infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/playbooks/include/proxies-websites.yml
Kevin Fenzi d366194a22 module-build-service (mbs): retire service 
With the EOL of Fedora 38 yesterday, we are no longer building any
modules and can retire our module build service.

Note that toddlers needs to be adjusted still, that will happen after
this.

Thanks for all the modules!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-05-22 13:38:53 -07:00

1181 lines
31 KiB
YAML
Raw Blame History

- name: Set up those proxy websites. My, my..
hosts: proxies_stg:proxies
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
tasks:
- name: Create /srv/web/ for all the goodies.
file: dest=/srv/web state=directory owner=root group=root mode=0755
tags:
- httpd
- httpd/website
- name: check the selinux context of webdir
command: matchpathcon /srv/web
register: webdir
check_mode: no
changed_when: "1 != 1"
tags:
- config
- selinux
- httpd
- httpd/website
- name: /srv/web file contexts
command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
when: webdir.stdout.find('httpd_sys_content_t') == -1
tags:
- config
- selinux
- httpd
- httpd/website
roles:
- role: httpd/website
site_name: fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
server_aliases:
- stg.fedoraproject.org
- localhost
- www.fedoraproject.org
- hotspot-nocache.fedoraproject.org
# This is for all the other domains we own
# that redirect to https://fedoraproject.org
- role: httpd/website
site_name: fedoraproject.com
cert_name: "{{wildcard_cert_name}}"
server_aliases:
- epel.io
- fedp.org
- fedora.asia
- fedora.com.my
- fedora.cr
- fedora.events
- fedora.me
- fedora.mobi
- fedora.my
- fedora.org
- fedora.org.cn
- fedora.pe
- fedora.pt
- fedora.redhat.com
- fedora.software
- fedora.tk
- fedora.us
- fedora.wiki
- fedoralinux.com
- fedoralinux.net
- fedoralinux.org
- fedoraproject.asia
- fedoraproject.cn
- fedoraproject.co.uk
- fedoraproject.com
- fedoraproject.com.cn
- fedoraproject.com.gr
- fedoraproject.com.my
- fedoraproject.cz
- fedoraproject.eu
- fedoraproject.gr
- fedoraproject.info
- fedoraproject.net
- fedoraproject.net.cn
- fedoraproject.org.uk
- fedoraproject.pe
- fedoraproject.su
- projectofedora.org
- proyectofedora.org
- www.fedora.asia
- www.fedora.com.my
- www.fedora.cr
- www.fedora.events
- www.fedora.me
- www.fedora.mobi
- www.fedora.org
- www.fedora.org.cn
- www.fedora.pe
- www.fedora.pt
- www.fedora.redhat.com
- www.fedora.software
- www.fedora.tk
- www.fedora.us
- www.fedora.wiki
- www.fedoralinux.com
- www.fedoralinux.net
- www.fedoralinux.org
- www.fedoraproject.asia
- www.fedoraproject.cn
- www.fedoraproject.co.uk
- www.fedoraproject.com
- www.fedoraproject.com.cn
- www.fedoraproject.com.gr
- www.fedoraproject.com.my
- www.fedoraproject.cz
- www.fedoraproject.eu
- www.fedoraproject.gr
- www.fedoraproject.info
- www.fedoraproject.net
- www.fedoraproject.net.cn
- www.fedoraproject.org.uk
- www.fedoraproject.pe
- www.fedoraproject.su
- www.projectofedora.org
- www.getfedora.com
- getfedora.com
- fedoraplayground.org
- fedoraplayground.com
- role: httpd/website
site_name: admin.fedoraproject.org
server_aliases: [admin.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: cloud.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: mirrors.fedoraproject.org
server_aliases:
- mirrors.stg.fedoraproject.org
- fedoramirror.net
- www.fedoramirror.net
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: mirrors.centos.org
sslonly: true
certbot: true
tags: mirrors.centos.org
when: env != "staging"
- role: httpd/website
site_name: mirrors.stg.centos.org
sslonly: true
certbot: true
tags: mirrors.stg.centos.org
when: env == "staging"
- role: httpd/website
site_name: src.fedoraproject.org
server_aliases: [src.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
sslonly: true
use_h2: true
tags: src.fedoraproject.org
- role: httpd/website
site_name: download.fedoraproject.org
server_aliases:
- download01.fedoraproject.org
- download02.fedoraproject.org
- download03.fedoraproject.org
- download04.fedoraproject.org
- download05.fedoraproject.org
- download06.fedoraproject.org
- download07.fedoraproject.org
- download08.fedoraproject.org
- download09.fedoraproject.org
- download10.fedoraproject.org
- download.stg.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: translate.fedoraproject.org
server_aliases: [translate.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: pki.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: spins.fedoraproject.org
server_aliases:
- spins.stg.fedoraproject.org
- spins-test.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: labs.fedoraproject.org
server_aliases:
- labs.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: arm.fedoraproject.org
server_aliases:
- arm.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: iot.fedoraproject.org
server_aliases:
- iot.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: budget.fedoraproject.org
server_aliases:
- budget.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: boot.fedoraproject.org
server_aliases: [boot.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: keys.fedoraproject.org
server_aliases: [keys.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: testdays.fedoraproject.org
server_aliases: [testdays.qa.fedoraproject.org, testdays.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: testdays
- role: httpd/website
site_name: packager-dashboard.fedoraproject.org
server_aliases: [packager-dashboard.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: packager-dashboard
- role: httpd/website
site_name: smolts.org
ssl: false
server_aliases:
- smolt.fedoraproject.org
- stg.smolts.org
- www.smolts.org
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: docs.fedoraproject.org
server_aliases:
- doc.fedoraproject.org
- docs.stg.fedoraproject.org
sslonly: true
gzip: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: bodhi.fedoraproject.org
sslonly: true
server_aliases: [bodhi.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: "accounts{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- noggin
- role: httpd/website
site_name: "fasjson{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- fasjson
- role: httpd/website
site_name: "coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: true
tags:
- coreos.fedoraproject.org
when: env == "staging"
- role: httpd/website
site_name: "updates.coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/website
site_name: "status.updates.coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: true
tags:
- status.updates.coreos.fedoraproject.org
- role: httpd/website
site_name: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: true
tags:
- raw-updates.coreos.fedoraproject.org
- role: httpd/website
site_name: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: true
tags:
- status.raw-updates.coreos.fedoraproject.org
- role: httpd/website
site_name: "builds.coreos{{ env_suffix }}.fedoraproject.org"
sslonly: true
certbot: false
cert_name: "{{wildcard_cert_name}}"
tags:
- builds.coreos.fedoraproject.org
- role: httpd/website
site_name: caiapi.fedoraproject.org
sslonly: true
server_aliases: [caiapi.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: caiapi
when: env == "staging"
- role: httpd/website
site_name: ostree.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: ostree
- role: httpd/website
site_name: flocktofedora.org
server_aliases:
- flocktofedora.org
- www.flocktofedora.org
ssl: true
sslonly: true
certbot: true
when: env == "production"
tags:
- flocktofedora.org
- role: httpd/website
site_name: flocktofedora.net
server_aliases:
- flocktofedora.com
- www.flocktofedora.net
- www.flocktofedora.com
ssl: false
- role: httpd/website
site_name: fedora.my
server_aliases:
- fedora.my
ssl: false
- role: httpd/website
site_name: copr.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: copr
- role: httpd/website
site_name: bugz.fedoraproject.org
server_aliases: [bugz.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: fas.fedoraproject.org
server_aliases:
- fas.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: fedoracommunity.org
server_aliases:
- www.fedoracommunity.org
- stg.fedoracommunity.org
# - fedoraproject.community
# - fedora.community
# - www.fedora.community
# - www.fedoraproject.community
sslonly: true
certbot: true
tags: fedoracommunity
- role: httpd/website
site_name: get.fedoraproject.org
server_aliases: [get.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: help.fedoraproject.org
server_aliases: [help.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: it.fedoracommunity.org
server_aliases: [it.fedoracommunity.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: uk.fedoracommunity.org
server_aliases:
- uk.fedoracommunity.org
- www.uk.fedoracommunity.org
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: tw.fedoracommunity.org
server_aliases:
- tw.fedoracommunity.org
- www.tw.fedoracommunity.org
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: people.fedoraproject.org
server_aliases: [people.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: join.fedoraproject.org
server_aliases: [join.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: l10n.fedoraproject.org
server_aliases: [l10n.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: start.fedoraproject.org
server_aliases: [start.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- start.fedoraproject.org
- role: httpd/website
site_name: kde.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: nightly.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: store.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: port389.org
server_aliases:
- www.port389.org
- 389tcp.org
- www.389tcp.org
ssl: false
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: transtats.fedoraproject.org
sslonly: true
server_aliases: [transtats.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags:
- transtats
- role: httpd/website
site_name: whatcanidoforfedora.org
server_aliases:
- www.whatcanidoforfedora.org
- stg.whatcanidoforfedora.org
ssl: true
sslonly: true
certbot: true
tags:
- whatcanidoforfedora.org
- role: httpd/website
site_name: k12linux.org
server_aliases:
- www.k12linux.org
ssl: false
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: fonts.fedoraproject.org
server_aliases: [fonts.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: meetbot.fedoraproject.org
server_aliases: [meetbot.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: meetbot-raw.fedoraproject.org
server_aliases: [meetbot-raw.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: fudcon.fedoraproject.org
server_aliases: [fudcon.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: ask.fedoraproject.org
server_aliases: [ask.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: askbot.fedoraproject.org
server_aliases: [askbot.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: badges.fedoraproject.org
server_aliases: [badges.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- badges
- role: httpd/website
site_name: paste.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: coreos.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "production"
tags:
- coreos.fedoraproject.org
- role: httpd/website
site_name: awx.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- awx
#
# Make a website here so we can redirect it to paste.fedoraproject.org
#
# - role: httpd/website
# site_name: fpaste.org
# certbot: true
# server_aliases:
# - www.fpaste.org
# tags:
# - fpaste.org
# when: env == "production"
- role: httpd/website
site_name: koji.fedoraproject.org
sslonly: true
server_aliases:
- koji.stg.fedoraproject.org
- kojipkgs.stg.fedoraproject.org
- buildsys.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: kojipkgs.fedoraproject.org
sslonly: true
server_aliases:
- kojipkgs01.fedoraproject.org
- kojipkgs02.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
use_h2: false
tags:
- kojipkgs.fedoraproject.org
- role: httpd/website
site_name: apps.fedoraproject.org
server_aliases: [apps.stg.fedoraproject.org]
sslonly: true
gzip: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: "notifications{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- fmn
- role: httpd/website
site_name: pdc.fedoraproject.org
server_aliases: [pdc.stg.fedoraproject.org]
sslonly: true
gzip: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: developer.fedoraproject.org
server_aliases: [developer.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
# This is just a redirect to developer, to make it easier for people to get
# here from Red Hat's developers.redhat.com (ticket #5216).
- role: httpd/website
site_name: developers.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: fedoraloveskde.org
server_aliases: [stg.fedoraloveskde.org]
sslonly: true
certbot: true
tags:
- fedoraloveskde
- role: httpd/website
site_name: "provision{{ env_suffix }}.fedoraproject.org"
# Zezere needs non-HTTPS for netboot
sslonly: false
cert_name: "{{wildcard_cert_name}}"
tags:
- zezere
- role: httpd/website
site_name: ocp.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- ocp.stg.fedoraproject.org
when: env == "staging"
- role: httpd/website
site_name: apps.ocp.stg.fedoraproject.org
server_aliases: ["*.apps.ocp.stg.fedoraproject.org", api.apps.ocp.stg.fedoraproject.org]
sslonly: true
cert_name: "{{ocp_wildcard_cert_name}}"
SSLCertificateChainFile: "{{ocp_wildcard_int_file}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- apps.ocp.stg.fedoraproject.org
when: env == "staging"
- role: httpd/website
site_name: ocp.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- ocp.fedoraproject.org
when: env == "production"
- role: httpd/website
site_name: apps.ocp.fedoraproject.org
server_aliases: ["*.apps.ocp.fedoraproject.org", api.apps.ocp.fedoraproject.org]
sslonly: true
cert_name: "{{ocp_wildcard_cert_name}}"
SSLCertificateChainFile: "{{ocp_wildcard_int_file}}"
# The Connection and Upgrade headers don't work for h2
# So non-h2 is needed to fix websockets.
use_h2: false
tags:
- apps.ocp.fedoraproject.org
when: env == "production"
- role: httpd/website
site_name: registry.fedoraproject.org
server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: candidate-registry.fedoraproject.org
server_aliases: [candidate-registry.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: retrace.fedoraproject.org
server_aliases: [retrace.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
site_name: faf.fedoraproject.org
server_aliases: [faf.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
site_name: alt.fedoraproject.org
server_aliases:
