opendev/system-config
Code Issues Proposed changes
38f36c36c9
system-config/playbooks/roles/static/files/50-governance.openstack.org.conf
Ian Wienand d961b6d0d4 static: implement legacy redirect sites 
This is a slight divergence from the accepted spec, where we were
going to implement these redirects via a new haproxy instance
(I961456d44a56f2334d3c94ef27e408f27409cd65).  We've decided it's
easier to keep them on static.opendev.org

The following sites are configured to redirect to whatever they are
redirecting to now on static.opendev.org:

 * devstack.org
 * www.devstack.org
 * ci.openstack.org
 * cinder.openstack.org
 * glance.openstack.org
 * horizon.openstack.org
 * keystone.openstack.org
 * nova.openstack.org
 * qa.openstack.org
 * summit.openstack.org
 * swift.openstack.org

As a bonus, they all get a https instance too, which they didn't have
before.

testinfra coverage should be total for this change.  I have created
the _acme-challange CNAME records for all the above.

Story: #2006598
Task: #38881

Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9
2020-02-27 16:25:39 +11:00

104 lines
3.1 KiB
Plaintext
Raw Blame History

Define AFS_ROOT /afs/openstack.org/project/governance.openstack.org
<VirtualHost *:80>
ServerName governance.openstack.org
RewriteEngine On
RewriteRule ^/(.*) https://governance.openstack.org/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/governance.openstack.org_error.log
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName governance.openstack.org
DocumentRoot ${AFS_ROOT}
SSLCertificateFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/governance.openstack.org/ca.cer
SSLProtocol All -SSLv2 -SSLv3
# Note: this list should ensure ciphers that provide forward secrecy
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
# Alias other folders
Alias "/election/" "${AFS_ROOT}/election/"
Alias "/ideas/" "${AFS_ROOT}/ideas/"
Alias "/sigs/" "${AFS_ROOT}/sigs/"
Alias "/tc/" "${AFS_ROOT}/tc/"
Alias "/uc/" "${AFS_ROOT}/uc/"
# keep last
Alias "/" "${AFS_ROOT}/governance/"
# Set up redirects
Redirect "/badges/" "/tc/badges/"
Redirect "/goals/" "/tc/goals/"
Redirect "/reference/" "/tc/reference/"
Redirect "/resolutions/" "/tc/resolutions/"
<Directory ${AFS_ROOT}/election>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/governance>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/ideas>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/sigs>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/tc>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/uc>
Options Indexes FollowSymLinks MultiViews
AllowOverrideList Redirect RedirectMatch
Satisfy Any
Require all granted
</Directory>
<Directory ${AFS_ROOT}/badges>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Satisfy Any
Require all granted
<IfModule mod_headers.c>
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</IfModule>
ErrorDocument 404 /badges/project-unofficial.svg
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/governance.openstack.org_error.log
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink