From 5df3d94fbbfc71b7c3acc0cb57b50fd5cef8c731 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 22 Jun 2015 19:37:52 +0000 Subject: [PATCH] Add first cut at httpd config for people/planet. --- playbooks/groups/people.yml | 14 -- roles/people/files/cgit.conf | 2 + roles/people/files/people.conf | 360 +++++++++++++++++++++++++++++++++ roles/people/files/planet.conf | 80 ++++++++ roles/people/tasks/main.yml | 7 + 5 files changed, 449 insertions(+), 14 deletions(-) create mode 100644 roles/people/files/cgit.conf create mode 100644 roles/people/files/people.conf create mode 100644 roles/people/files/planet.conf diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index e95f92c2bd..255e5d578b 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -96,20 +96,6 @@ - role: httpd/certificate name: planet.fedoraproject.org - - role: httpd/website - name: fedorapeople.org - cert_name: wildcard-2014.fedorapeople.org - server_aliases: - - "*.fedorapeople.org" - - - role: httpd/website - cert_name: planet.fedoraproject.org - name: fedoraplanet.org - - - role: httpd/website - cert_name: planet.fedoraproject.org - name: planet.fedoraproject.org - - people tasks: diff --git a/roles/people/files/cgit.conf b/roles/people/files/cgit.conf new file mode 100644 index 0000000000..791d01bda2 --- /dev/null +++ b/roles/people/files/cgit.conf @@ -0,0 +1,2 @@ +Alias /cgit-data /usr/share/cgit +ScriptAlias /cgit /var/www/cgi-bin/cgit diff --git a/roles/people/files/people.conf b/roles/people/files/people.conf new file mode 100644 index 0000000000..ca107800da --- /dev/null +++ b/roles/people/files/people.conf @@ -0,0 +1,360 @@ +NameVirtualHost *:80 + + + ServerName fedorapeople.org + ServerAlias *.fedorapeople.org + ServerAlias ols.fedoraproject.org + ServerAlias people.fedoraproject.org + ServerAlias people1.fedoraproject.org + + RewriteEngine on + RewriteCond %{SERVER_PORT} !^443$ + RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R] + + +# This is particularly ugly - these have to be updated if the box moves. +NameVirtualHost 152.19.134.196:443 +NameVirtualHost [2610:28:3090:3001:5054:ff:feff:683f]:443 + + + ## + # Domain: people.fedoraproject.org fedorapeople.org + # Owner: admin@fedoraproject.org + # + ServerName fedorapeople.org + ServerAlias *.fedorapeople.org + ServerAlias ols.fedoraproject.org + ServerAlias people.fedoraproject.org + ServerAlias people1.fedoraproject.org + ServerAdmin admin@fedoraproject.org + + DocumentRoot /srv/people + + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.cert + SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedorapeople.org.key + SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert + SSLHonorCipherOrder On + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 + + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" + + LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon + ErrorLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-error.log-%Y-%m-%d 86400 -l" + CustomLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-access.log-%Y-%m-%d 86400 -l" vcommon + + + ExpiresActive On + ExpiresDefault "access plus 5 days" + + + + Options Indexes FollowSymLinks + Require all granted + + + UserDir public_html + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + + Require all granted + + + + Require all granted + + + + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes FollowSymLinks IncludesNoExec + + Require all granted + + + + Require all granted + + + + # uncomment me after the people03 move + Alias /groups /project + + Alias /404Error.html /srv/people/site/404Error.html + ErrorDocument 404 /404Error.html + + RewriteEngine on + RewriteMap lowercase int:tolower + + # redirect all favicons (not just DocRoot-level) to fedoraproject.org + # needs to terminate before other rewrite rules start + RewriteRule /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico [proxy] + + # ols.fedoraproject.org + RewriteCond ${lowercase:%{SERVER_NAME}} ^ols\.fedoraproject\.org$ + #RewriteRule ^(.*)$ /home/fedora/lockhart/proceedings/$1 [L] + # Content moved after lockhart's account was inactive 2011-12-15 + RewriteRule ^(.*)$ /srv/web/ols/proceedings/$1 [L] + + # skvidal lives on in his code + RewriteCond ${lowercase:%{SERVER_NAME}} ^skvidal\.fedorapeople\.org$ + RewriteRule ^(.*)$ /srv/web/skvidal/public_html/$1 [L] + RewriteCond %{REQUEST_URI} /~skvidal/(.*) [OR] + RewriteRule ^/~skvidal/(.