| # generated by https://github.com/apache/whimsy/blob/master/tools/mkconf.rb |
| # do not edit directly. Based on definitions found in |
| # https://github.com/apache/infrastructure-p6 |
| # |
| # ************************************ |
| # Vhost template in module puppetlabs-apache |
| # Managed by Puppet |
| # ************************************ |
| # |
| <VirtualHost *:80> |
| ServerName whimsy.local |
| |
| ## Vhost docroot |
| DocumentRoot "/srv/whimsy/www" |
| |
| ## Directories, there should at least be a declaration for /srv/whimsy/www |
| |
| <Directory "/srv/whimsy/www"> |
| Options +FollowSymLinks +MultiViews +ExecCGI |
| AllowOverride None |
| Require all granted |
| </Directory> |
| |
| ## Logging |
| ErrorLog "/var/log/apache2/whimsy_error.log" |
| ServerSignature Off |
| CustomLog "/var/log/apache2/whimsy_access.log" combined |
| |
| ## Server aliases |
| ## ServerAlias whimsy.apache.org |
| |
| ## Custom fragment |
| |
| PassengerFriendlyErrorPages on |
| |
| AddCharset UTF-8 .json |
| |
| # Needed for Git to be able to find .gitconfig |
| SetEnv HOME /var/www |
| |
| # to agree with Dockerfile (ensure svn does not complain) |
| SetEnv LANG C.UTF-8 |
| SetEnv LC_ALL C.UTF-8 |
| |
| ExpiresActive On |
| <Directory /srv/whimsy/www/> |
| AddHandler cgi-script .cgi |
| MultiViewsMatch Any |
| CheckSpelling On |
| |
| <FilesMatch ".(js|css)$"> |
| <If "%{QUERY_STRING} =~ /^\d+$/"> |
| Header set Cache-Control "public, max-age=31536000, immutable" |
| ExpiresDefault "access plus 1 year" |
| </If> |
| </FilesMatch> |
| </Directory> |
| |
| <Directory /srv/whimsy/www/.well-known/acme-challenge> |
| Require all granted |
| </Directory> |
| |
| <Directory /srv/whimsy/www/public/> |
| Header add Access-Control-Allow-Origin "*" |
| Options +Indexes |
| </Directory> |
| |
| <Directory /srv/whimsy/www/logs> |
| Options +Indexes |
| AuthType Basic |
| AuthName "ASF Members" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute memberUid |
| AuthLDAPGroupAttributeIsDN off |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=member,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/members/log> |
| Options +Indexes |
| </Directory> |
| |
| # WHIMSY-199 |
| <Directory /srv/whimsy/www/board/minutes> |
| AllowOverride FileInfo |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/public> |
| Require all granted |
| </Directory> |
| |
| RewriteEngine on |
| RewriteRule ^.*$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] |
| |
| # for secretary workbench |
| RedirectMatch permanent ^/secmail /secretary/workbench |
| |
| RedirectMatch permanent ^/officers/public_names /secretary/public-names |
| |
| # redirect obsolete mailing list request form to replacement application |
| RedirectMatch permanent ^/officers/mlreq https://selfserve.apache.org/mail.html |
| |
| ProxyPass "/board/agenda/websocket/" "ws://localhost:34234/" |
| |
| # We now have local custom error pages |
| ErrorDocument 401 /401.html |
| ErrorDocument 404 /404.html |
| ErrorDocument 500 /500.html |
| |
| #++ Maintenance page setup |
| |
| # To enable maintenance mode, create the file |
| # /srv/whimsy/www/maintenance.txt |
| # This should ideally contain brief details of the maintenance outage |
| # as the file is linked from the 503 page. |
| # However an empty file will work |
| # To end maintenance, remove the file. |
| |
| LuaOutputFilter maintenance "/etc/apache2/maintenance_banner.lua" output_filter |
| <If "-f '/srv/whimsy/www/maintenance.txt'"> |
| AddOutputFilter maintenance html cgi |
| </If> |
| |
| # Redirect all requests to a 503 return code when in maintenance mode |
| ErrorDocument 503 /503.html |
| |
| RewriteEngine on |
| |
| # Check the marker file first |
| RewriteCond /srv/whimsy/www/maintenance.txt -f |
| |
| # Allow access to error pages |
| RewriteCond %{REQUEST_URI} !^/\d\d\d.html$ |
| # Allow access to assets |
| RewriteCond %{REQUEST_URI} !^/assets/ |
| RewriteCond %{REQUEST_URI} !^/icons/ |
