--- classes: - apache - apache::mod::actions - apache::mod::autoindex - apache::mod::expires - apache::mod::negotiation - apache::mod::proxy - apache::mod::proxy_http - apache::mod::reqtimeout - apache::mod::rewrite - apache::mod::setenvif - apache::mod::speling - apache::mod::ssl - apache::mod::status - apache::mod::vhost_alias - apbackup - apmirror - rootbin_asf - svnwcsub - tlp_vhosts::compat - vhosts_asf::custom_config - vhosts_asf::modules - vhosts_asf::vhosts apache::keepalive: 'On' apache::keepalive_timeout: '30' apache::default_vhost: false apache::default_ssl_cert: '/etc/ssl/certs/wildcard.apache.org.crt' apache::default_ssl_chain: '/etc/ssl/certs/wildcard.apache.org.chain' apache::default_ssl_key: '/etc/ssl/private/wildcard.apache.org.key' apache::logrotate_compressoptions: '-9' apache::logrotate_rotate: 5 apache::logrotate_owner: 'root' apache::logrotate_group: 'apbackup' apache::mod::event::listenbacklog: '1023' apache::mod::event::maxclients: '750' apache::mod::event::maxconnectionsperchild: '200000' apache::mod::event::maxrequestworkers: '3750' apache::mod::event::maxsparethreads: '750' apache::mod::event::minsparethreads: '150' apache::mod::event::serverlimit: '25' apache::mod::event::startservers: '5' apache::mod::event::threadlimit: '250' apache::mod::event::threadsperchild: '150' apache::mod::status::allow_from: - 'All' apache::mod::status::apache_version: '2.3' # Force module to use Allow from syntax and actually allow anyone to check apache::mpm_module: 'event' apache::serveradmin: 'infrastructure@apache.org' apmirror::uid: '508' apmirror::gid: '508' apmirror::groups: - 'svnwc' - 'apbackup' apmirror::svnwc_group: "%{hiera('svnwcsub::groupname')}" apmirror::svnwc_user: "%{hiera('svnwcsub::username')}" svnwcsub::gid: '9997' svnwcsub::uid: '9997' svnwcsub::conf_file: 'svnwcsub.conf' svnwcsub:::conf_path: '/etc/' svnwcsub::groupname: 'svnwc' svnwcsub::groups: - 'svnwc' svnwcsub::service_ensure: 'stopped' svnwcsub::service_name: 'svnwcsub' svnwcsub::shell: '/bin/bash' svnwcsub::source: 'svnwcsub.conf.test' svnwcsub::username: 'svnwc' rsync::package_ensure: 'latest' rsync::server::use_xinetd: false rsync::server::gid: 'nogroup' # group 'nobody' doesn't exist in ubuntu apache::custom_config: svn: content: | <Macro BlockSvn> <DirectoryMatch /\.svn> Order allow,deny Deny from all </DirectoryMatch> </Macro> tlp: content: | <Macro CatchAll> RewriteEngine On RewriteOptions inherit RewriteMap lowercase int:tolower # optionally enable per-project favicons RewriteCond %%{}{REQUEST_URI} ^/favicon\.ico$ RewriteCond ${lowercase:%%{}{SERVER_NAME}} ^(\w+)(?:\.\w+)?\.apache\.org$ RewriteCond /var/www/%1.apache.org/favicon.ico -f RewriteRule ^/favicon\.ico$ /var/www/%1.apache.org/favicon.ico [L] # optionally enable per-project favicons for cms sites too RewriteCond %%{}{REQUEST_URI} ^/favicon\.ico$ RewriteCond ${lowercase:%%{}{SERVER_NAME}} ^(\w+)(?:\.\w+)?\.apache\.org$ RewriteCond /var/www/%1.apache.org/content/favicon.ico -f RewriteRule ^/favicon\.ico$ /var/www/%1.apache.org/content/favicon.ico [L] # catchall RewriteRule ^/favicon\.ico$ /var/www/www.apache.org/content/favicon.ico [L] # Graduated podlings # ### TODO: this foo.incubator.a.o->foo.a.o redirect breaks if foo ever # ### moves to the attic. RewriteCond ${lowercase:%%{}{SERVER_NAME}} ^(\w+)\.incubator(\.