverride None
Require all granted
Options +FollowSymLinks -ExecCGI +Indexes
ExpiresActive Off
FileEtag None
Header set Cache-Control "no-cache, no-store, no-transform"
FileEtag MTime
Header set Cache-Control "no-transform, must-revalidate, max-age=518400"
Alias /cgit-css "/var/www/cgit/cgit-css/"
ScriptAlias / "{{ apache_root}}/cgit/cgit/"
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted