Merge "Add static eavesdrop.openstack.org site"

This commit is contained in:
Zuul 2021-06-03 06:47:47 +00:00 committed by Gerrit Code Review
commit 791d027c64
6 changed files with 62 additions and 0 deletions

View File

@ -23,6 +23,8 @@ letsencrypt_certs:
- docs.openstack.org
static01-docs-starlingx-io:
- docs.starlingx.io
static01-eavesdrop-openstack-org:
- eavesdrop.openstack.org
static01-glance-openstack-org:
- glance.openstack.org
static01-git-airshipit-org:

View File

@ -66,6 +66,9 @@
- name: letsencrypt updated static01-docs-starlingx-io
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-eavesdrop-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated static01-glance-openstack-org
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

View File

@ -0,0 +1,33 @@
<VirtualHost *:80>
ServerName eavesdrop.openstack.org
RewriteEngine On
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
ServerName eavesdrop.openstack.org
SSLCertificateFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/eavesdrop.openstack.org/eavesdrop.openstack.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/eavesdrop.openstack.org/ca.cer
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
RewriteEngine On
RewriteRule ^/(.*) https://meetings.opendev.org/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/eavesdrop.openstack.org_error.log
CustomLog /var/log/apache2/eavesdrop.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>

View File

@ -25,6 +25,12 @@ Define AFS_ROOT /afs/openstack.org/project/meetings.opendev.org
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
ProxyPass "/irclogs" "http://eavesdrop01.openstack.org/irclogs" ttl=120 keepalive=On retry=0
ProxyPassReverse "/irclogs" "http://eavesdrop01.openstack.org/irclogs"
ProxyPass "/meetings" "http://eavesdrop01.openstack.org/meetings" ttl=120 keepalive=On retry=0
ProxyPassReverse "/meetings" "http://eavesdrop01.openstack.org/meetings"
<Directory ${AFS_ROOT}>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch

View File

@ -61,6 +61,16 @@
state: present
name: headers
- name: Proxy module
apache2_module:
state: present
name: proxy
- name: HTTP Proxy module
apache2_module:
state: present
name: proxy_http
- name: Copy apache tuning
copy:
src: apache-connection-tuning
@ -88,6 +98,7 @@
- 50-docs.opendev.org
- 50-docs.openstack.org
- 50-docs.starlingx.io
- 50-eavesdrop.openstack.org
- 50-governance.openstack.org
- 50-glance.openstack.org
- 50-horizon.openstack.org

View File

@ -226,6 +226,13 @@ def test_meetings_opendev_org(host):
'https://meetings.opendev.org/')
assert 'IRC channels and meetings' in cmd.stdout
def test_eavesdrop_openstack_org(host):
cmd = host.run('curl --insecure '
'--resolve eavesdrop.openstack.org:443:127.0.0.1 '
'https://eavesdrop.openstack.org/')
assert '301 Moved Permanently' in cmd.stdout
assert 'https://meetings.opendev.org' in cmd.stdout
ci_redirects = (
('/jenkins-job-builder', 'https://docs.openstack.org/infra/jenkins-job-builder'),
('/nodepool', 'https://docs.openstack.org/infra/nodepool'),