Add static eavesdrop.openstack.org site
We are trying to replace eavesdrop01.openstack.org The main landing page serves meeting information which has been moved to a static site served from AFS at meeting.opendev.org. Redirect everything to there. The IRC logs are currently still hosted on eavesdrop01, so while we work on migrating these, proxy meeting.opendev.org/<irclogs|meetings> to this server. Note this will be a no-op until we move the DNS, but we should make the eavesdrop acme records before merging. Change-Id: I5c9c23e619dbe930a77f657b5cd6fdd862034301
This commit is contained in:
parent
270daa1b1a
commit
0cfedd2318
@ -23,6 +23,8 @@ letsencrypt_certs:
|
||||
- docs.openstack.org
|
||||
static01-docs-starlingx-io:
|
||||
- docs.starlingx.io
|
||||
static01-eavesdrop-openstack-org:
|
||||
- eavesdrop.openstack.org
|
||||
static01-glance-openstack-org:
|
||||
- glance.openstack.org
|
||||
static01-git-airshipit-org:
|
||||
|
@ -66,6 +66,9 @@
|
||||
- name: letsencrypt updated static01-docs-starlingx-io
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||
|
||||
- name: letsencrypt updated static01-eavesdrop-openstack-org
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||
|
||||
- name: letsencrypt updated static01-glance-openstack-org
|
||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||
|
||||
|
33
playbooks/roles/static/files/50-eavesdrop.openstack.org.conf
Normal file
33
playbooks/roles/static/files/50-eavesdrop.openstack.org.conf
Normal file
@ -0,0 +1,33 @@
|
||||
<VirtualHost *:80>
|
||||
ServerName eavesdrop.openstack.org
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
|
||||
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName eavesdrop.openstack.org
|
||||
|
||||
SSLCertificateFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.cer
|
||||
SSLCertificateKeyFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.key
|
||||
SSLCertificateChainFile /etc/letsencrypt-certs/eavesdrop.openstack.org/ca.cer
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
# Note: this list should ensure ciphers that provide forward secrecy
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
|
||||
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
@ -25,6 +25,12 @@ Define AFS_ROOT /afs/openstack.org/project/meetings.opendev.org
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
ProxyPass "/irclogs" "http://eavesdrop01.openstack.org/irclogs" ttl=120 keepalive=On retry=0
|
||||
ProxyPassReverse "/irclogs" "http://eavesdrop01.openstack.org/irclogs"
|
||||
|
||||
ProxyPass "/meetings" "http://eavesdrop01.openstack.org/meetings" ttl=120 keepalive=On retry=0
|
||||
ProxyPassReverse "/meetings" "http://eavesdrop01.openstack.org/meetings"
|
||||
|
||||
<Directory ${AFS_ROOT}>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
AllowOverrideList Redirect RedirectMatch
|
||||
|
@ -61,6 +61,16 @@
|
||||
state: present
|
||||
name: headers
|
||||
|
||||
- name: Proxy module
|
||||
apache2_module:
|
||||
state: present
|
||||
name: proxy
|
||||
|
||||
- name: HTTP Proxy module
|
||||
apache2_module:
|
||||
state: present
|
||||
name: proxy_http
|
||||
|
||||
- name: Copy apache tuning
|
||||
copy:
|
||||
src: apache-connection-tuning
|
||||
@ -88,6 +98,7 @@
|
||||
- 50-docs.opendev.org
|
||||
- 50-docs.openstack.org
|
||||
- 50-docs.starlingx.io
|
||||
- 50-eavesdrop.openstack.org
|
||||
- 50-governance.openstack.org
|
||||
- 50-glance.openstack.org
|
||||
- 50-horizon.openstack.org
|
||||
|
@ -226,6 +226,13 @@ def test_meetings_opendev_org(host):
|
||||
'https://meetings.opendev.org/')
|
||||
assert 'IRC channels and meetings' in cmd.stdout
|
||||
|
||||
def test_eavesdrop_openstack_org(host):
|
||||
cmd = host.run('curl --insecure '
|
||||
'--resolve eavesdrop.openstack.org:443:127.0.0.1 '
|
||||
'https://eavesdrop.openstack.org/')
|
||||
assert '301 Moved Permanently' in cmd.stdout
|
||||
assert 'https://meetings.opendev.org' in cmd.stdout
|
||||
|
||||
ci_redirects = (
|
||||
('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'),
|
||||
('/nodepool', 'https://docs.openstack.org/infra/nodepool'),
|
||||
|
Loading…
Reference in New Issue
Block a user