\w+)?\.apache\.org$ RewriteCond /dist/%1 -d RewriteRule ^(.*)$ http://%1%2.apache.org$1 [R,L] # change the DocumentRoot to ${DocumentRoot}/content if it exists RewriteCond %%{}{REQUEST_URI} !^/cgi-bin/ RewriteCond %%{}{REQUEST_URI} !^/[.]revision$ RewriteCond ${lowercase:%%{}{SERVER_NAME}} ^(\w+)(?:\.\w+)?\.apache\.org$ RewriteCond /var/www/%1.apache.org/content -d RewriteRule ^(.*)$ ${lowercase:%%{}{SERVER_NAME}}$1 [C] RewriteRule ^(\w+)(?:\.\w+)?\.apache\.org/(.*) /var/www/$1.apache.org/content/$2 </Macro> aoo: content: | <Macro OpenOffice $proto> DocumentRoot /var/www/ooo-site.apache.org/content ServerName www.openoffice.org ServerAlias ooo-site.apache.org ServerAlias *.openoffice.org ServerAlias openoffice.org UseCanonicalName On # Silence PROPFIND mod_allowmethods errors # for Apache OO update check requests <LocationMatch "/projects/update[^/]*/ProductUpdateService/check\.Update"> LogLevel allowmethods:crit </LocationMatch> # Silence PROPFIND mod_allowmethods errors # for Apache OO accesses by "Microsoft-WebDAV-MiniRedir" # (typical URI is "/3") <If "%%{}{REQUEST_METHOD} == 'PROPFIND' && %%{}{HTTP_USER_AGENT} =~ /^Microsoft-WebDAV-MiniRedir/"> LogLevel allowmethods:crit </If> <Location /projects> ErrorDocument 404 default </Location> ErrorDocument 404 /docs/custom_404.html RewriteEngine On RewriteOptions inherit RewriteRule ^/favicon\.ico$ /var/www/ooo-site.apache.org/content/favicon.ico [L] RewriteMap lowercase int:tolower RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^openoffice.org$ RewriteRule (.*) $proto://www.openoffice.org$1 [L] # kill update.services.openoffice.org RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^update.services.openoffice.org$ RewriteRule (.*) - [G,L] # qa|www.openoffice.org RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^(?:qa|www)(?:\.\w+)?\.openoffice\.org$ RewriteRule /issues/(.*) $proto://issues.apache.org/ooo/$1 [NE,L] # [registration2|survey].openoffice.org RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^(?:registration2|survey)(?:\.\w+)?\.openoffice\.org$ RewriteRule (.*) $proto://www.openoffice.org/legacy/thankyou.html [NE,L] # contributing.openoffice.org RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^contributing(?:\.\w+)?\.openoffice\.org$ RewriteRule (.*) $proto://openoffice.apache.org/get-involved.html [L] RewriteRule /contributing/(.*) $proto://openoffice.apache.org/get-involved.html [L] # security.openoffice.org RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^security(?:\.\w+)?\.openoffice\.org$ RewriteRule (.*) $proto://openoffice.apache.org/security.html [L] # br-pt.openoffice.org typos RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^br-pt(?:\.\w+)?\.openoffice\.org$ RewriteRule (.*) $proto://www.openoffice.org/pt-br$1 [L] # change foo.openoffice.org/... to www.openoffice.org/foo/... if foo dir exists RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^(\w+)(?:\.\w+)?\.openoffice\.org$ RewriteCond /var/www/ooo-site.apache.org/content/%1 -d RewriteRule ^(.*)$ ${lowercase:%%{}{HTTP_HOST}}$1 [C] RewriteRule ^(\w+)(?:\.\w+)?\.openoffice\.org/(.*) $proto://www.openoffice.org/$1/$2 [NE,L,R=permanent] # change *.openoffice.org/?lang=foo to www.openoffice.org/foo/ RewriteCond ${lowercase:%%{}{QUERY_STRING}} lang=([a-z\-]+) RewriteCond /var/www/ooo-site.apache.org/content/%1 -d RewriteRule .