WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-27 23:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
424d7c10bb096d07ffbfafd3465b8a608a20c7a6
fedora-infra_ansible/roles/httpd/website/templates/website.conf
Patrick Uiterwijk 424d7c10bb Redirect fp.o to https://fp.o first, then to getfedora.org but not for hotspot.txt 
This reverts commit 80ac144f78.
2018-06-28 11:39:55 +02:00

79 lines
2.4 KiB
Plaintext
Raw Blame History

<VirtualHost *:80>
ServerName {{ site_name }}
{% if server_aliases %}
ServerAlias {{ server_aliases | join(" ") }}
{% endif %}
ServerAdmin {{ server_admin }}
TraceEnable Off
{% if gzip %}
SetOutputFilter DEFLATE
{% endif %}
{% if certbot %}
ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
{% endif %}
{% if site_name == "fedoraproject.org" %}
Alias /static/hotspot.txt /srv/web/fedoraproject.org/static/hotspot.txt
{% endif %}
{% if sslonly %}
RewriteEngine On
RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.*
RewriteCond %{REQUEST_URI} !/static/hotspot.txt
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
{% else %}
Include "conf.d/{{ site_name }}/*.conf"
{% endif %}
</VirtualHost>
{% if ssl %}
<VirtualHost *:443>
ServerName {{ site_name }}
{% if server_aliases %}
ServerAlias {{ server_aliases | join(" ") }}
{% endif %}
ServerAdmin {{ server_admin }}
{% if ansible_distribution == 'Fedora' and not inventory_hostname.startswith(('proxy01.phx2','proxy10.phx2')) and site_name != 'src.fedoraproject.org' %}
Protocols h2 http/1.1
{% else %}
# For proxy01/10 and src.fedoraproject.org we only do http/1.1 because h2 hits a curl bug downloading sources
# For builds with tons of source files like texlive.
Protocols http/1.1
{% endif %}
{% if gzip %}
SetOutputFilter DEFLATE
{% endif %}
SSLEngine on
{% if certbot %}
SSLCertificateFile /etc/pki/tls/certs/{{ site_name }}.cert
SSLCertificateKeyFile /etc/pki/tls/private/{{ site_name }}.key
SSLCertificateChainFile /etc/pki/tls/certs/{{ site_name }}.intermediate.cert
{% else %}
SSLCertificateFile /etc/pki/tls/certs/{{ cert_name }}.cert
SSLCertificateKeyFile /etc/pki/tls/private/{{ cert_name }}.key
{% if SSLCertificateChainFile %}
SSLCertificateChainFile /etc/pki/tls/certs/{{ SSLCertificateChainFile }}
{% endif %}
{% endif %}
SSLHonorCipherOrder On
# https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
# If you change the protocols or cipher suites, you should probably update
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
{% if sslonly %}
Header always add Strict-Transport-Security "max-age=31536000; {% if stssubdomains %}includeSubDomains; {% endif %}preload"
{% endif %}
Include "conf.d/{{ site_name }}/*.conf"
</VirtualHost>
{% endif %}
Reference in New Issue View Git Blame Copy Permalink