X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/55fc22bb3b3c7adfd60c2c4865e52d71c7de3572..a7de9e4abe76f8cd647eea949f99687fcc19254c:/cookbooks/git/templates/default/apache.erb diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb index 21e0aa077..30685fad9 100644 --- a/cookbooks/git/templates/default/apache.erb +++ b/cookbooks/git/templates/default/apache.erb @@ -1,38 +1,79 @@ # DO NOT EDIT - This file is being maintained by Chef - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.slice(1..-1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - HeaderName HEADER - Alias /gitweb /usr/share/gitweb - Alias /git /var/cache/git - ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi + RedirectPermanent / https://<%= @name %>/ + + +<% end -%> + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + SetEnv GIT_PROJECT_ROOT /var/lib/git + SetEnv GIT_HTTP_EXPORT_ALL + SetEnv GIT_HTTP_MAX_REQUEST_BUFFER 100M + + SetEnvIf Git-Protocol ".*" GIT_PROTOCOL=$0 + + # KeepaliveTimeout longer than git config uploadpack.keepalive 5 second default + KeepAliveTimeout 20 + + ScriptAlias /public /usr/lib/git-core/git-http-backend/public + ScriptAlias /private /usr/lib/git-core/git-http-backend/private + Alias /gitweb /usr/share/gitweb + Alias /git /var/cache/git + ScriptAlias / /usr/lib/cgi-bin/gitweb.cgi/ + + + Require all granted + +<% unless @private_allowed.empty? -%> + + + Require ip <%= @private_allowed.sort.join(" ") %> + +<% end -%> - RewriteEngine On - RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT] - RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT] + + Require all denied + -> - Require all granted + + Options ExecCGI