diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2023-11-08 13:35:54 -0600 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2023-11-28 16:07:32 +0000 |
commit | 26d6296482b7c7b939a71b76b58a292fd115f745 (patch) | |
tree | 6294ced8cd4521a0f38adbb456618b5a3da196f9 | |
parent | 4a7d5d9b6d6609401db2c6a15ab48d585977fb3c (diff) |
git.mlp.o: update bots and change git from symlink
This change updates the bots list and also changes
the apache config for git.mlplatform.org to be a
standalone file instead of a symlink back to the
git.linaro.org conf.
Change-Id: Idc200a589c48cccf3ce851632f468ba2590a3e7e
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/46159
-rw-r--r--[l---------] | files/apache/git.mlplatform.org.conf | 259 | ||||
-rw-r--r-- | files/apache/review.mlplatform.org.conf | 4 |
2 files changed, 261 insertions, 2 deletions
diff --git a/files/apache/git.mlplatform.org.conf b/files/apache/git.mlplatform.org.conf index f6fbf658..907a5362 120000..100644 --- a/files/apache/git.mlplatform.org.conf +++ b/files/apache/git.mlplatform.org.conf @@ -1 +1,258 @@ -git.linaro.org.conf
\ No newline at end of file +# Managed by ansible, do not edit. +ServerSignature Off +ServerTokens Prod + +<VirtualHost *:80> + ServerName {{ git_host }} + ServerAlias {{ inventory_hostname }} + ServerAdmin webmaster@linaro.org + + CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog + ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log + + DocumentRoot {{ apache_root }}/cgit + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType text/css "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Include /etc/apache2/linaro/headers-http.conf + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=5356800" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + KeepAlive On + KeepAliveTimeout 10 + MaxKeepAliveRequests 150 + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + # Following directives removed from Apache 2.4 + # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging + #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log + #RewriteLogLevel 0 + + AllowEncodedSlashes On + + Include /etc/apache2/linaro/block-refs.conf + + RewriteCond %{REQUEST_URI} ^/jmx-console(.*)$ + RewriteRule ^/(.*)$ - [forbidden,last] + RewriteCond %{REQUEST_URI} ^/GponForm(.*)$ + RewriteRule ^/(.*)$ - [forbidden,last] + RewriteCond %{REQUEST_URI} ^/user(.*)$ + RewriteRule ^/(.*)$ - [forbidden,last] + + RewriteCond %{HTTP_USER_AGENT} !git [nocase] + RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301] + + RewriteCond %{HTTP_USER_AGENT} git [nocase] + RewriteCond %{REQUEST_URI} !^/git/(.*)$ + RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$ + RewriteCond %{REQUEST_URI} !^/git_pulls/(.*)$ + RewriteCond %{REQUEST_URI} !^/logs/(.*)$ + RewriteRule ^/(.*)$ /git/$1 [nosubreq,nocase,passthrough] + # convert old GitWeb links to work in cgit + # we have things in ci and user bookmarks for gitweb URLs to raw file downloads like: + # curl -L http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py + RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301] + # Summary + RewriteCond %{REQUEST_URI} /(.+)/summary [OR] + RewriteCond %{query_string} p=(.+);a=summary + RewriteRule ^/.*$ /%1/? [R,L,NE] + + AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1 + AliasMatch ^/git-http/(.*) {{ repo_root }}/$1 + + AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + + SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog + + AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1 + AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1 + Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz + + ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi + + Include /etc/apache2/linaro/letsencrypt.conf + + <Directory "{{ repo_root }}"> + AllowOverride None + Require all granted + Options +FollowSymLinks -ExecCGI +Indexes + ExpiresActive Off + FileEtag None + Header set Cache-Control "no-cache, no-store, no-transform" + <FilesMatch "\.