8924835baf
We don't need to keep using the old Apache 2.2 Satisfy ACL primitive because we are now running Apache 2.4 everywhere. Stick to Require as it simplifies understanding of ACLs by being consistent. Change-Id: Ib2f7ea1909b9798279efc77a42b632e7129bd1d0
93 lines
2.9 KiB
Plaintext
93 lines
2.9 KiB
Plaintext
Define AFS_ROOT /afs/openstack.org/project/governance.openstack.org
|
|
|
|
<VirtualHost *:80>
|
|
ServerName governance.openstack.org
|
|
RewriteEngine On
|
|
RewriteRule ^/(.*) https://governance.openstack.org/$1 [last,redirect=permanent]
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/governance.openstack.org_error.log
|
|
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
|
|
ServerName governance.openstack.org
|
|
|
|
DocumentRoot ${AFS_ROOT}
|
|
|
|
SSLCertificateFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.cer
|
|
SSLCertificateKeyFile /etc/letsencrypt-certs/governance.openstack.org/governance.openstack.org.key
|
|
SSLCertificateChainFile /etc/letsencrypt-certs/governance.openstack.org/ca.cer
|
|
SSLProtocol All -SSLv2 -SSLv3
|
|
# Note: this list should ensure ciphers that provide forward secrecy
|
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
|
SSLHonorCipherOrder on
|
|
|
|
# Alias other folders
|
|
Alias "/election/" "${AFS_ROOT}/election/"
|
|
Alias "/ideas/" "${AFS_ROOT}/ideas/"
|
|
Alias "/sigs/" "${AFS_ROOT}/sigs/"
|
|
Alias "/tc/" "${AFS_ROOT}/tc/"
|
|
# keep last
|
|
Alias "/" "${AFS_ROOT}/governance/"
|
|
|
|
# Set up redirects
|
|
Redirect "/badges/" "/tc/badges/"
|
|
Redirect "/goals/" "/tc/goals/"
|
|
Redirect "/reference/" "/tc/reference/"
|
|
Redirect "/resolutions/" "/tc/resolutions/"
|
|
|
|
# Redirect all old pages under /uc/ to the TC index page
|
|
RedirectMatch "^/uc/.*$" "/tc/index.html"
|
|
|
|
<Directory ${AFS_ROOT}/election>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory ${AFS_ROOT}/governance>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory ${AFS_ROOT}/ideas>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory ${AFS_ROOT}/sigs>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory ${AFS_ROOT}/tc>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverrideList Redirect RedirectMatch
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory ${AFS_ROOT}/badges>
|
|
Options Indexes FollowSymLinks MultiViews
|
|
AllowOverride None
|
|
Require all granted
|
|
<IfModule mod_headers.c>
|
|
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
|
|
Header set Pragma "no-cache"
|
|
</IfModule>
|
|
ErrorDocument 404 /badges/project-unofficial.svg
|
|
</Directory>
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/governance.openstack.org_error.log
|
|
CustomLog /var/log/apache2/governance.openstack.org_access.log combined
|
|
ServerSignature Off
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|