Redirect for pkgs

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-12 00:01:10 +00:00 · 2016-12-12 00:01:10 +00:00 · 8f24e63bcb
commit 8f24e63bcb
parent 09b6991fa8
1 changed files with 7 additions and 52 deletions
--- a/roles/distgit/templates/lookaside-upload.conf
+++ b/roles/distgit/templates/lookaside-upload.conf
@ -12,13 +12,17 @@ SSLRandomSeed startup file:/dev/urandom  256
 SSLRandomSeed connect builtin
 SSLCryptoDevice builtin

-# SSL host
+<VirtualHost _default_:80>
+    ServerName pkgs.{{ env_suffix }}fedoraproject.org
+    Redirect "/" "https://src{{ env_suffix }}.fedoraprojet.org/"
+</VirtualHost>
+
 <VirtualHost _default_:443>
    # This alias must come before the /repo/ one to avoid being overridden.
    ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi

    Alias /repo/ /srv/cache/lookaside/
-    ServerName pkgs.fedoraproject.org
+    ServerName pkgs{{ env_suffix }}.fedoraproject.org
    ServerAdmin webmaster@fedoraproject.org

    SSLEngine on
@ -31,56 +35,7 @@ SSLCryptoDevice builtin
    SSLProtocol {{ ssl_protocols }}
    SSLCipherSuite {{ ssl_ciphers }}

-# Must be 'optional' everywhere in order to have POST operations work to upload.cgi
-    SSLVerifyClient optional
-# Must be here for POST operations to upload.cgi
-    SSLOptions +OptRenegotiate
-    ErrorLog logs/ssl_error_log
-    CustomLog logs/ssl_access_log \
-         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{SSL_CLIENT_S_DN_OU}x\" %{SSL_CLIENT_S_DN_CN}x %{SSL_CLIENT_S_DN_emailAddress}x \"%r\" %b"
-
-   <Directory /repo/pkgs/>
-       SSLVerifyClient optional
-       SSLVerifyDepth 1
-       SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
-   </Directory>
-
-   <Location /repo/pkgs/upload.cgi>
-       SSLRequireSSL
-
-       Options +ExecCGI
-
-{% if env == "production" %}
-       SSLVerifyClient optional
-       SSLVerifyDepth 1
-       SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
-{% endif %}
-
-       AuthType GSSAPI
-       GssapiSSLonly On
-       AuthName "GSSAPI Single Sign On Login"
-       GssapiCredStore keytab:/etc/httpd.keytab
-
-{% if env == "production" %}
-       SetEnvIfExpr "%{SSL_CLIENT_S_DN_O} == 'Fedora Project'" cert_s_o_valid
-       SetEnvIfExpr "%{SSL_CLIENT_S_DN_OU} == 'Fedora User Cert'" cert_s_ou_valid
-       SetEnvIfExpr "%{SSL_CLIENT_I_DN_O} == 'Fedora Project'" cert_i_o_valid
-       SetEnvIfExpr "%{SSL_CLIENT_I_DN_OU} == 'Fedora Project CA'" cert_i_ou_valid
-
-       <RequireAny>
-           <RequireAll>
-               Require env cert_s_o_valid
-               Require env cert_s_ou_valid
-               Require env cert_i_o_valid
-               Require env cert_i_ou_valid
-           </RequireAll>
-           Require valid-user
-       </RequireAny>
-{% else %}
-       Require valid-user
-{% endif %}
-    </Location>
-
+    Redirect "/" "https://src{{ env_suffix }}.fedoraprojet.org/"
 </VirtualHost>

 # Allow upload via src