[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 2 commits: swap if for case to make room for osuosl167
Holger Levsen
gitlab at salsa.debian.org
Fri Mar 12 08:12:10 GMT 2021
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
223ae2f4 by Philip Hands at 2021-03-12T09:11:28+01:00
swap if for case to make room for osuosl167
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
a52275c3 by Philip Hands at 2021-03-12T09:11:51+01:00
first try at getting osuosl167 to serve openqa.d.n
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
3 changed files:
- + hosts/osuosl167-amd64/etc/apache2/sites-available/openqa-common.inc
- + hosts/osuosl167-amd64/etc/apache2/sites-available/openqa.debian.net.conf
- update_jdn.sh
Changes:
=====================================
hosts/osuosl167-amd64/etc/apache2/sites-available/openqa-common.inc
=====================================
@@ -0,0 +1,114 @@
+# OpenQA settings for apache2. This file is meant to be shared
+# between the http and the https vhosts.
+#
+DocumentRoot /usr/share/openqa/public
+
+<Directory "/usr/share/openqa/public">
+ AllowOverride None
+ Require all granted
+ <Limit GET POST HEAD>
+ Order Allow,Deny
+ Allow from all
+ Deny from env=bad_bot
+ </Limit>
+</Directory>
+
+<Directory "/var/lib/openqa/share/factory">
+ AllowOverride None
+ Require all granted
+ # Need to set explicit type, see
+ # https://progress.opensuse.org/issues/68362
+ # https://httpd.apache.org/docs/2.4/mod/mod_mime.html#addtype
+ AddType application/octet-stream qcow2
+ <Limit GET POST HEAD>
+ Order Allow,Deny
+ Allow from all
+ Deny from env=bad_bot
+ </Limit>
+</Directory>
+Alias /assets "/var/lib/openqa/share/factory"
+
+<Directory "/var/lib/openqa/images">
+ Options SymLinksIfOwnerMatch
+ AllowOverride None
+ Require all granted
+
+ # Use of ETag is discouraged when Last-Modified is present
+ Header unset ETag
+ FileETag None
+ # RFC says only cache for 1 year
+ ExpiresActive On
+ ExpiresDefault "access plus 1 year"
+ <Limit GET POST HEAD>
+ Order Allow,Deny
+ Allow from all
+ Deny from env=bad_bot
+ </Limit>
+</Directory>
+Alias /image "/var/lib/openqa/images"
+
+<Directory "/var/lib/os-autoinst/tests">
+ AllowOverride None
+ Require all granted
+ <Limit GET POST HEAD>
+ Order Allow,Deny
+ Allow from all
+ Deny from env=bad_bot
+ </Limit>
+</Directory>
+
+<Proxy *>
+ Require all granted
+ <Limit GET POST HEAD>
+ Order Allow,Deny
+ Allow from all
+ Deny from env=bad_bot
+ </Limit>
+</Proxy>
+
+ProxyRequests Off
+ProxyPreserveHost On
+
+ProxyPass /robots.txt !
+ProxyPass /favicon.ico !
+ProxyPass /images !
+ProxyPass /image !
+ProxyPass /javascripts !
+ProxyPass /stylesheets !
+ProxyPass /assets !
+ProxyPass /error !
+
+# ensure websocket connections are handled as such by the reverse proxy while
+# still being able to pass regular HTTP connections through it
+RewriteEngine On
+RewriteCond %{HTTP:Connection} Upgrade [NC]
+RewriteCond %{HTTP:Upgrade} websocket [NC]
+RewriteRule /api/v1/ws/(.*) ws://localhost:9527/ws/$1 [P,L]
+RewriteCond %{HTTP:Connection} Upgrade [NC]
+RewriteCond %{HTTP:Upgrade} websocket [NC]
+RewriteRule /liveviewhandler/(.*) ws://localhost:9528/liveviewhandler/$1 [P,L]
+
+# pass websocket server where the worker connects to port 9527
+ProxyPass "/api/v1/ws/" "http://localhost:9527/ws/" keepalive=On
+
+# pass websocket server to handle live view to port 9528
+ProxyPass "/liveviewhandler/" "http://localhost:9528/liveviewhandler/" keepalive=On
+
+ProxyPass / http://localhost:9526/ keepalive=On
+ProxyPassReverse / http://localhost:9526/
+
+<If "%{HTTPS} == 'on'">
+RequestHeader set X-Forwarded-HTTPS "1"
+RequestHeader set X-Forwarded-Proto "https"
+</If>
+
+HostnameLookups Off
+UseCanonicalName Off
+ServerSignature On
+# TODO: try mojo 7.39 - https://github.com/kraih/mojo/commit/f9ff45e48f606
+SetEnv proxy-nokeepalive 1
+
+# Increase the timeout from 60s (default) to 300s to ensure that the large
+# requests could finish without proxy timeouts problems.
+# This value could be enough but not necessary. More investigation needed
+ProxyTimeout 300
=====================================
hosts/osuosl167-amd64/etc/apache2/sites-available/openqa.debian.net.conf
=====================================
@@ -0,0 +1,60 @@
+<Macro https-redirect $name>
+ <VirtualHost *:80>
+ ServerName $name
+ ServerAdmin holger at layer-acht.org
+ Redirect permanent / https://$name/
+ </VirtualHost>
+</Macro>
+
+<Macro common-directives-ssl $name>
+ SSLEngine on
+ SSLCertificateKeyFile /var/lib/dehydrated/certs/$name/privkey.pem
+ SSLCertificateFile /var/lib/dehydrated/certs/$name/fullchain.pem
+ SSLCipherSuite HIGH:!aNULL:!eNULL:!EXP:!LOW:!MD5
+ SSLHonorCipherOrder on
+ Header always add Strict-Transport-Security "max-age=15552000"
+</Macro>
+
+<Macro block-bots>
+ #block bad bots with a 403
+ SetEnvIf User-Agent "AhrefsBot" bad_bot
+ SetEnvIf User-Agent "Baiduspider" bad_bot
+ SetEnvIf User-Agent "bingbot" bad_bot
+ SetEnvIf User-Agent "DotBot" bad_bot
+ SetEnvIf User-Agent "Exabot" bad_bot
+ SetEnvIf User-Agent "Experibot" bad_bot
+ SetEnvIf User-Agent "facebookexternalhit" bad_bot
+ SetEnvIf User-Agent "FlipboardProxy" bad_bot
+ SetEnvIf User-Agent "Googlebot" bad_bot
+ SetEnvIf User-Agent "ltx71" bad_bot
+ SetEnvIf User-Agent "mediawords" bad_bot
+ SetEnvIf User-Agent "MetaURI" bad_bot
+ SetEnvIf User-Agent "MJ12bot" bad_bot
+ SetEnvIf User-Agent "SemrushBot" bad_bot
+ SetEnvIf User-Agent "Slackbot" bad_bot
+ SetEnvIf User-Agent "Sogou" bad_bot
+ SetEnvIf User-Agent "Twitterbot" bad_bot
+ SetEnvIf User-Agent "yacybot" bad_bot
+ SetEnvIf User-Agent "ZoomBot" bad_bot
+</Macro>
+
+<Macro common-directives $name>
+ ServerName $name
+ ServerAdmin holger at layer-acht.org
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</Macro>
+
+Use https-redirect openqa.debian.net
+
+<VirtualHost *:443>
+ Use common-directives openqa.debian.net
+ Use common-directives-ssl openqa.debian.net
+
+ Include /etc/apache2/sites-available/openqa-common.inc
+ Include /etc/dehydrated/apache.conf
+</VirtualHost>
=====================================
update_jdn.sh
=====================================
@@ -704,14 +704,22 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] ; then
sudo a2enmod macro
sudo a2enmod filter
fi
- if [ "$HOSTNAME" = "jenkins" ] ; then
- sudo a2ensite -q jenkins.debian.net
- sudo chown jenkins-adm.jenkins-adm /etc/apache2/sites-enabled/jenkins.debian.net.conf
- sudo a2enconf -q munin
- else # "$HOSTNAME" = "ionos7-amd64"
- sudo a2ensite -q buildinfos.debian.net
- sudo chown jenkins-adm.jenkins-adm /etc/apache2/sites-enabled/buildinfos.debian.net.conf
- fi
+ case "$HOSTNAME" in
+ jenkins)
+ sudo a2ensite -q jenkins.debian.net
+ sudo chown jenkins-adm.jenkins-adm /etc/apache2/sites-enabled/jenkins.debian.net.conf
+ sudo a2enconf -q munin
+ ;;
+ ionos7-amd64)
+ sudo a2ensite -q buildinfos.debian.net
+ sudo chown jenkins-adm.jenkins-adm /etc/apache2/sites-enabled/buildinfos.debian.net.conf
+ ;;
+ osuosl167-amd64)
+ [ ! -e /etc/apache2/mods-enabled/expires.load ] || sudo a2enmod expires
+ sudo a2ensite -q openqa.debian.net
+ sudo chown jenkins-adm.jenkins-adm /etc/apache2/sites-enabled/openqa.debian.net.conf
+ ;;
+ esac
# for reproducible.d.n url rewriting:
[ -L /var/www/userContent ] || sudo ln -sf /var/lib/jenkins/userContent /var/www/userContent
sudo service apache2 reload
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/6500bf16ec9562a6e5644767044673b73917ebd2...a52275c3e60cf884c1a792cf5b5810593e9e0813
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/6500bf16ec9562a6e5644767044673b73917ebd2...a52275c3e60cf884c1a792cf5b5810593e9e0813
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20210312/1c3d9f26/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list