diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2023-11-19 21:54:54 -0600 |
---|---|---|
committer | Benjamin Copeland <ben.copeland@linaro.org> | 2023-11-20 09:15:24 +0000 |
commit | b373c97a099fe95d7ab3ad361c8c338a537d3e81 (patch) | |
tree | 98faf858b8759b8a2d2ddb56948dd69d8d217368 | |
parent | 804126886f844ed0c3b221a691512fe2644cbb34 (diff) |
apache: remove configs for sites we no longer have
Let's remove some of the apache configs for sites we're
no longer deploying.
Change-Id: I640b97c3c65f347e0a6cab7f0f592a9730f10d90
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/46190
Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
-rw-r--r-- | files/apache/lhg-review.linaro.org.conf | 113 | ||||
-rw-r--r-- | files/apache/monitoring-dashboard-private.conf | 56 | ||||
-rw-r--r-- | files/apache/monitoring-dashboard-public.conf | 36 | ||||
-rw-r--r-- | files/fossology/fossology.linaro.org.conf | 52 | ||||
-rw-r--r-- | files/gerrit/lhg-review.linaro.org | 90 |
5 files changed, 0 insertions, 347 deletions
diff --git a/files/apache/lhg-review.linaro.org.conf b/files/apache/lhg-review.linaro.org.conf deleted file mode 100644 index d783b1eb..00000000 --- a/files/apache/lhg-review.linaro.org.conf +++ /dev/null @@ -1,113 +0,0 @@ -# Managed by ansible, do not edit. -ServerSignature Off -ServerTokens Prod - -LDAPCacheEntries 2048 -LDAPCacheTTL 36000 -LDAPOpCacheEntries 1024 -LDAPOpCacheTTL 36000 - -<VirtualHost *:80> - ServerName {{ gerrit_host }} - ServerAdmin webmaster@linaro.org - - {% if ssl_cert is defined -%} - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{gerrit_host}}/$1" - {%- else %} - CustomLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-access.log combined - ErrorLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-error.log - LogLevel warn - - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - - DocumentRoot /srv/gerrit - - DefineExternalGroup linaro-groups pipe /usr/local/bin/grpcheck.cgi - <Location "/"> - - AuthType Basic - AuthName "{{ host_site_name }}" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://login.linaro.org/ou=accounts,dc=linaro,dc=org?mail,uid?sub" - AuthLDAPBindDN "{{ apache_ldap_bind }}" - AuthLDAPBindPassword {{ apache_ldap_bind_pwd }} - AuthLDAPRemoteUserAttribute uid - GroupExternal linaro-groups - <RequireAll> - Require valid-user - Require external-group {{ security_groups }} - </RequireAll> - </Location> - - ProxyRequests Off - ProxyVia Off - ProxyPreserveHost On - <Proxy *> - Require all granted - </Proxy> - AllowEncodedSlashes On - ProxyPass / http://127.0.0.1:8081/ nocanon - {% endif %} - - Include /etc/apache2/linaro/letsencrypt.conf -</VirtualHost> - -{% if ssl_cert is defined %} -<VirtualHost *:443> - ServerName {{ gerrit_host }} - ServerAdmin webmaster@linaro.org - - Include /etc/apache2/linaro/settings-ssl.conf - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} - {% if ssl_ca is defined -%} - SSLCACertificateFile {{ssl_ca}} - {%- endif %} - - CustomLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-access.log combined - ErrorLog ${APACHE_LOG_DIR}/{{ gerrit_host }}-error.log - LogLevel warn - - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - - DocumentRoot /srv/gerrit - - DefineExternalGroup linaro-groups pipe /usr/local/bin/grpcheck.cgi - <Location "/"> - - AuthType Basic - AuthName "{{ host_site_name }}" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://login.linaro.org/ou=accounts,dc=linaro,dc=org?mail,uid?sub" - AuthLDAPBindDN "{{ apache_ldap_bind }}" - AuthLDAPBindPassword {{ apache_ldap_bind_pwd }} - AuthLDAPRemoteUserAttribute uid - GroupExternal linaro-groups - <RequireAll> - Require valid-user - Require external-group {{ security_groups }} - </RequireAll> - </Location> - - RewriteEngine On - RewriteCond %{HTTP_COOKIE} !\bGerritAccount\b - RewriteCond %{REQUEST_URI} /c/ - RewriteCond %{REQUEST_URI} !