Starting a fedora-web/main role.

roles/fedora-web/main/files/deflate.conf

@@ -0,0 +1,29 @@
+LoadModule deflate_module modules/mod_deflate.so
+SetOutputFilter DEFLATE
+
+<Location />
+    # Insert filter
+    SetOutputFilter DEFLATE
+
+    # Netscape 4.x has some problems...
+    BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+    # Netscape 4.06-4.08 have some more problems
+    BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+    # MSIE masquerades as Netscape, but it is fine
+    # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+    # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+    # the above regex won't work. You can use the following
+    # workaround to get the desired effect:
+    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+    # Don't compress images
+    SetEnvIfNoCase Request_URI \
+    \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+    # Make sure proxies don't deliver the wrong content
+    Header append Vary User-Agent env=!dont-vary
+</Location>
+

roles/fedora-web/main/files/expires.conf

@@ -0,0 +1,17 @@
+ExpiresActive On
+ExpiresByType image/png "access plus 1 week"
+ExpiresByType image/gif "access plus 1 week"
+ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
+<Location /static/>
+        ExpiresDefault "access plus 1 week"
+</Location>
+FileETag none
+#
+# We want this file to never cache, it's used to determine if a client is 
+# behind a caching proxy of some kind. 
+# 
+<LocationMatch "/static/hotspot.txt$">
+    Header set Cache-Control "must-revalidate"
+    ExpiresActive On
+    ExpiresDefault "now"
+</LocationMatch>

roles/fedora-web/main/files/fedora-web.conf

@@ -0,0 +1,24 @@
+Alias   /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico
+DocumentRoot /srv/web/fedoraproject.org/
+
+ErrorDocument 404 /e/404
+
+FileETag MTime Size
+
+AddType image/svg+xml .svg
+AddType image/svg+xml .svgz
+AddEncoding gzip .svgz
+<FilesMatch \.svgz$>
+  <IfModule mod_gzip.c>
+    mod_gzip_on No
+  </IfModule>
+</FilesMatch>
+
+<FilesMatch \-webfont>
+  SetEnvIfNoCase Origin "https?://.*\.fedora(project|people|hosted)\.org" ACAO=$0
+  Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO
+</FilesMatch>
+
+<Location /static/checksums/>
+        Options Indexes
+</Location>

roles/fedora-web/main/files/persona.conf

@@ -0,0 +1,5 @@
+Alias /.well-known/browserid /srv/web/browserid.fedoraproject.org
+
+<Location /.well-known/browserid>
+    ForceType application/json
+</Location>

roles/fedora-web/main/files/redirects.conf.prod

@@ -0,0 +1,35 @@
+RewriteEngine On
+
+# TODO: Are these still necessary?
+RewriteRule ^/CodecBuddy http://fedoraproject.org/wiki/CodecBuddy [NC]
+RewriteRule ^/soc.*$ http://fedoraproject.org/wiki/SummerOfCode [R=301,L]
+
+# Legal redirects
+RewriteRule ^/([^/]+/)?legal/licenses/export https://fedoraproject.org/wiki/Legal:Export [R=301,L]
+RewriteRule ^/([^/]+/)?legal/licenses https://fedoraproject.org/wiki/Legal:Licenses/LicenseAgreement [R=301,L]
+RewriteRule ^/([^/]+/)?legal/trademarks http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L]
+RewriteRule ^/([^/]+/)?legal https://fedoraproject.org/wiki/Legal:Main [R=301,L]
+
+# Drop distributed web referrer hits
+RewriteCond %{HTTP_REFERER} ^http://.*/feed/index\.php\?pid2=.*&sid2=.*&mb2=.*&partnerid2=.*&redir=.*&multi=.*&aff_id=.*$
+RewriteCond %{HTTP_REFERER} ^http://playdot.net/.*$
+RewriteRule .* - [F]
+
+# Drop connections from .ru site thats spawning thousands of connections at a time. 
+RewriteCond %{REMOTE_ADDR} ^95\.24\.237\.122$
+RewriteRule .* - [F]
+
+# With f20 we dropped this options link
+RewriteRule  ^(/.*)?/get-fedora-options.*$ $1/get-fedora [R=302]
+
+# Comment this when there is a prerelease available
+#RewriteRule  ^(/.*)?/get-prerelease.*$ $1/get-fedora [R=302]
+#RewriteRule  ^(/.*)?/get-spin-prerelease.*$ $1/get-fedora [R=302]
+
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^/([^/]+/)?(keys|verify)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+
+RewriteCond %{HTTP_REFERER} .*fedorproject.*
+RewriteRule .* http://mmcgrath.fedorapeople.org/spam.html [R=301,L]

