From af33336ca9dbd5ff37e28d6f6edabb811986067e Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 22 Jul 2021 09:36:38 -0700 Subject: [PATCH] Serve gating.dev static website Change-Id: I5219656f770842c8b222b6685ae1f0d7126b8065 --- .../host_vars/static01.opendev.org.yaml | 3 ++ .../handlers/main.yaml | 3 ++ .../roles/static/files/50-gating.dev.conf | 50 +++++++++++++++++++ playbooks/roles/static/tasks/main.yaml | 1 + 4 files changed, 57 insertions(+) create mode 100644 playbooks/roles/static/files/50-gating.dev.conf diff --git a/inventory/service/host_vars/static01.opendev.org.yaml b/inventory/service/host_vars/static01.opendev.org.yaml index 93861f73f6..e99a0b890c 100644 --- a/inventory/service/host_vars/static01.opendev.org.yaml +++ b/inventory/service/host_vars/static01.opendev.org.yaml @@ -68,3 +68,6 @@ letsencrypt_certs: - www.zuul-ci.org - zuulci.org - www.zuulci.org + static01-gating-dev: + - gating.dev + - www.gating.dev diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index dc157592c0..efaf253d7a 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -132,6 +132,9 @@ - name: letsencrypt updated static01-zuul-ci-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml +- name: letsencrypt updated static01-gating-dev + include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml + # Grafana - name: letsencrypt updated grafana01-opendev-org-main diff --git a/playbooks/roles/static/files/50-gating.dev.conf b/playbooks/roles/static/files/50-gating.dev.conf new file mode 100644 index 0000000000..c4cdaf19aa --- /dev/null +++ b/playbooks/roles/static/files/50-gating.dev.conf @@ -0,0 +1,50 @@ + + ServerName gating.dev + ServerAlias www.gating.dev + + RewriteEngine on + RewriteRule ^/(.*) https://gating.dev/$1 [last,redirect=permanent] + + ErrorLog /var/log/apache2/gating.dev_error.log + LogLevel warn + CustomLog /var/log/apache2/gating.dev_access.log combined + ServerSignature Off + + + + + ServerName gating.dev + ServerAlias www.gating.dev + + RewriteEngine on + + RewriteCond %{HTTP_HOST} !^gating\.dev [nocase] + RewriteRule ^/(.*) https://gating.dev/$1 [last,redirect=permanent] + + SSLEngine on + SSLProtocol All -SSLv2 -SSLv3 + # Once the machine is using something to terminate TLS that supports ECDHE + # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS + # only is guarenteed. + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP + SSLHonorCipherOrder on + SSLCertificateFile /etc/letsencrypt-certs/gating.dev/gating.dev.cer + SSLCertificateKeyFile /etc/letsencrypt-certs/gating.dev/gating.dev.key + SSLCertificateChainFile /etc/letsencrypt-certs/gating.dev/ca.cer + + DocumentRoot /afs/openstack.org/project/zuul-ci.org/gating.dev/www + + Options Indexes FollowSymLinks MultiViews + Require all granted + AllowOverride None + # Allow mod_rewrite rules + AllowOverrideList Redirect RedirectMatch + ErrorDocument 404 /errorpage.html + + + ErrorLog /var/log/apache2/gating.dev_error.log + LogLevel warn + CustomLog /var/log/apache2/gating.dev_access.log combined + ServerSignature Off + + diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml index d0dab8af65..74eb093b00 100644 --- a/playbooks/roles/static/tasks/main.yaml +++ b/playbooks/roles/static/tasks/main.yaml @@ -99,6 +99,7 @@ - 50-docs.openstack.org - 50-docs.starlingx.io - 50-eavesdrop.openstack.org + - 50-gating.dev - 50-governance.openstack.org - 50-glance.openstack.org - 50-horizon.openstack.org