Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/infinote/files/infinote.fedoraproject.org.conf
Kevin Fenzi 57bc056f7e Add initial infinote apaache config
2015-10-13 18:36:59 +00:00

97 lines
3.5 KiB
Text
Raw Blame History

Listen 443
<VirtualHost *:80>
ServerName infinote.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
TraceEnable Off
# enable git smart http cloning.
SetEnv GIT_PROJECT_ROOT /srv/web/infra/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/libexec/git-core/git-http-backend/$1
#
# redirect everyone to use https
#
# We can't do this until virt-install can handle https
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
# robots location
Alias /robots.txt /srv/web/robots.txt.infinote
DocumentRoot /srv/web
<Directory /srv/web>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# Needed for cgit cgi
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<Directory "/usr/share/cgit">
AllowOverride None
Options None
Require all granted
</Directory>
<Directory "/usr/libexec/git-core">
AllowOverride None
Options None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName infinote.fedoraproject.org
ServerAdmin webmaster@fedoraproject.org
# enable git smart http cloning.
SetEnv GIT_PROJECT_ROOT /srv/web/infra/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/libexec/git-core/git-http-backend/$1
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
SSLHonorCipherOrder On
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
# If you change the protocols or cipher suites, you should probably update
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
# robots location
Alias /robots.txt /srv/web/robots.txt.lockbox01
DocumentRoot /srv/web
<Directory /srv/web>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Reference in a new issue View git blame Copy permalink