roles/fedora-web/main/files/redirects.conf.stg

@@ -0,0 +1,22 @@
+RewriteEngine On
+
+# TODO: Are these still necessary?
+RewriteRule ^/CodecBuddy http://fedoraproject.org/wiki/CodecBuddy [NC]
+RewriteRule ^/soc.*$ http://fedoraproject.org/wiki/SummerOfCode [R=301,L]
+
+# Legal redirects
+RewriteRule ^/([^/]+/)?legal/licenses/export https://fedoraproject.org/wiki/Legal:Export [R=301,L]
+RewriteRule ^/([^/]+/)?legal/licenses https://fedoraproject.org/wiki/Legal:Licenses/LicenseAgreement [R=301,L]
+RewriteRule ^/([^/]+/)?legal/trademarks http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L]
+RewriteRule ^/([^/]+/)?legal https://fedoraproject.org/wiki/Legal:Main [R=301,L]
+
+# Comment this when there is a prerelease available
+#RewriteRule  ^(/.*)?/get-prerelease$ $1/get-fedora [R=302]
+
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^/([^/]+/)?(keys|verify)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+
+RewriteCond %{HTTP_REFERER} .*fedorproject.*
+RewriteRule .* http://mmcgrath.fedorapeople.org/spam.html [R=301,L]

roles/fedora-web/main/tasks/main.yml

@@ -0,0 +1,71 @@
+
+# TODO -- still port this cronjob
+#    cron { "sync-fedora-web":
+#        # TODO: Make add some locking to this.
+#        command => "/usr/bin/rsync --delete -a --no-owner --no-group bapp02::fedoraproject.org/ /srv/web/fedoraproject.org/",
+#        user    => "root",
+#        minute  => 25,
+#    }
+
+- name: Copy some config files for {{website}}
+  copy: >
+    src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
+    owner=root group=root mode=0644
+  with_items:
+  - fedora-web.conf
+  - languages.conf
+  - cache.conf
+  - persona.conf
+  - expires.conf
+  - deflate.conf
+  notify:
+  - restart httpd
+  tags:
+  - fedora-web
+  - fedora-web/main
+
+- name: And one template (for {{website}})
+  template: >
+    src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
+    owner=root group=root mode=0644
+  with_items:
+  - sponsors.conf
+  notify:
+  - restart httpd
+  tags:
+  - fedora-web
+  - fedora-web/main
+
+- name: And, copy over a template for browserid
+  template: >
+    src=browserid.fedoraproject.org dest=/srv/web/browserid.fedoraproject.org
+    owner=root group=root mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - fedora-web
+  - fedora-web/main
+
+# TODO -- turn these into redirects in playbooks/groups/proxies-redirect.yml
+- name: Copy over some miscellaneous redirects (for stg)
+  copy: >
+    src=redirects.conf.stg dest=/etc/httpd/conf.d/{{website}}/redirects.conf
+    owner=root group=root mode=0644
+  when: env == "staging"
+  notify:
+  - restart httpd
+  tags:
+  - fedora-web
+  - fedora-web/main
+
+# TODO -- turn these into redirects in playbooks/groups/proxies-redirect.yml
+- name: Copy over some miscellaneous redirects (for prod) 
+  copy: >
+    src=redirects.conf.prod dest=/etc/httpd/conf.d/{{website}}/redirects.conf
+    owner=root group=root mode=0644
+  when: env != "staging"
+  notify:
+  - restart httpd
+  tags:
+  - fedora-web
+  - fedora-web/main

roles/fedora-web/main/templates/browserid.fedoraproject.org

@@ -0,0 +1,5 @@
+    {% if env == "staging" %}
+        "authority": "id.stg.fedoraproject.org"
+    {% else %}
+        "authority": "id.fedoraproject.org"
+    {% end %}

roles/fedora-web/main/templates/sponsor.conf

@@ -0,0 +1 @@
+Alias /static/js/sponsor.js /srv/web/<%= website %>/static/js/sponsors/<%= sponsor %>.js