/login - RewriteRule "/c/(.*)$" "/login//c/$1" [R] - - ProxyRequests Off - ProxyVia Off - ProxyPreserveHost On - <Proxy *> - Require all granted - </Proxy> - AllowEncodedSlashes On - ProxyPass / http://127.0.0.1:8081/ nocanon -</VirtualHost> -{% endif %} diff --git a/files/apache/monitoring-dashboard-private.conf b/files/apache/monitoring-dashboard-private.conf deleted file mode 100644 index 982a9532..00000000 --- a/files/apache/monitoring-dashboard-private.conf +++ /dev/null @@ -1,56 +0,0 @@ -<VirtualHost *:80> - ServerName {{inventory_hostname}} - ServerAlias {{inventory_hostname}} - CustomLog /var/log/apache2/{{inventory_hostname}}.access.log combined - ErrorLog /var/log/apache2/{{inventory_hostname}}.error.log - - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - Include /etc/apache2/linaro/headers-http.conf - - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{inventory_hostname}}/$1" - Include /etc/apache2/linaro/letsencrypt.conf -</VirtualHost> - -<VirtualHost _default_:443> - ServerName {{inventory_hostname}} - ServerAlias {{inventory_hostname}} - ErrorLog /var/log/apache2/{{inventory_hostname}}-error.log - CustomLog /var/log/apache2/{{inventory_hostname}}-access.log combined - - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - Include /etc/apache2/linaro/headers-http.conf - - ProxyPass / http://{{docker_container_name_kibiter}}:5601/ - ProxyPassReverse / http://{{docker_container_name_kibiter}}:5601/ - - Include /etc/apache2/linaro/settings-ssl.conf - - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} - SSLCACertificateFile {{ssl_ca}} - - <Location "/"> - AuthType Basic - AuthName "{{ inventory_hostname }}" - AuthBasicProvider ldap - - AuthLDAPUrl "{{ apache_ldap_url }}" - AuthLDAPBindDN "{{ apache_ldap_bind }}" - AuthLDAPBindPassword {{ apache_ldap_bind_pwd }} - AuthLDAPRemoteUserAttribute uid - - <RequireAll> - Require valid-user - <RequireAny> - Require ldap-group cn=employees,ou=mailing,ou=groups,dc=linaro,dc=org - Require ldap-group cn=assignees,ou=mailing,ou=groups,dc=linaro,dc=org - </RequireAny> - </RequireAll> - </Location> - -</VirtualHost> diff --git a/files/apache/monitoring-dashboard-public.conf b/files/apache/monitoring-dashboard-public.conf deleted file mode 100644 index 8baba07d..00000000 --- a/files/apache/monitoring-dashboard-public.conf +++ /dev/null @@ -1,36 +0,0 @@ -<VirtualHost *:80> - ServerName {{inventory_hostname}} - ServerAlias {{inventory_hostname}} - CustomLog /var/log/apache2/{{inventory_hostname}}.access.log combined - ErrorLog /var/log/apache2/{{inventory_hostname}}.error.log - - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - Include /etc/apache2/linaro/headers-http.conf - - RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{inventory_hostname}}/$1" - Include /etc/apache2/linaro/letsencrypt.conf -</VirtualHost> - -<VirtualHost _default_:443> - ServerName {{inventory_hostname}} - ServerAlias {{inventory_hostname}} - ErrorLog /var/log/apache2/{{inventory_hostname}}-error.log - CustomLog /var/log/apache2/{{inventory_hostname}}-access.log combined - - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - Include /etc/apache2/linaro/headers-https.conf - - ProxyPass / http://{{docker_container_name_kibiter}}:5601/ - ProxyPassReverse / http://{{docker_container_name_kibiter}}:5601/ - - Include /etc/apache2/linaro/settings-ssl.conf - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} - SSLCACertificateFile {{ssl_ca}} -</VirtualHost> diff --git a/files/fossology/fossology.linaro.org.conf b/files/fossology/fossology.linaro.org.conf deleted file mode 100644 index 24d3a5fb..00000000 --- a/files/fossology/fossology.linaro.org.conf +++ /dev/null @@ -1,52 +0,0 @@ -<VirtualHost *:80> - ServerAdmin webmaster@localhost - ServerName {{inventory_hostname}} - <Proxy "*"> - Allow from all - </Proxy> - ProxyPreserveHost on - ProxyPass /.well-known/acme-challenge/ ! - ProxyPass / http://localhost:{{docker_port}}/ - - Include /etc/apache2/linaro/headers-http.conf - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - - RewriteEngine on - ReWriteCond %{SERVER_PORT} !