- alt.stg.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
# Kinda silly that we have two entries here, one for prod and one for stg.
# This is inherited from our puppet setup -- we can collapse them as soon as
# is convenient. -- threebean
- role: httpd/website
site_name: taskotron.fedoraproject.org
server_aliases: [taskotron.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: taskotron.stg.fedoraproject.org
server_aliases: [taskotron.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2024.stg.fedoraproject.org.intermediate.cert
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
site_name: resultsdb.stg.fedoraproject.org
server_aliases: [resultsdb.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2024.stg.fedoraproject.org.intermediate.cert
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
tags: resultsdb
- role: httpd/website
site_name: resultsdb.fedoraproject.org
server_aliases: [resultsdb.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env != "staging"
tags: resultsdb
- role: httpd/website
site_name: lists.fedoraproject.org
server_aliases: [lists.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: lists.fedorahosted.org
server_aliases:
- lists.stg.fedorahosted.org
sslonly: true
certbot: true
tags: fedorahosted
- role: httpd/website
site_name: "id{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
stssubdomains: false
tags:
- id.fedoraproject.org
- role: httpd/website
site_name: "sso{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- sso.fedoraproject.org
- role: httpd/website
site_name: username.id.fedoraproject.org
server_aliases:
- "*.id.fedoraproject.org"
# Must not be sslonly, because example.id.fedoraproject.org must be reachable
# via plain http for openid identity support
sslonly: false
cert_name: wildcard-2024.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert
tags:
- id.fedoraproject.org
when: env == "production"
- role: httpd/website
site_name: username.id.stg.fedoraproject.org
server_aliases:
- "*.id.stg.fedoraproject.org"
# Must not be sslonly, because example.id.fedoraproject.org must be reachable
# via plain http for openid identity support
sslonly: false
cert_name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: wildcard-2024.stg.fedoraproject.org.intermediate.cert
tags:
- id.fedoraproject.org
when: env == "staging"
- role: httpd/website
site_name: getfedora.org
server_aliases: [stg.getfedora.org]
sslonly: true
cert_name: getfedora.org
SSLCertificateChainFile: getfedora.org.intermediate.cert
tags:
- getfedora.org
- role: httpd/website
site_name: qa.fedoraproject.org
server_aliases: [qa.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
sslonly: true
- role: httpd/website
site_name: openqa.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
server_aliases: [openqa.stg.fedoraproject.org]
sslonly: true
- role: httpd/website
site_name: redirect.fedoraproject.org
server_aliases: [redirect.stg.fedoraproject.org]
sslonly: true
gzip: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: geoip.fedoraproject.org
server_aliases: [geoip.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: codecs.fedoraproject.org
server_aliases: [codecs.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: jenkins.fedorainfracloud.org
cert_name: jenkins.fedorainfracloud.org
certbot: true
when: env == "production"
- role: httpd/website
site_name: testdays.fedorainfracloud.org
cert_name: testdays.fedorainfracloud.org
certbot: true
when: env == "production"
tags: testdays-fic
- role: httpd/website
site_name: data-analysis.fedoraproject.org
server_aliases: [data-analysis.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: data-analysis
- role: httpd/website
site_name: nagios.fedoraproject.org
server_aliases: [nagios.stg.fedoraproject.org]
SSLCertificateChainFile: wildcard-2023.fedoraproject.org.intermediate.cert
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: zabbix.fedoraproject.org
sslonly: true
#server_aliases: [zabbix.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: zabbix
- role: httpd/website
site_name: zabbix.stg.fedoraproject.org
sslonly: true
#server_aliases: [zabbix.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: zabbix
when: env == "staging"
- role: httpd/website
site_name: odcs.fedoraproject.org
sslonly: true
server_aliases: [odcs.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: odcs
- role: httpd/website
site_name: greenwave.fedoraproject.org
sslonly: true
server_aliases: [greenwave.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: koschei.fedoraproject.org
sslonly: true
server_aliases: [koschei.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: koschei
- role: httpd/website
site_name: message-tagging-service.fedoraproject.org
sslonly: true
server_aliases: [message-tagging-service.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: message-tagging-service
- role: httpd/website
