X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Froles%2Ffiles%2Fjenkins%2Fjenkins.debian.org;fp=modules%2Froles%2Ffiles%2Fjenkins%2Fjenkins.debian.org;h=e8d9ebed55eb968b5d0ccec94ea0233182df60e1;hb=32cc0ca47da8021103744f26d3ced982ea0c22ad;hp=b5ccc6b04f0081e961781bff5f19733a591519df;hpb=9d9c36b33d983b2de4e20f13c86a7d108125feb8;p=dsa-puppet.git
diff --git a/modules/roles/files/jenkins/jenkins.debian.org b/modules/roles/files/jenkins/jenkins.debian.org
index b5ccc6b0..e8d9ebed 100644
--- a/modules/roles/files/jenkins/jenkins.debian.org
+++ b/modules/roles/files/jenkins/jenkins.debian.org
@@ -7,6 +7,13 @@ Use common-debian-service-https-redirect * jenkins.debian.org
Use common-debian-service-ssl jenkins.debian.org
Use common-ssl-HSTS
+ SSLCACertificateFile /var/lib/dsa/sso/ca.crt
+ SSLCARevocationCheck chain
+ SSLCARevocationFile /var/lib/dsa/sso/ca.crl
+ SSLVerifyClient optional
+
+ SSLOptions +StdEnvVars
+
UserDir disabled
@@ -14,6 +21,8 @@ Use common-debian-service-https-redirect * jenkins.debian.org
CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
ServerSignature On
+ RequestHeader unset X-Forwarded-User
+ RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
Order deny,allow
Allow from all