Listen 443
ServerName infinote.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
TraceEnable Off
# enable git smart http cloning.
SetEnv GIT_PROJECT_ROOT /srv/web/infra/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/libexec/git-core/git-http-backend/$1
#
# redirect everyone to use https
#
# We can't do this until virt-install can handle https
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
# robots location
Alias /robots.txt /srv/web/robots.txt.infinote
DocumentRoot /srv/web
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
# Needed for cgit cgi
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AllowOverride None
Options None
Require all granted
AllowOverride None
Options None
Require all granted
AllowOverride None
Options None
Require all granted
ServerName infinote.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
# enable git smart http cloning.
SetEnv GIT_PROJECT_ROOT /srv/web/infra/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/libexec/git-core/git-http-backend/$1
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
SSLHonorCipherOrder On
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
# If you change the protocols or cipher suites, you should probably update
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
# robots location
Alias /robots.txt /srv/web/robots.txt.lockbox01
DocumentRoot /srv/web
Options Indexes FollowSymLinks
AllowOverride None
Require all granted