*)$ /srv/web/skvidal/public_html/$1 [L] + + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + HeaderName /_defaults/HEADER.shtml + ReadmeName /_defaults/FOOTER.shtml + + IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort + IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble + Require all granted + + + # + # AllowOverride FileInfo AuthConfig Limit Indexes + # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + # + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require all granted + + + # the openstack folks need to symlink to a pkg to work + + Options +FollowSymLinks + Require all granted + + + + + # www.fedorapeople.org + RewriteCond ${lowercase:%{SERVER_NAME}} ^www\.fedorapeople\.org$ + RewriteRule ^/(.*)$ https://fedorapeople.org/$1 [R,L] + # rdo.fedorapeople.org -> repos.fedorapeople.org/repos/openstack + # for the rdo announce day - 2013-04-15 - skvidal + RewriteCond ${lowercase:%{SERVER_NAME}} ^rdo\.fedorapeople\.org$ + RewriteRule ^/(.*)$ https://repos.fedorapeople.org/repos/openstack/$1 [R,L] + + # [username].fedorapeople.org + # directory absolute header/readme path must be relative to document root + # so fake it with an alias chained to a rewrite before the URI rewrite + RewriteRule ^/_defaults/(.*) /_default/$1 [PT] + Alias /_default/ /srv/people/site/userdefs/ + + RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.fedorapeople\.org$ + RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C] + RewriteRule ^([a-z0-9-]+)\.fedorapeople\.org/(.*) /home/fedora/$1/public_html/$2 [L] + + # Use cgit and redirect (some) old gitweb-caching things + RewriteRule ^/cgit-data/(.*)$ /cgit-data/$1 [L,PT] + RewriteRule ^/cgit/(.*)$ /cgit/$1 [L,PT] + + # blob + RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+)/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=blob;h=(.+);hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%3;id2=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=blob;hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE] + + RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+);hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4;id2=%5 [R,L,NE] + + RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4 [R,L,NE] + + # tree + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%4?h=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tree + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/? [R,L,NE] + + # commitdiff + RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=blobdiff;h=(.+);hp=(.+);hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/%6?id2=%4;id=%3;id3=%5 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+);hp=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%4;id2=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%3 [R,L,NE] + + # commit + RewriteCond %{REQUEST_URI} /(.+)(\.git)/commit/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=commit;h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/commit/?id=%3 [R,L,NE] + + # summary + RewriteCond %{REQUEST_URI} /(.+)(\.git)/summary [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=summary + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE] + + # shortlog + RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=shortlog;h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=shortlog + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/? [R,L,NE] + + # log + RewriteCond %{REQUEST_URI} /(.+)(\.git)/log/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=log;h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/log [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=log + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log? [R,L,NE] + + # history + RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%5?id=%4 [R,L,NE] + + RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+);hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4;id2=%5 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE] + + RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE] + + # tag + RewriteCond %{REQUEST_URI} /(.+)(\.git)/tag/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=tag;h=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tag/?id=%3 [R,L,NE] + + # blob_plain + RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+):/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;h=(.+);f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%4?id=%3 [R,L,NE] + + RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+);hb=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3?id2=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3 [R,L,NE] + + # rss|atom + RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom)/refs/heads/(.+) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom);h=refsheads/(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom?h=%4 [R,L,NE] + + RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom? [R,L,NE] + + # snapshot + RewriteCond %{REQUEST_URI} /(.