* $proto://www.openoffice.org/%1? [NE,L,R=permanent] # fallback for proj.openoffice.org/... to openoffice.org/projects/proj/... # The most common case is redirecting # $proto://updateXXX.services.openoffice.org/ProductUpdateService/check.Update # to $proto://www.openoffice.org/projects/updateXXX/ProductUpdateService/check.Update RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^(?!www)(\w+)(?:\.\w+)?\.openoffice\.org$ RewriteRule ^(.*)$ ${lowercase:%%{}{HTTP_HOST}}$1 [C] RewriteRule ^(\w+)(?:\.\w+)?\.openoffice\.org/(.*) $proto://www.openoffice.org/projects/$1/$2 [NE,L] </Macro> vhosts_asf::modules::modules: allowmethods: name: 'allowmethods' asis: name: 'asis' cgi: name: 'cgi' cgid: name: 'cgid' headers: name: 'headers' include: name: 'include' macro: name: 'macro' unique_id: name: 'unique_id' vhosts_asf::vhosts::vhosts: apache: vhost_name: '*' port: 80 servername: 'www.apache.org' docroot: '/var/www/www.apache.org/content' manage_docroot: false serveraliases: - 'apache.org' - 'apachegroup.org' - 'www.apachegroup.org' - 'www.*.apache.org' directories: - path: '/var/www/www.apache.org/content' options: - 'Indexes' - 'FollowSymLinks' - 'MultiViews' - 'ExecCGI' allow_override: - 'All' addhandlers: - handler: 'cgi-script' extensions: - '.cgi' serveradmin: 'infrastructure@apache.org' access_log_file: 'weblog.log' error_log_file: 'errorlog.log' custom_fragment: | Redirect permanent /docs/vif.info http://httpd.apache.org/docs/misc/vif-info Redirect permanent /docs/directives.html http://httpd.apache.org/docs/mod/directives.html Redirect permanent /docs/API.html http://httpd.apache.org/docs/misc/API.html Redirect permanent /docs/FAQ.html http://httpd.apache.org/docs/misc/FAQ.html Redirect permanent /manual-index.cgi/docs http://www.apache.org/search.html Redirect permanent /bugdb.cgi/ http://bugs.apache.org/index/ Redirect permanent /bugdb.cgi http://bugs.apache.org/ Redirect permanent /Conference1998 http://www.apachecon.com Redirect permanent /java http://archive.apache.org/dist/java/ Redirect permanent /perl http://perl.apache.org Redirect permanent /docs/manual http://httpd.apache.org/docs Redirect permanent /docs http://httpd.apache.org/docs Redirect permanent /httpd http://httpd.apache.org Redirect permanent /httpd/ http://httpd.apache.org/ Redirect permanent /httpd.html http://httpd.apache.org/ Redirect permanent /index/full http://www.apache.org Redirect permanent /info/css-security http://httpd.apache.org/info/css-security Redirect permanent /websrc/ http://cvs.apache.org/ Redirect permanent /from-cvs/ http://cvs.apache.org/snapshots/ Redirect permanent /travel/application http://tac-apply.apache.org RedirectMatch permanent ^/LICENSE.* http://www.apache.org/licenses/ RedirectMatch permanent /flyers(.*) http://www.apache.org/foundation/contributing.html RewriteEngine on RewriteOptions inherit RewriteRule /docs/mod_(.*)$ http://httpd.apache.org/docs/mod/mod_$1 [R=permanent] #/mail/* -> mail-archives.a.o/mod_mbox/* RewriteRule ^/mail/?$ http://mail-archives.apache.org/mod_mbox/#asf-wide [R=301,L,NE] #/mail/* -> mail-archives.a.o/mod_mbox/tlp-list RewriteRule ^/mail/(.*)$ http://mail-archives.apache.org/mod_mbox/asf-wide-$1 [R=301,L] # Grab referals from www.apache.com and explain where # they landed. RewriteCond %%{}{HTTP_REFERER} ^http://([^/]*\.)