(bundle)$"> + FileEtag MTime + Header set Cache-Control "no-transform, must-revalidate, max-age=518400" + </FilesMatch> + </Directory> + + Alias /cgit-css "/var/www/cgit/cgit-css/" + ScriptAlias / "{{ apache_root}}/cgit/cgit/" + <Directory "{{ apache_root }}/cgit/"> + AllowOverride None + Options ExecCGI FollowSymlinks + Require all granted + </Directory> +</VirtualHost> + +<VirtualHost *:443> + ServerName {{ git_host }} + ServerAlias {{ inventory_hostname }} + ServerAdmin webmaster@linaro.org + + Include /etc/apache2/linaro/settings-ssl.conf + SSLCertificateFile {{ssl_cert}} + SSLCertificateKeyFile {{ssl_key}} + SSLCACertificateFile {{ssl_ca}} + + CustomLog ${APACHE_LOG_DIR}/{{ git_host }}-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D microseconds" env=!dontlog + ErrorLog ${APACHE_LOG_DIR}/{{ git_host }}-error.log + + DocumentRoot {{ apache_root }}/cgit + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType text/css "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Include /etc/apache2/linaro/headers-https.conf + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=5356800" + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + Header append Vary User-Agent env=!dont-vary + </FilesMatch> + + KeepAlive On + KeepAliveTimeout 9 + MaxKeepAliveRequests 150 + + AllowEncodedSlashes On + + RewriteEngine On + # Following directives removed from Apache 2.4 + # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging + #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log + #RewriteLogLevel 0 + + Include /etc/apache2/linaro/block-refs.conf + + RewriteCond %{HTTP_USER_AGENT} !git [nocase] + RewriteRule ^/gitweb/(.*)$ /$1 [nocase,noescape,redirect=301] + + RewriteCond %{HTTP_USER_AGENT} git [nocase] + RewriteCond %{REQUEST_URI} !^/git/(.*)$ + RewriteCond %{REQUEST_URI} !^/git-ro/(.*)$ + RewriteRule ^/(.*)$ /git/$1 [nocase,noescape,passthrough] + # convert old GitWeb links to work in cgit + # we have things in ci and user bookmarks for gitweb URLs to raw file downloads like: + # curl -L http://git.linaro.org/ci/publishing-api.git/blob_plain/HEAD:/linaro-cp.py + RewriteRule ^/(.*)/blob_plain/HEAD:/(.*)$ $1/plain/$2 [R=301] + # Summary + RewriteCond %{REQUEST_URI} /(.+)/summary [OR] + RewriteCond %{query_string} p=(.+);a=summary + RewriteRule ^/.*$ /%1/? [R,L,NE] + + AliasMatch ^/git-ro/(.*) {{ repo_root }}/$1 + AliasMatch ^/git-http/(.*) {{ repo_root }}/$1 + + AliasMatch ^/git-ro/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + AliasMatch ^/git-http/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + AliasMatch ^/git/(.*)/clone.bundle$ {{ repo_root }}/$1/clone.bundle + Alias /manifest.js.gz {{ repo_root }}/manifest.js.gz + + SetEnvIf User-Agent "Amazon Route 53 Health Check" dontlog + + AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ {{ repo_root }}/$1 + AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ {{ repo_root }}/$1 + + ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi + + Alias /logs "/var/www/logs" + <Directory "/var/www/logs/"> + AllowOverride None + Require all granted + Options -FollowSymLinks -ExecCGI +Indexes + </Directory> + + Alias /git_pulls "/var/www/git_pulls" + <Directory "/var/www/git_pulls/"> + AllowOverride None + Require all granted + Options -FollowSymLinks -ExecCGI +Indexes + </Directory> + + <Directory "{{ repo_root }}/"> + AllowOverride None + Require all granted + Options +FollowSymLinks -ExecCGI +Indexes + ExpiresActive Off + FileEtag None + Header set Cache-Control "no-cache, no-store, no-transform" + <FilesMatch "\.(bundle)$"> + FileEtag MTime + Header set Cache-Control "no-transform, must-revalidate, max-age=518400" + </FilesMatch> + </Directory> + + Alias /cgit-css "/var/www/cgit/cgit-css/" + ScriptAlias / "{{ apache_root}}/cgit/cgit/" + <Directory "{{ apache_root }}/cgit/"> + AllowOverride None + Options ExecCGI FollowSymlinks + Require all granted + </Directory> +</VirtualHost> diff --git a/files/apache/review.mlplatform.org.conf b/files/apache/review.mlplatform.org.conf index 9652d72a..c1ec499f 100644 --- a/files/apache/review.mlplatform.org.conf +++ b/files/apache/review.mlplatform.org.conf @@ -7,9 +7,10 @@ Header set Cache-Control "max-age=86400, public" </FilesMatch> - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{inventory_hostname}}/$1" RewriteEngine On + AllowEncodedSlashes On Include /etc/apache2/linaro/block-refs.conf Include /etc/apache2/linaro/letsencrypt.conf @@ -36,6 +37,7 @@ </FilesMatch> RewriteEngine On + AllowEncodedSlashes On Include /etc/apache2/linaro/block-refs.conf ProxyRequests Off |