blob: 6ccffedfc5152ede8a76a9980cf7983a9b9da227 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<VirtualHost *:80>
ServerName android-review.linaro.org
{% if ssl_cert is defined %}
RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1"
{% else %}
DocumentRoot /srv/gerrit
CustomLog /var/log/apache2/android-review.linaro.org-access.log combined
ErrorLog /var/log/apache2/android-review.linaro.org-error.log
ExpiresActive On
ExpiresDefault "access plus 0 seconds"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header append Cache-Control "no-transform"
<FilesMatch "\.(html|htm)$">
Header add Cache-Control "must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header add Cache-Control "max-age=604800"
<ifModule mod_deflate.c>
SetOutputFilter DEFLATE
</ifModule>
</FilesMatch>
RequestHeader set X-Forwarded-Scheme http
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes On
ProxyPass / http://127.0.0.1:8080/ nocanon
{% endif %}
Alias "/.well-known/acme-challenge/" "/srv/certbot/.well-known/acme-challenge/"
<Directory "/srv/certbot/.well-known/acme-challenge/">
Require all granted
</Directory>
</VirtualHost>
{% if ssl_cert is defined %}
<VirtualHost *:443>
ServerName android-review.linaro.org
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLOptions +StdEnvVars
SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
SSLCertificateFile {{ssl_cert}}
SSLCertificateKeyFile {{ssl_key}}
{% if ssl_ca is defined -%}
SSLCACertificateFile {{ssl_ca}}
{%- endif %}
DocumentRoot /srv/gerrit
CustomLog /var/log/apache2/android-review.linaro.org-access.log combined
ErrorLog /var/log/apache2/android-review.linaro.org-error.log
ExpiresActive On
ExpiresDefault "access plus 0 seconds"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header append Cache-Control "no-transform"
<FilesMatch "\.(html|htm)$">
Header add Cache-Control "must-revalidate"
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header add Cache-Control "max-age=604800"
<ifModule mod_deflate.c>
SetOutputFilter DEFLATE
</ifModule>
</FilesMatch>
RequestHeader set X-Forwarded-Scheme http
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes On
ProxyPass / http://127.0.0.1:8080/ nocanon
</VirtualHost>
{% endif %}
|