opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/static/files/50-zuul-ci.org.conf
Ian Wienand 3206fd02b8 static: move afs sites from files.openstack.org to static.opendev.org 
This creates sites to serve

 developer.openstack.org
 docs.openstack.org
 docs.opendev.org
 docs.starlingx.io

which are all just static directories underneath /afs/openstack.org/.

This is currently done by files02.openstack.org, but will be better
served in the future by consolidating in ansible configuration on
static.opendev.org.

The following dns entries need to be made before merging to ensure the
certificates are provisioned

 _acme-challenge.developer.openstack.org
 _acme-challenge.docs.openstack.org
 _acme-challenge.docs.opendev.org
 _acme-challenge.docs.starlingx.io

Once done, we can merge and then cut-over the main DNS entries as we
like.

Since there are some follow-ons, I have not removed the puppet
configuration from files02.openstack.org.  I think it's best we
migrate everything away from that and remove it in one lot.

Change-Id: I459a36f823a8868e6cc09e2b0d85f2fe05d69002
2020-02-21 17:59:14 +01:00

53 lines
1.7 KiB
Plaintext
Executable File
Raw Blame History

<VirtualHost *:80>
ServerName zuul-ci.org
ServerAlias www.zuul-ci.org
ServerAlias zuulci.org
ServerAlias www.zuulci.org
RewriteEngine on
RewriteRule ^/(.*) https://zuul-ci.org/$1 [last,redirect=permanent]
ErrorLog /var/log/apache2/zuul-ci.org_error.log
LogLevel warn
CustomLog /var/log/apache2/zuul-ci.org_access.log combined
ServerSignature Off
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName zuul-ci.org
ServerAlias www.zuul-ci.org
ServerAlias zuulci.org
ServerAlias www.zuulci.org
RewriteEngine on
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guarenteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.cer
SSLCertificateKeyFile /etc/letsencrypt-certs/zuul-ci.org/zuul-ci.org.key
SSLCertificateChainFile /etc/letsencrypt-certs/zuul-ci.org/ca.cer
DocumentRoot /afs/openstack.org/project/zuul-ci.org/www
<Directory /afs/openstack.org/project/zuul-ci.org/www>
Options Indexes FollowSymLinks MultiViews
Satisfy any
Require all granted
AllowOverride None
# Allow mod_rewrite rules
AllowOverrideList Redirect RedirectMatch
ErrorDocument 404 /errorpage.html
</Directory>
ErrorLog /var/log/apache2/zuul-ci.org_error.log
LogLevel warn
CustomLog /var/log/apache2/zuul-ci.org_access.log combined
ServerSignature Off
</VirtualHost>
</IfModule>
View Git Blame Copy Permalink