?apache\.com/ RewriteRule ^/dist/.* http://www.apache.org/info/referer-dotcom.html [R,L] # odd ddos coming from aouu.com RewriteCond %%{}{HTTP_REFERER} aouu.com RewriteRule ^ - [F,L] <IfModule mod_expires.c> ExpiresActive On ExpiresDefault A3600 </IfModule> ## Set " Access-Control-Allow-Origin: *" as per https://issues.apache.org/jira/browse/INFRA-2877 <LocationMatch ^/dist/.*> Header set Access-Control-Allow-Origin "*" </LocationMatch> <Directory /var/www/www.apache.org/content/dist> IndexOptions FancyIndexing NameWidth=* FoldersFirst \ ScanHTMLTitles DescriptionWidth=* HeaderName HEADER.html ReadmeName README.html AllowOverride FileInfo Indexes Options Indexes SymLinksIfOwnerMatch </Directory> <Directory /var/www/www.apache.org/dist/httpd> IndexOptions +FoldersFirst +ScanHTMLTitles +DescriptionWidth=* </Directory> <Location "/server-status"> SetHandler server-status </Location> Use BlockSvn tlp: vhost_name: '*' priority: 99 port: 80 servername: 'www.apache.org' virtual_docroot: '/var/www/%1.0.apache.org' docroot: '/var/www' manage_docroot: false serveraliases: - '*.apache.org' directories: - path: '/var/www' options: - 'Indexes' - 'FollowSymLinks' - 'MultiViews' - 'ExecCGI' allow_override: - 'All' addhandlers: - handler: 'cgi-script' extensions: - '.cgi' serveradmin: 'infrastructure@apache.org' access_log_file: 'weblog.log' error_log_file: 'errorlog.log' custom_fragment: | VirtualScriptAlias /var/www/%1.0.apache.org/cgi-bin UseCanonicalName Off Use CatchAll Use BlockSvn <Directory /var/www/trafficserver.apache.org> Options +Includes AddOutputFilter INCLUDES .html </Directory> <Directory /var/www/subversion.apache.org> Options +Includes AddOutputFilter INCLUDES .html </Directory> AddType text/plain sha512 RewriteEngine On #/mail -> mail-archives.a.o/mod_mbox/#tlp RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.apache.org$ RewriteRule ^/mail/?$ http://mail-archives.apache.org/mod_mbox/#%1 [R=301,L,NE] #/mail -> mail-archives.a.o/mod_mbox/#tlp RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.us.apache.org$ RewriteRule ^/mail/?$ http://mail-archives.apache.org/mod_mbox/#%1 [R=301,L,NE] #/mail -> mail-archives.a.o/mod_mbox/#tlp RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.ipv4.apache.org$ RewriteRule ^/mail/?$ http://mail-archives.apache.org/mod_mbox/#%1 [R=301,L,NE] #/mail -> mail-archives.a.o/mod_mbox/#tlp RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.us.ipv4.apache.org$ RewriteRule ^/mail/?$ http://mail-archives.apache.org/mod_mbox/#%1 [R=301,L,NE] #/mail/* -> mail-archives.a.o/mod_mbox/tlp-list RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.apache.org$ RewriteRule ^/mail/(.*)$ http://mail-archives.apache.org/mod_mbox/%1-$1 [R=301,L] #/mail/* -> mail-archives.a.o/mod_mbox/tlp-list RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.us.apache.org$ RewriteRule ^/mail/(.*)$ http://mail-archives.apache.org/mod_mbox/%1-$1 [R=301,L] #/mail/* -> mail-archives.a.o/mod_mbox/tlp-list RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.ipv4.apache.org$ RewriteRule ^/mail/(.*)$ http://mail-archives.apache.org/mod_mbox/%1-$1 [R=301,L] #/mail/* -> mail-archives.a.o/mod_mbox/tlp-list RewriteCond %%{}{HTTP_HOST} ^([^.]+)\.us.ipv4.apache.org$ RewriteRule ^/mail/(.*)$ http://mail-archives.apache.org/mod_mbox/%1-$1 [R=301,L]