Add initial infinote apaache config

roles/infinote/files/infinote.fedoraproject.org.conf

@@ -0,0 +1,97 @@
+Listen 443
+<VirtualHost *:80>
+  ServerName infinote.fedoraproject.org
+  ServerAdmin webmaster@fedoraproject.org
+  TraceEnable Off
+
+  # enable git smart http cloning.
+  SetEnv GIT_PROJECT_ROOT /srv/web/infra/
+  SetEnv GIT_HTTP_EXPORT_ALL
+  ScriptAliasMatch \
+                       "(?x)^/(.*/(HEAD | \
+                                    info/refs | \
+                                    objects/(info/[^/]+ | \
+                                    [0-9a-f]{2}/[0-9a-f]{38} | \
+                                    pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                                    git-(upload|receive)-pack))$" \
+                       /usr/libexec/git-core/git-http-backend/$1
+
+  # 
+  # redirect everyone to use https
+  #
+  # We can't do this until virt-install can handle https 
+
+  RewriteEngine on
+  RewriteCond %{SERVER_PORT} !^443$
+  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
+
+# robots location
+Alias /robots.txt /srv/web/robots.txt.infinote
+
+DocumentRoot /srv/web
+<Directory /srv/web>
+  Options Indexes FollowSymLinks
+  AllowOverride None
+  Require all granted
+</Directory>
+
+# Needed for cgit cgi
+ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+<Directory "/var/www/cgi-bin">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+<Directory "/usr/share/cgit">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+<Directory "/usr/libexec/git-core">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName infinote.fedoraproject.org
+  ServerAdmin webmaster@fedoraproject.org
+
+  # enable git smart http cloning.
+  SetEnv GIT_PROJECT_ROOT /srv/web/infra/
+  SetEnv GIT_HTTP_EXPORT_ALL
+  ScriptAliasMatch \
+                       "(?x)^/(.*/(HEAD | \
+                                    info/refs | \
+                                    objects/(info/[^/]+ | \
+                                    [0-9a-f]{2}/[0-9a-f]{38} | \
+                                    pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                                    git-(upload|receive)-pack))$" \
+                       /usr/libexec/git-core/git-http-backend/$1
+
+  SSLEngine on
+  SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
+
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  SSLHonorCipherOrder On
+
+  # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
+  # If you change the protocols or cipher suites, you should probably update
+  # modules/squid/files/squid.conf-el6 too, to keep it in sync.
+  SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+
+# robots location
+Alias /robots.txt /srv/web/robots.txt.lockbox01
+
+DocumentRoot /srv/web
+<Directory /srv/web>
+  Options Indexes FollowSymLinks
+  AllowOverride None
+  Require all granted
+</Directory>
+</VirtualHost>