Re-enable symlinks on static vhosts

[dsa-puppet.git] / modules / roles / templates / static-mirroring / static-vhost.conf.erb

diff --git a/modules/roles/templates/static-mirroring/static-vhost.conf.erb b/modules/roles/templates/static-mirroring/static-vhost.conf.erb
index 53e588a300b32011d162034cd36e7a48a4376ce7..cc9ff05b0f2a8c84b8e1ce306d824265845574bc 100644 (file)
--- a/modules/roles/templates/static-mirroring/static-vhost.conf.erb
+++ b/modules/roles/templates/static-mirroring/static-vhost.conf.erb
@@ -1,4 +1,27 @@
 # puppet maintained
+<Macro common-dsa-vhost-https-redirect $name>
+       <VirtualHost <%= vhost_listen %> >
+               ServerName $name
+               ServerAdmin debian-admin@lists.debian.org
+
+               CustomLog /var/log/apache2/$name-access.log privacy
+               ErrorLog /var/log/apache2/$name-error.log
+
+               Redirect permanent / https://$name/
+       </VirtualHost>
+</Macro>
+
+<Macro common-dsa-vhost-https-redirect-temp $name>
+       <VirtualHost <%= vhost_listen %> >
+               ServerName $name
+               ServerAdmin debian-admin@lists.debian.org
+
+               CustomLog /var/log/apache2/$name-access.log privacy
+               ErrorLog /var/log/apache2/$name-error.log
+
+               Redirect / https://$name/
+       </VirtualHost>
+</Macro>
 
 <Macro common-static-base $name>
        <IfModule mod_userdir.c>
@@ -8,13 +31,20 @@
 
        DocumentRoot /srv/static.debian.org/mirrors/$name/cur
        <Directory /srv/static.debian.org/mirrors/$name/cur>
-               AllowOverride FileInfo
-               Options Multiviews Indexes FollowSymLinks
+               AllowOverride FileInfo Indexes Options=Multiviews
+               Options Indexes SymLinksIfOwnerMatch
                IndexOptions FancyIndexing NameWidth=*
-               Order allow,deny
-               Allow from all
+               <% if @lsbmajdistrelease > '7' -%>
+                       Require all granted
+               <% else -%>
+                       Order allow,deny
+                       Allow from all
+               <% end -%>
        </Directory>
 
+       Header set Surrogate-Key <%= hostname %>
+
+       DefaultType text/plain
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
 </Macro>
 
@@ -32,24 +62,26 @@
        </VirtualHost>
 </Macro>
 
-<Macro common-static-vhost-publiclog $name>
-       <Virtualhost <%= vhost_listen %> >
+<Macro common-static-vhost $name>
+       Use common-static-vhost-with-extra $name "# nada"
+</Macro>
+
+
+<Macro common-static-vhost-ssl $name>
+       Use common-dsa-vhost-https-redirect $name
+
+       <Virtualhost <%= vhost_listen_443 %> >
                ServerName $name
                ServerAdmin debian-admin@lists.debian.org
 
                ErrorLog /var/log/apache2/$name-error.log
-               CustomLog /var/log/apache2/$name-access.log privacy
-               <IfModule mod_geoip.c>
-                       CustomLog /var/log/apache2/$name-public-access.log privacy+geo
-               </IfModule>
+               CustomLog /var/log/apache2/$name-access.log privacyssl
+
+               Use common-debian-service-ssl $name
+               Use common-ssl-HSTS
 
                Use common-static-base $name
        </VirtualHost>
 </Macro>
 
-<Macro common-static-vhost $name>
-       Use common-static-vhost-with-extra $name "# nada"
-</Macro>
-
-
 # vim:ft=apache: