obs-api 2.7.4-2 / etc / apache2 / sites-available / obs.conf

This file is indexed.

/etc/apache2/sites-available/obs.conf is in obs-api 2.7.4-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
Listen 82
# May needed on old distributions or after an update from them.
#Listen 443

# Passenger defaults
PassengerSpawnMethod "smart"
PassengerMaxPoolSize 20
#RailsEnv "development"

# allow long request urls and being part of headers
LimitRequestLine 20000
LimitRequestFieldsize 20000

# Just the overview page
<VirtualHost *:80>
        # just give an overview about this OBS instance via static web page
        DocumentRoot  "/usr/share/obs/overview"

        <Directory /usr/share/obs/overview>
           Options Indexes
           Allow from all
	   Require all granted
        </Directory>
</VirtualHost>


# Build Results
<VirtualHost *:82>
        # The resulting repositories
        DocumentRoot  "/srv/obs/repos"

        <Directory /srv/obs/repos>
           Options Indexes FollowSymLinks
           Allow from all
	   Require all granted
        </Directory>
</VirtualHost>


# OBS WEBUI & API
<VirtualHost *:443>
        ServerName api

	#  General setup for the virtual host
        DocumentRoot  "/usr/share/obs/api/public"
	ErrorLog /var/log/obs/apache_error_log
	TransferLog /var/log/obs/apache_access_log

        PassengerMinInstances 2
        PassengerPreStart https://api

	SSLEngine on

	#  SSL protocols
	#  Supporting TLS only is adequate nowadays
	SSLProtocol all -SSLv2 -SSLv3

	#   SSL Cipher Suite:
	#   List the ciphers that the client is permitted to negotiate.
	#   We disable weak ciphers by default.
	#   See the mod_ssl documentation or "openssl ciphers -v" for a
	#   complete list.
	SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH

#	SSLCertificateFile /srv/obs/certs/server.crt
#	SSLCertificateKeyFile /srv/obs/certs/server.key

	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        <Directory /usr/share/obs/api/public>
           AllowOverride all
           Options -MultiViews

           # This requires mod_xforward loaded in apache
           # Enable the usage via options.yml
           # This will decrease the load due to long running requests a lot (unloading from rails stack)
           XForward on

           Allow from all
	   Require all granted
        </Directory>

	SetEnvIf User-Agent ".*MSIE [1-5].*" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0

	CustomLog /var/log/apache2/ssl_request_log   ssl_combined


        # from http://guides.rubyonrails.org/asset_pipeline.html
        <LocationMatch "^/assets/.*$">
          Header unset ETag
          FileETag None
          # RFC says only cache for 1 year
          ExpiresActive On
          ExpiresDefault "access plus 1 year"
       </LocationMatch>

	SetEnvIf User-Agent ".*MSIE [1-5].*" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0

        ## Older firefox versions needs this, otherwise it wont cache anything over SSL.
        Header append Cache-Control "public"

	CustomLog /var/log/apache2/ssl_request_log   ssl_combined

</VirtualHost>

APT Browse - Built by Thomas Orozco.