^443$ - RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.*$ - RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] - - Include /etc/apache2/linaro/letsencrypt.conf -</VirtualHost> - -<VirtualHost *:443> - ServerAdmin webmaster@localhost - ServerName {{inventory_hostname}} - <Proxy "*"> - Allow from all - </Proxy> - - # Compatibility redirect for ci.linaro.org - <LocationMatch "^/$"> - Redirect permanent "/" "/repo/" - </LocationMatch> - - AllowEncodedSlashes NoDecode - ProxyPreserveHost off - # Note: Jenkins and Apache URL prefixes must match - ProxyPass / http://localhost:{{docker_port}}/ nocanon - ProxyPassReverse / http://localhost:{{docker_port}}/ - - Include /etc/apache2/linaro/headers-https.conf - Header set Cache-Control private - <FilesMatch ".(jpg|jpeg|png|gif|ico)$"> - Header set Cache-Control "max-age=86400, public" - </FilesMatch> - - Include /etc/apache2/linaro/settings-ssl.conf - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} -</VirtualHost> diff --git a/files/gerrit/lhg-review.linaro.org b/files/gerrit/lhg-review.linaro.org deleted file mode 100644 index d1032d8f..00000000 --- a/files/gerrit/lhg-review.linaro.org +++ /dev/null @@ -1,90 +0,0 @@ -[gerrit] - basePath = /srv/repositories - canonicalWebUrl = https://lhg-review.linaro.org/ - serverId = {{gerrit_config_server_id}} -[database] - type = postgresql - hostname = localhost - database = reviewdb - username = lhg -[auth] - type = HTTP_LDAP - logoutUrl = https://login.linaro.org - cookieSecure = true -[ldap] - server = ldaps://login.linaro.org - username = cn=rhodecode,ou=binders,dc=linaro,dc=org - accountBase = ou=accounts,dc=linaro,dc=org - groupBase = ou=security,ou=groups,dc=linaro,dc=org - referral = follow - accountPattern = (mail=${username}) - accountSshUserName = uid - accountEmailAddress = mail - accountFullName = displayName - groupScope = subtree - groupMemberPattern = (|(memberUid=${uid})(gidNumber=${gidNumber})) -[sendemail] - smtpServer = localhost - expiryDays = 15 - includeDiff = true - maximumDiffSize = 512k - replyToAddress = review@lhg-review.linaro.org -{% if gerrit_config_dovecot_user is defined and gerrit_config_dovecot_password is defined %} -[receiveemail] - protocol = IMAP - host = localhost - username = {{ gerrit_config_dovecot_user }} -{% endif %} -[container] - user = git - javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre - heapLimit = {{ gerrit_mem }} - javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" - javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" -[sshd] - listenAddress = *:29418 - idleTimeout = 5 min - backend = NIO2 - loginGraceTime = 1 min - batchThreads = 4 - maxAuthTries = 4 -[httpd] - listenUrl = proxy-https://*:8081/ -[cache] - directory = cache -[cache "web_session"] - maxAge = 2 weeks -[cache "ldap_groups"] - maxAge = 2 hours -[commentlink "bugzilla"] - match = "(bug\\s+#?)(\\d+)" - link = https://bugs.linaro.org/show_bug.cgi?id=$2 -[download] - scheme = ssh -[theme] - selectionColor = FFFEAE -[user] - name = Linaro Private Code Review - email = review@lhg-review.linaro.org -[core] - packedGitLimit = 1000m - streamFileThreshold = 512m -[gitweb] - type = gitweb - cgi = /usr/share/gitweb/gitweb.cgi - revision = "?p=${project}.git;a=commitdiff;h=${commit}" - linkDrafts = false -[site] - enableDeprecatedQuery = false -[commitmessage] - maxSubjectLength = 70 - maxLineLength = 80 - rejectTooLong = false -[index] - type = LUCENE -[noteDb "changes"] - autoMigrate = true -[change] - allowDrafts = true -[receive] - enableSignedPush = false |