opendev/system-config
Code Issues Proposed changes
2c72c8b9e3
system-config/playbooks/roles/static/templates/50-git.conf.j2
Ian Wienand b5266ea20c static: provide git services 
This creates the redirect sites

 git.airshipit.org
 git.openstack.org
 git.starlingx.io
 git.zuul-ci.org

The htaccess rules are put into the main configuration file to avoid
having to create a directory and manage another file.  We use a macro
to duplicate the rules and retain the old semantics of the http site
redirecting directly (as opposed to doing a extra 301 to
https://git.openstack.org first).  This required adding "/" to the "^"
matches as it now runs in VirtualHost context; no functional change is
intended over the old sites.

This will require _acme-challenge CNAMEs to acme.opendev.org before
being merged.

testinfra is updated to exercise some redirects matching against the
results of the extant sites.

Change-Id: Iaa9d5dc2af3f5f8abc11c2312e4308b50f5fcd2b
2020-02-26 12:27:13 +11:00

42 lines
1.1 KiB
Django/Jinja
Executable File
Raw Blame History

#
# This file is generated and managed by Ansible
#
{% include 'git-redirects.conf.j2' %}
##
# vhost configuration
##
<VirtualHost *:80>
ServerName {{ hostname }}
Use GitRedirects
LogLevel warn
ErrorLog /var/log/apache2/{{ hostname }}_error.log
CustomLog /var/log/apache2/{{ hostname }}_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName {{ hostname }}
SSLCertificateFile /etc/letsencrypt-certs/{{ hostname }}/{{ hostname }}.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ hostname }}/{{ hostname }}.key
SSLCertificateChainFile /etc/letsencrypt-certs/{{ hostname }}/ca.cer
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
Use GitRedirects
ErrorLog /var/log/apache2/{{ hostname }}_error.log
CustomLog /var/log/apache2/{{ hostname }}_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
UndefMacro GitRedirects
View Git Blame Copy Permalink