+)(\.git)/snapshot/(.+)(\.tar\.gz|\.tar\.bz2) [OR] + RewriteCond %{query_string} p=(.+)(\.git);a=snapshot;h=(.+);sf=(.+) + RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/snapshot/%3.tar.gz [R,L,NE] + + # Fail safes incase nothing above matches, try at least to put the person in the project + #RewriteCond %{REQUEST_URI} /([^/]+)\.git.* [OR] + #RewriteCond %{query_string} p=(.+)\.git.* + #RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE] + + # Or else in the root of cgit + RewriteRule ^/git/(.+)\.git$ /cgit/$1.git [L,PT] + RewriteRule ^/git/(.*)/$ /cgit/$1.git [L,PT] + RewriteRule ^/git/([^/]*)$ /cgit/$1.git [L,PT] + RewriteRule ^/gitweb /cgit/ [L,PT] + + # for cgit clone repos + RewriteRule ^/gitrepos/(.*)/public_git/(.*)$ /~$1/git/$2 [L,PT] + + + Options IncludesNoExec + + + HeaderName /_defaults/HEADER.shtml + ReadmeName /_defaults/FOOTER.shtml + + IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort + IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble + ServerSignature Off + AddOutputFilter INCLUDES .html + + +LoadModule deflate_module modules/mod_deflate.so +SetOutputFilter DEFLATE + +# need this type +AddType video/webm .webm +AddType text/plain .spec +AddType application/vnd.android.package-archive .apk + + + # Insert filter + SetOutputFilter DEFLATE + + # Netscape 4.x has some problems... + BrowserMatch ^Mozilla/4 gzip-only-text/html + + # Netscape 4.06-4.08 have some more problems + BrowserMatch ^Mozilla/4\.0[678] no-gzip + + # MSIE masquerades as Netscape, but it is fine + # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 + # the above regex won't work. You can use the following + # workaround to get the desired effect: + BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html + + # Don't compress images or already compressed files. + SetEnvIfNoCase Request_URI \ + \.(?:gif|jpe?g|png|gz|bz2|tgz|xz|iso|rpm|sqlite|pdf)$ no-gzip dont-vary + + # Make sure proxies don't deliver the wrong content + Header append Vary User-Agent env=!dont-vary + + + + Header set Cache-Control "must-revalidate" + ExpiresActive On + ExpiresDefault "now" + + +FileETag MTime Size diff --git a/roles/people/files/planet.conf b/roles/people/files/planet.conf new file mode 100644 index 0000000000..5aeaeb89c5 --- /dev/null +++ b/roles/people/files/planet.conf @@ -0,0 +1,80 @@ + + ## + # Domain: planet.fedoraproject.org + # Owner: admin@fedoraproject.org + # + ServerAdmin admin@fedoraproject.org + ServerName planet.fedoraproject.org + ServerName fedoraplanet.org + + DocumentRoot "/srv/planet/site/" + + ErrorLog logs/planet-error.log + CustomLog logs/planet.fedoraproject.org-access.log common + + UserDir disable + AddCharset UTF-8 .xml + + + ExpiresActive On + ExpiresDefault "access plus 5 days" + + + + ExpiresActive On + ExpiresDefault "access plus 5 days" + + + + Options Indexes FollowSymLinks + + + RedirectMatch 301 /favicon\.ico$ http://fedoraproject.org/static/images/favicon.ico + Redirect /ldc http://fedoraldc.wordpress.com/feed/ + Alias /justfedora /srv/planet/site/edited + + + + ## + # Domain: planet.fedoraproject.org + # Owner: admin@fedoraproject.org + # + ServerAdmin admin@fedoraproject.org + ServerName planet.fedoraproject.org + ServerName fedoraplanet.org + + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/planet.fedoraproject.org.cert + SSLCertificateKeyFile /etc/pki/tls/private/planet.fedoraproject.org.key + SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert + SSLHonorCipherOrder On + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 + + DocumentRoot "/srv/planet/site/" + + ErrorLog logs/planet-error.log + CustomLog logs/planet.fedoraproject.org-access.log common + + UserDir disable + AddCharset UTF-8 .xml + + + ExpiresActive On + ExpiresDefault "access plus 5 days" + + + + ExpiresActive On + ExpiresDefault "access plus 5 days" + + + + Options Indexes FollowSymLinks + + + RedirectMatch 301 /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico + Redirect /ldc http://fedoraldc.wordpress.com/feed/ + Alias /justfedora /srv/planet/site/edited + + diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml index b6aa04f536..9d2e3cba24 100644 --- a/roles/people/tasks/main.yml +++ b/roles/people/tasks/main.yml @@ -16,6 +16,13 @@ tags: - packages +- name: install httpd config + copy: src={{item}} dest=/etc/httpd/conf.d/{{item}} + with_items: + - cgit.conf + - people.conf + - planet.conf + - name: set selinux booleans needed for people seboolean: name=httpd_enable_homedirs state=true persistent=true with_items: