git.mlp.o: update bots and change git from symlink

This change updates the bots list and also changes the apache config for git.mlplatform.org to be a standalone file instead of a symlink back to the git.linaro.org conf. Change-Id: Idc200a589c48cccf3ce851632f468ba2590a3e7e Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org> Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/46159
author: Kelley Spoon <kelley.spoon@linaro.org> 2023-11-08 13:35:54 -0600
committer: Kelley Spoon <kelley.spoon@linaro.org> 2023-11-28 16:07:32 +0000
commit: 26d6296482b7c7b939a71b76b58a292fd115f745 (patch)
tree: 6294ced8cd4521a0f38adbb456618b5a3da196f9
parent: 4a7d5d9b6d6609401db2c6a15ab48d585977fb3c (diff)
2 files changed, 261 insertions, 2 deletions
diff --git a/files/apache/git.mlplatform.org.conf b/files/apache/git.mlplatform.org.conf
index f6fbf658..907a5362 120000..100644
--- a/files/apache/git.mlplatform.org.conf
+++ b/files/apache/git.mlplatform.org.conf
@@ -1 +1,258 @@
-git.linaro.org.conf
-\ No newline at end of file
+# Managed by ansible, do not edit.
+ServerSignature Off
+ServerTokens Prod
+
+<VirtualHost *:80>
+    ServerName {{ git_host }}
+    ServerAlias {{ inventory_hostname }}
+    ServerAdmin webmaster@linaro.org
+
+    CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog
+    ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log
+
+    DocumentRoot    {{ apache_root }}/cgit
+
+    ExpiresActive   On
+    ExpiresDefault  "access plus 0 seconds"
+
+    ExpiresByType   text/css        "access plus 1 month"
+    ExpiresByType   text/javascript "access plus 1 month"
+    ExpiresByType   image/png       "access plus 1 month"
+    ExpiresByType   image/jpg       "access plus 1 month"
+    ExpiresByType   image/jpeg      "access plus 1 month"
+    ExpiresByType   image/x-icon    "access plus 1 month"
+
+    Include /etc/apache2/linaro/headers-http.conf
+    Header append Cache-Control "no-transform"
+
+    <FilesMatch "\.(html|htm)$">
+        Header add Cache-Control "must-revalidate"
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        Header append Vary User-Agent env=!dont-vary
+    </FilesMatch>
+
+    <FilesMatch "\.(js|css)$">
+        Header add Cache-Control "max-age=5356800"
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        Header append Vary User-Agent env=!dont-vary
+    </FilesMatch>
+
+    KeepAlive On
+    KeepAliveTimeout 10
+    MaxKeepAliveRequests 150
+
+    RewriteEngine On
+    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
+    # Following directives removed from Apache 2.4
+    # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging
+    #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log
+    #RewriteLogLevel 0
+
+    AllowEncodedSlashes On
+
+    Include /etc/apache2/linaro/block-refs.conf
+
+    RewriteCond %{REQUEST_URI} ^/jmx-console(.*)$
+    RewriteRule ^/(.*)$ - [forbidden,last]
+    RewriteCond %{REQUEST_URI} ^/GponForm(.*)$
+    RewriteRule ^/(.*)$ - [forbidden,last]
+    RewriteCond %{REQUEST_URI} ^/user(.*)$
+    RewriteRule ^/(.*)$ - [forbidden,last]
+
+    RewriteCond %{HTTP_USER_AGENT} !git [nocase]
+    RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301]
+
+    RewriteCond %{HTTP_USER_AGENT} git [nocase]
+    RewriteCond %{REQUEST_URI} !^/git/(.*)$
+    RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$
+    RewriteCond %{REQUEST_URI} !^/git_pulls/(.*)$
+    RewriteCond %{REQUEST_URI} !^/logs/(.*)$
+    RewriteRule ^/(.*)$ /git/$1 [nosubreq,nocase,passthrough]
+    # convert old GitWeb links to work in cgit
+    # we have things in ci and user bookmarks for gitweb URLs to raw file downloads like:
+    #   curl -L  http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py
+    RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301]
+    # Summary
+    RewriteCond %{REQUEST_URI} /(.+)/summary [OR]
+    RewriteCond %{query_string} p=(.+);a=summary
+    RewriteRule ^/.*$ /%1/? [R,L,NE]
+
+    AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1
+    AliasMatch ^/git-http/(.*) {{ repo_root }}/$1
+
+    AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+    AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+    AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+
+    SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog
+
+    AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1
+    AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1
+    Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz
+
+    ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi
+
+    Include /etc/apache2/linaro/letsencrypt.conf
+
+    <Directory "{{ repo_root }}">
+        AllowOverride None
+        Require all granted
+        Options +FollowSymLinks -ExecCGI +Indexes
+        ExpiresActive Off
+        FileEtag None
+        Header set Cache-Control "no-cache, no-store, no-transform"
+        <FilesMatch "\.(bundle)$">
+            FileEtag MTime
+            Header set Cache-Control "no-transform, must-revalidate, max-age=518400"
+        </FilesMatch>
+    </Directory>
+
+    Alias /cgit-css "/var/www/cgit/cgit-css/"
+    ScriptAlias / "{{ apache_root}}/cgit/cgit/"
+    <Directory "{{ apache_root }}/cgit/">
+        AllowOverride None
+        Options ExecCGI FollowSymlinks
+        Require all granted
+    </Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ git_host }}
+    ServerAlias {{ inventory_hostname }}
+    ServerAdmin webmaster@linaro.org
+
+    Include /etc/apache2/linaro/settings-ssl.conf
+    SSLCertificateFile {{ssl_cert}}
+    SSLCertificateKeyFile {{ssl_key}}
+    SSLCACertificateFile {{ssl_ca}}
+
+    CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog
+    ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log
+
+    DocumentRoot    {{ apache_root }}/cgit
+
+    ExpiresActive   On
+    ExpiresDefault  "access plus 0 seconds"
+
+    ExpiresByType   text/css        "access plus 1 month"
+    ExpiresByType   text/javascript "access plus 1 month"
+    ExpiresByType   image/png       "access plus 1 month"
+    ExpiresByType   image/jpg       "access plus 1 month"
+    ExpiresByType   image/jpeg      "access plus 1 month"
+    ExpiresByType   image/x-icon    "access plus 1 month"
+
+    Include /etc/apache2/linaro/headers-https.conf
+    Header append Cache-Control "no-transform"
+
+    <FilesMatch "\.(html|htm)$">
+        Header add Cache-Control "must-revalidate"
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        Header append Vary User-Agent env=!dont-vary
+    </FilesMatch>
+
+    <FilesMatch "\.(js|css)$">
+        Header add Cache-Control "max-age=5356800"
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        Header append Vary User-Agent env=!dont-vary
+    </FilesMatch>
+
+    KeepAlive On
+    KeepAliveTimeout 9
+    MaxKeepAliveRequests 150
+
+    AllowEncodedSlashes On
+
+    RewriteEngine On
+    # Following directives removed from Apache 2.4
+    # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging
+    #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log
+    #RewriteLogLevel 0
+
+    Include /etc/apache2/linaro/block-refs.conf
+
+    RewriteCond %{HTTP_USER_AGENT} !git [nocase]
+    RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301]
+
+    RewriteCond %{HTTP_USER_AGENT} git [nocase]
+    RewriteCond %{REQUEST_URI} !^/git/(.*)$
+    RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$
+    RewriteRule ^/(.*)$ /git/$1 [nocase,noescape,passthrough]
+    # convert old GitWeb links to work in cgit
+    # we have things in ci and user bookmarks for gitweb URLs to raw file downloads like:
+    #   curl -L  http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py
+    RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301]
+    # Summary
+    RewriteCond %{REQUEST_URI} /(.+)/summary [OR]
+    RewriteCond %{query_string} p=(.+);a=summary
+    RewriteRule ^/.*$ /%1/? [R,L,NE]
+
+    AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1
+    AliasMatch ^/git-http/(.*) {{ repo_root }}/$1
+
+    AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+    AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+    AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle
+    Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz
+
+    SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog
+
+    AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1
+    AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1
+
+    ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi
+
+    Alias /logs "/var/www/logs"
+    <Directory "/var/www/logs/">
+        AllowOverride None
+        Require all granted
+        Options -FollowSymLinks -ExecCGI +Indexes
+    </Directory>
+
+    Alias /git_pulls "/var/www/git_pulls"
+    <Directory "/var/www/git_pulls/">
+        AllowOverride None
+        Require all granted
+        Options -FollowSymLinks -ExecCGI +Indexes
+    </Directory>
+
+    <Directory "{{ repo_root }}/">
+        AllowOverride None
+        Require all granted
+        Options +FollowSymLinks -ExecCGI +Indexes
+        ExpiresActive Off
+        FileEtag None
+        Header set Cache-Control "no-cache, no-store, no-transform"
+        <FilesMatch "\.(bundle)$">
+            FileEtag MTime
+            Header set Cache-Control "no-transform, must-revalidate, max-age=518400"
+        </FilesMatch>
+    </Directory>
+
+    Alias /cgit-css "/var/www/cgit/cgit-css/"
+    ScriptAlias / "{{ apache_root}}/cgit/cgit/"
+    <Directory "{{ apache_root }}/cgit/">
+        AllowOverride None
+        Options ExecCGI FollowSymlinks
+        Require all granted
+    </Directory>
+</VirtualHost>
diff --git a/files/apache/review.mlplatform.org.conf b/files/apache/review.mlplatform.org.conf
index 9652d72a..c1ec499f 100644
--- a/files/apache/review.mlplatform.org.conf
+++ b/files/apache/review.mlplatform.org.conf
@@ -7,9 +7,10 @@
         Header set Cache-Control "max-age=86400, public"
     </FilesMatch>
 
-    RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1"
+    RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{inventory_hostname}}/$1"
 
     RewriteEngine On
+    AllowEncodedSlashes On
     Include /etc/apache2/linaro/block-refs.conf
 
     Include /etc/apache2/linaro/letsencrypt.conf
@@ -36,6 +37,7 @@
     </FilesMatch>
 
     RewriteEngine On
+    AllowEncodedSlashes On
     Include /etc/apache2/linaro/block-refs.conf
 
     ProxyRequests Off
author	Kelley Spoon <kelley.spoon@linaro.org>	2023-11-08 13:35:54 -0600
committer	Kelley Spoon <kelley.spoon@linaro.org>	2023-11-28 16:07:32 +0000
commit	26d6296482b7c7b939a71b76b58a292fd115f745 (patch)
tree	6294ced8cd4521a0f38adbb456618b5a3da196f9
parent	4a7d5d9b6d6609401db2c6a15ab48d585977fb3c (diff)