| RewriteCond %{REQUEST_URI} !=/whimsy.svg |
| RewriteCond %{REQUEST_URI} !=/favicon.ico |
| # Allow access to public URLs |
| RewriteCond %{REQUEST_URI} !^/public$ |
| RewriteCond %{REQUEST_URI} !^/public/ |
| RewriteCond %{REQUEST_URI} !^/board/minutes/ |
| RewriteCond %{REQUEST_URI} !^/incubator/podlings/by-age |
| RewriteCond %{REQUEST_URI} !^/site/ |
| RewriteCond %{REQUEST_URI} !^/pods/ |
| # Access to linked docs |
| RewriteCond %{REQUEST_URI} !=/test/dataflow.cgi |
| RewriteCond %{REQUEST_URI} !=/test/dataflow.json |
| # Access to test |
| RewriteCond %{REQUEST_URI} !=/test.cgi |
| RewriteCond %{REQUEST_URI} !=/committers/test.cgi |
| # Access to menu |
| RewriteCond %{REQUEST_URI} !=/ |
| RewriteCond %{REQUEST_URI} !=/index.html |
| # Don't redirect 503 page! |
| RewriteCond %{REQUEST_URI} !=/503.html |
| RewriteCond %{REQUEST_URI} !=/maintenance.txt |
| RewriteRule ^ - [R=503,L] |
| |
| # Redirect away from the maintenance page if not in maintenance mode |
| RewriteCond /srv/whimsy/www/maintenance.txt !-f |
| RewriteRule ^/503.html$ / [R,L] |
| |
| #-- Maintenance page setup |
| |
| Alias /board/agenda/ /srv/whimsy/www/board/agenda/public |
| |
| <Location /board/agenda> |
| PassengerBaseURI /board/agenda |
| PassengerAppRoot /srv/whimsy/www/board/agenda |
| Options -MultiViews |
| CheckSpelling Off |
| # SetEnv HTTPS on |
| </Location> |
| |
| Alias /racktest/ /srv/whimsy/www/racktest/public |
| |
| <Location /racktest> |
| PassengerBaseURI /racktest |
| PassengerAppRoot /srv/whimsy/www/racktest |
| Options -MultiViews |
| CheckSpelling Off |
| # SetEnv HTTPS on |
| </Location> |
| |
| Alias /roster/ /srv/whimsy/www/roster/public |
| |
| <Location /roster> |
| PassengerBaseURI /roster |
| PassengerAppRoot /srv/whimsy/www/roster |
| Options -MultiViews |
| CheckSpelling Off |
| # SetEnv HTTPS on |
| </Location> |
| |
| Alias /secretary/workbench/ /srv/whimsy/www/secretary/workbench/public |
| |
| <Location /secretary/workbench> |
| PassengerBaseURI /secretary/workbench |
| PassengerAppRoot /srv/whimsy/www/secretary/workbench |
| Options -MultiViews |
| CheckSpelling Off |
| # SetEnv HTTPS on |
| </Location> |
| |
| Alias /project/icla/ /srv/whimsy/www/project/icla/public |
| |
| <Location /project/icla> |
| PassengerBaseURI /project/icla |
| PassengerAppRoot /srv/whimsy/www/project/icla |
| Options -MultiViews |
| CheckSpelling Off |
| # SetEnv HTTPS on |
| </Location> |
| |
| <LocationMatch ^/board/subscriptions> |
| AuthType Basic |
| AuthName "ASF Committers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </LocationMatch> |
| |
| <Directory /srv/whimsy/www/committers> |
| AuthType Basic |
| AuthName "ASF Committers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/project/icla> |
| AuthType Basic |
| AuthName "ASF Committers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/roster> |
| AuthType Basic |
| AuthName "ASF Committers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <LocationMatch ^/incubator/moderators> |
| AuthType Basic |
| AuthName "ASF Members and Incubator PMC" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </LocationMatch> |
| |
| <LocationMatch ^/incubator/signoff> |
| AuthType Basic |
| AuthName "ASF Members and Incubator PMC" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </LocationMatch> |
| |
| <Directory /srv/whimsy/www/fundraising> |
| AuthType Basic |
| AuthName "ASF Members and Officers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/officers> |
| AuthType Basic |
| AuthName "ASF Members and Officers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/treasurer> |
| AuthType Basic |
| AuthName "ASF Members and Officers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/board/agenda> |
| AuthType Basic |
| AuthName "ASF Members and Officers" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require expr %{REQUEST_URI} == '/board/agenda/app.js' |
| Require expr %{REQUEST_URI} == '/board/agenda/app.js.map' |
| Require expr %{REQUEST_URI} =~ m#^/board/agenda/.*\.js\.rb$# |
| Require expr %{REQUEST_URI} =~ m#^/board/agenda/[-\d]+/bootstrap.html$# |
| Require expr %{REQUEST_URI} == '/board/agenda/manifest.json' |
| Require expr %{REQUEST_URI} == '/board/agenda/stylesheets/app.css' |
| Require expr %{REQUEST_URI} == '/board/agenda/sw.js' |
| Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/apmail> |
| AuthType Basic |
| AuthName "ASF Members" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute memberUid |
| AuthLDAPGroupAttributeIsDN off |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=member,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/members> |
| AuthType Basic |
| AuthName "ASF Members" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute memberUid |
| AuthLDAPGroupAttributeIsDN off |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=member,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/voter> |
| AuthType Basic |
| AuthName "ASF Members" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute memberUid |
| AuthLDAPGroupAttributeIsDN off |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=member,ou=groups,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/infra> |
| AuthType Basic |
| AuthName "ASF Infrastructure Team" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| Require ldap-group cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org |
| </Directory> |
| |
| <Directory /srv/whimsy/www/secretary> |
| AuthType Basic |
| AuthName "ASF Secretarial Team" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| <RequireAny> |
| Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org |
| Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org |
| </RequireAny> |
| </Directory> |
| |
| <LocationMatch ^/board/publish_minutes> |
| AuthType Basic |
| AuthName "ASF Secretarial Team" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| AuthLDAPGroupAttribute member |
| AuthLDAPGroupAttributeIsDN on |
| AuthLDAPMaxSubGroupDepth 0 |
| <RequireAny> |
| Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org |
| Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org |
| </RequireAny> |
| </LocationMatch> |
| |
| <Directory /srv/whimsy/www/test/committer> |
| AuthType Basic |
| AuthName "ASF Committer" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| Require ldap-alias-committer |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/member> |
| AuthType Basic |
| AuthName "ASF Member" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| Require ldap-alias-member |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/incubator> |
| AuthType Basic |
| AuthName "Incubator PMC" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| Require ldap-alias-incubator-pmc |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/member-incubator> |
| AuthType Basic |
| AuthName "ASF Members and Incubator PMC" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| <RequireAny> |
| Require ldap-alias-member |
| Require ldap-alias-incubator-pmc |
| </RequireAny> |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/pmc-chair> |
| AuthType Basic |
| AuthName "PMC Chair" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| Require ldap-alias-pmc-chair |
| </Directory> |
| |
| <Directory /srv/whimsy/www/test/secretary> |
| AuthType Basic |
| AuthName "Secretary" |
| AuthBasicProvider ldap |
| AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" |
| AuthLDAPBindDN <%= ldapbinddn %> |
| AuthLDAPBindPassword "<%= ldapbindpw %>" |
| Require ldap-alias-secretary |
| </Directory> |
| |
| # Needs libapache2-mod-svn to be installed |
| # These are separate repos, as per the real ones |
| <Location /repos/asf> |
| DAV svn |
| SVNPath /srv/REPO/asf |
| SetOutputFilter DEFLATE |
| </Location> |
| |
| <Location /repos/infra> |
| DAV svn |
| SVNPath /srv/REPO/infra |
| SetOutputFilter DEFLATE |
| </Location> |
| |
| <Location /repos/private> |
| DAV svn |
| SVNPath /srv/REPO/private |
| SetOutputFilter DEFLATE |
| </Location> |
| |
| </VirtualHost> |