site_name: waiverdb.fedoraproject.org
sslonly: true
server_aliases: [waiverdb.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: silverblue.fedoraproject.org
sslonly: true
server_aliases: [silverblue.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: kinoite.fedoraproject.org
sslonly: true
server_aliases: [kinoite.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags:
- kinoite
- role: httpd/website
site_name: release-monitoring.org
sslonly: true
certbot: true
tags:
- release-monitoring.org
when: env == "production"
- role: httpd/website
site_name: stg.release-monitoring.org
sslonly: true
certbot: true
tags:
- release-monitoring.org
when: env == "staging"
- role: httpd/website
site_name: lists.pagure.io
sslonly: true
certbot: true
tags:
- lists.pagure.io
when: env == "production"
- role: httpd/website
site_name: "languages{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: languages
- role: httpd/website
site_name: neuro.fedoraproject.org
sslonly: true
server_aliases: [neuro.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: neuro
- role: httpd/website
site_name: elections.fedoraproject.org
sslonly: true
server_aliases: [elections.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: elections
- role: httpd/website
site_name: wallpapers.fedoraproject.org
sslonly: true
server_aliases: [wallpapers.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: wallpapers
- role: httpd/website
site_name: mdapi.fedoraproject.org
sslonly: true
server_aliases: [mdapi.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: mdapi
- role: httpd/website
site_name: debuginfod.fedoraproject.org
sslonly: true
server_aliases: [debuginfod.stg.fedoraproject.org]
x_forward: true
cert_name: "{{wildcard_cert_name}}"
gzip: true
tags: debuginfod
- role: httpd/website
site_name: calendar.fedoraproject.org
sslonly: true
server_aliases: [calendar.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: calendar
- role: httpd/website
site_name: kerneltest.fedoraproject.org
sslonly: true
server_aliases: [kerneltest.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: kerneltest
- role: httpd/website
site_name: podcast.fedoraproject.org
sslonly: true
server_aliases: [podcast.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags:
- podcast
# fedorahosted is retired. We have the site here so we can redirect it.
- role: httpd/website
site_name: fedorahosted.org
sslonly: true
server_aliases:
- git.fedorahosted.org
- bzr.fedorahosted.org
- hg.fedorahosted.org
- svn.fedorahosted.org
certbot: true
tags: fedorahosted
when: env == "production"
# planet.fedoraproject.org is not to be used, it's fedoraplanet.org
# We only have it here so we can redirect it with the correct cert
- role: httpd/website
site_name: planet.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
# pkgs.fp.o will be an alias of src.fp.o once we get everyone over to https
# git push/pull. For now, we just want a cert via the certbot system.
- role: httpd/website
site_name: pkgs.fedoraproject.org
ssl: true
sslonly: true
certbot: true
certbot_addhost: pkgs01.iad2.fedoraproject.org
tags:
- pkgs.fedoraproject.org
when: env == "production" and "iad2" in inventory_hostname
- role: httpd/website
site_name: pkgs.stg.fedoraproject.org
ssl: true
sslonly: true
certbot: true
certbot_addhost: pkgs01.stg.iad2.fedoraproject.org
tags:
- pkgs.fedoraproject.org
when: env == "staging" and "iad2" in inventory_hostname
# Askbeta -> ask redirects
- role: httpd/website
site_name: askbeta.fedoraproject.org
ssl: true
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- askbeta.fedoraproject.org
#
# We setup this site for old ols papers
# This used to be on fedorapeople.org, but a new 'ols' user showed up, so
# that no longer works.
#
- role: httpd/website
site_name: ols.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: packages.fedoraproject.org
server_aliases: [packages.stg.fedoraproject.org]
sslonly: true
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: "discourse2fedmsg{{ env_suffix }}.fedoraproject.org"
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags: discourse2fedmsg
- role: httpd/website
site_name: fedora.im
server_aliases: [stg.fedora.im]
sslonly: true
certbot: true
tags:
- fedora.im
- role: httpd/website
site_name: ipsilon-project.org
cert_name: ipsilon-project.org
server_aliases:
- ipsilon-project.org
- www.ipsilon-project.org
ssl: true
sslonly: true
certbot: true
tags:
- ipsilon-website
- role: httpd/website
site_name: directory.fedoraproject.org
ssl: true
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- directory
- role: httpd/website
site_name: discussions.fedoraproject.org
ssl: true
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- discussion
- role: httpd/website
site_name: "openscanhub{{ env_suffix }}.fedoraproject.org"
ssl: true
sslonly: true
cert_name: "{{wildcard_cert_name}}"
tags:
- openscanhub
View git blame Copy permalink