opendev/system-config
Code Issues Proposed changes
Files
e0c34239e044aa229b187eab38096d95bf3e25f2
system-config/playbooks/roles/static/files/50-governance.openstack.org.conf
Clark Boylan 25b08c09a8 Apply UserAgentFilter to every vhost on static 
AI crawlers continue to get more and more aggressive. To ensure that
there are more webserver slots for actual users apply the user agent
filter to every vhost on static.o.o.

Note that at least one vhost already used the ua filter so we don't need
to update config management beyond the vhost configs. The macro is
already installed on static.

Change-Id: I7c377d51f0a89272fd6fadbecc3d7923bba3cfd7
2025-07-22 10:02:55 -07:00

96 lines
2.9 KiB
Plaintext
Raw Blame History

Define AFS_ROOT /afs/openstack.org/project/governance.openstack.org
<VirtualHost *:80>
ServerName governance.openstack.org
RewriteEngine On
Use UserAgentFilter
RewriteRule ^/(.*) https://governance.openstack.org/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/governance.openstack.org_error.log
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName governance.openstack.org
DocumentRoot ${AFS_ROOT}
Use UserAgentFilter
SSLCertificateFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/governance.openstack.org/ca.cer
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
# Alias other folders
Alias "/election/" "${AFS_ROOT}/election/"
Alias "/ideas/" "${AFS_ROOT}/ideas/"
Alias "/sigs/" "${AFS_ROOT}/sigs/"
Alias "/tc/" "${AFS_ROOT}/tc/"
# keep last
Alias "/" "${AFS_ROOT}/governance/"
# Set up redirects
Redirect "/badges/" "/tc/badges/"
Redirect "/goals/" "/tc/goals/"
Redirect "/reference/" "/tc/reference/"
Redirect "/resolutions/" "/tc/resolutions/"
# Redirect all old pages under /uc/ to the TC index page
RedirectMatch "^/uc/.*$" "/tc/index.html"
<Directory ${AFS_ROOT}/election>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
<Directory ${AFS_ROOT}/governance>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
<Directory ${AFS_ROOT}/ideas>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
<Directory ${AFS_ROOT}/sigs>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
<Directory ${AFS_ROOT}/tc>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Require all granted
</Directory>
<Directory ${AFS_ROOT}/badges>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
<IfModule mod_headers.c>
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</IfModule>
ErrorDocument 404 /badges/project-unofficial.svg
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/governance.openstack.org_error.log
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink