diff --git a/playbooks/roles/static/files/00-static.opendev.org.conf b/playbooks/roles/static/files/00-static.opendev.org.conf
new file mode 100755
index 0000000000..4859396033
--- /dev/null
+++ b/playbooks/roles/static/files/00-static.opendev.org.conf
@@ -0,0 +1,43 @@
+Define AFS_ROOT /afs/openstack.org/
+
+
+ ServerName static.opendev.org
+ ServerAlias static.openstack.org
+ RewriteEngine On
+ RewriteRule ^/(.*) https://static.opendev.org/$1 [last,redirect=permanent]
+ LogLevel warn
+ ErrorLog /var/log/apache2/static.opendev.org_error.log
+ CustomLog /var/log/apache2/static.opendev.org_access.log combined
+ ServerSignature Off
+
+
+
+
+
+ ServerName static.opendev.org
+ ServerAlias static.openstack.org
+
+ DocumentRoot ${AFS_ROOT}
+
+ SSLCertificateFile /etc/letsencrypt-certs/static.opendev.org/static.opendev.org.cer
+ SSLCertificateKeyFile /etc/letsencrypt-certs/static.opendev.org/static.opendev.org.key
+ SSLCertificateChainFile /etc/letsencrypt-certs/static.opendev.org/ca.cer
+ SSLProtocol All -SSLv2 -SSLv3
+ # Note: this list should ensure ciphers that provide forward secrecy
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
+ SSLHonorCipherOrder on
+
+
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverrideList Redirect RedirectMatch
+ Satisfy Any
+ Require all granted
+
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/static.opendev.org_error.log
+ CustomLog /var/log/apache2/static.opendev.org_access.log combined
+ ServerSignature Off
+
+
+
diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml
index 472bc85829..7da1063217 100644
--- a/playbooks/roles/static/tasks/main.yaml
+++ b/playbooks/roles/static/tasks/main.yaml
@@ -50,11 +50,28 @@
state: present
name: headers
-- name: Make sure default site disabled
+
+# Default site
+- name: Make sure packaged default site disabled
command: a2dissite 000-default.conf
args:
removes: /etc/apache2/sites-enabled/000-default.conf
+- name: Add custom default site
+ copy:
+ src: 00-static.opendev.org.conf
+ dest: /etc/apache2/sites-available/
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Enable static.opendev.org
+ command: a2ensite 00-static.opendev.org
+ args:
+ creates: /etc/apache2/sites-enabled/00-static.opendev.org
+ notify:
+ - Reload apache2
+
# governance.openstack.org
- name: Install governance.openstack.org
copy:
diff --git a/testinfra/test_static.py b/testinfra/test_static.py
index 63a5bc5f63..d60c9432a6 100644
--- a/testinfra/test_static.py
+++ b/testinfra/test_static.py
@@ -20,6 +20,12 @@ def test_apache(host):
apache = host.service('apache2')
assert apache.is_running
+def test_static_opendev_org(host):
+ cmd = host.run('curl --insecure '
+ '--resolve static.opendev.org:443:127.0.0.1 '
+ 'https://static.opendev.org/')
+ assert 'Index of /' in cmd.stdout
+
def test_governance_openstack_org(host):
cmd = host.run('curl --insecure '
'--resolve governance.openstack.org:443:127.0.0.1 '