modules/roles/files/jenkins/jenkins.debian.org

   1 Use common-debian-service-https-redirect * jenkins.debian.org
   2
   3 <VirtualHost *:443>
   4         ServerName jenkins.debian.org
   5         ServerAdmin debian-admin@lists.debian.org
   6
   7         Use common-debian-service-ssl jenkins.debian.org
   8         Use common-ssl-HSTS
   9
  10         SSLCACertificateFile /var/lib/dsa/sso/ca.crt
  11         SSLCARevocationCheck chain
  12         SSLCARevocationFile /var/lib/dsa/sso/ca.crl
  13         SSLVerifyClient optional
  14
  15         SSLOptions +StdEnvVars
  16
  17         <IfModule mod_userdir.c>
  18                 UserDir disabled
  19         </IfModule>
  20         ErrorLog /var/log/apache2/jenkins.debian.org-error.log
  21         CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy
  22         ServerSignature On
  23         <IfModule mod_proxy.c>
  24                 RequestHeader unset X-Forwarded-User
  25                 RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN
  26                 <Proxy *>
  27                         Order deny,allow
  28                         Allow from all
  29                 </Proxy>
  30                 AllowEncodedSlashes NoDecode
  31
  32                 <Location /http-auth-jenkins/>
  33                         AuthName "Debian Jenkins"
  34                         AuthType Digest
  35                         AuthDigestProvider file
  36                         AuthUserFile /srv/jenkins.debian.org/etc/htdigest
  37                         Require valid-user
  38
  39                         RewriteEngine On
  40                         # see the Apache documentation on why this has to be lookahead
  41                         RewriteCond %{LA-U:REMOTE_USER} (.+)
  42                         # this actually doesn't rewrite anything. what we do here is to set RU to the match above
  43                         # "NS" prevents flooding the error log
  44                         RewriteRule .* - [E=RU:%1,NS]
  45                         RequestHeader set X-Forwarded-User %{RU}e
  46
  47                         ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
  48                         ProxyPassReverse http://127.0.0.1:8080/
  49                         ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
  50                 </Location>
  51
  52                 ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
  53                 ProxyPassReverse / http://127.0.0.1:8080/
  54                 ProxyPassReverse / http://jenkins.debian.org/
  55                 ProxyRequests     Off
  56                 ProxyPreserveHost on
  57                 RequestHeader set X-Forwarded-Proto "https"
  58                 RequestHeader set X-Forwarded-Port "443"
  59         </IfModule>
  60 </VirtualHost>
  61