This is an automated email from the ASF dual-hosted git repository. sebb pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push: new ee9364df Resynch with latest ee9364df is described below commit ee9364df1e96fae75f2a58c93ea4abc35a6b9307 Author: Sebb <s...@apache.org> AuthorDate: Tue Jan 2 17:31:08 2024 +0000 Resynch with latest --- docker-config/whimsy.conf | 230 ++++++++++++++++++++++++---------------------- 1 file changed, 120 insertions(+), 110 deletions(-) diff --git a/docker-config/whimsy.conf b/docker-config/whimsy.conf index feb65a19..e62e6b93 100644 --- a/docker-config/whimsy.conf +++ b/docker-config/whimsy.conf @@ -13,33 +13,6 @@ ## Vhost docroot DocumentRoot "/srv/whimsy/www" - # Redirect all request to a 503 return code when in maintenance mode - ErrorDocument 503 /503.html - - RewriteEngine on - # Allow access to error pages - RewriteCond %{REQUEST_URI} !^/\d\d\d.html$ - # Allow access to assets - RewriteCond %{REQUEST_URI} !^/assets/ - RewriteCond %{REQUEST_URI} !^/icons/ - RewriteCond %{REQUEST_URI} !=/whimsy.svg - RewriteCond %{REQUEST_URI} !=/favicon.ico - # Allow access to JSON files - RewriteCond %{REQUEST_URI} !^/public$ - RewriteCond %{REQUEST_URI} !^/public/ - # Access to linked docs - RewriteCond %{REQUEST_URI} !=/test/dataflow.cgi - RewriteCond %{REQUEST_URI} !=/test/dataflow.json - # Don't redirect 503 page! - RewriteCond %{REQUEST_URI} !=/503.html - RewriteCond %{REQUEST_URI} !=/maintenance.txt - RewriteCond /srv/whimsy/www/maintenance.txt -f - RewriteRule ^ - [R=503,L] - - # Redirect away from the maintenance page if not in maintenance mode - RewriteCond /srv/whimsy/www/maintenance.txt !-f - RewriteRule ^/503.html$ / [R,L] - ## Directories, there should at least be a declaration for /srv/whimsy/www <Directory "/srv/whimsy/www"> @@ -54,7 +27,6 @@ CustomLog "/var/log/apache2/whimsy_access.log" combined ## Server aliases - ## ServerAlias whimsy6.apache.org ## ServerAlias whimsy.apache.org ## Custom fragment @@ -63,6 +35,8 @@ PassengerFriendlyErrorPages on +AddCharset UTF-8 .json + # Needed for Git to be able to find .gitconfig SetEnv HOME /var/www @@ -70,8 +44,6 @@ SetEnv HOME /var/www SetEnv LANG C.UTF-8 SetEnv LC_ALL C.UTF-8 -AddCharset UTF-8 .json - ExpiresActive On <Directory /srv/whimsy/www/> AddHandler cgi-script .cgi @@ -97,6 +69,16 @@ ExpiresActive On <Directory /srv/whimsy/www/logs> Options +Indexes + AuthType Basic + AuthName "ASF Members" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPGroupAttribute memberUid + AuthLDAPGroupAttributeIsDN off + AuthLDAPMaxSubGroupDepth 0 + Require ldap-group cn=member,ou=groups,dc=apache,dc=org </Directory> <Directory /srv/whimsy/www/members/log> @@ -108,6 +90,10 @@ ExpiresActive On AllowOverride FileInfo </Directory> +<Directory /srv/whimsy/www/test/public> + Require all granted +</Directory> + RewriteEngine on RewriteRule ^.*$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] @@ -126,6 +112,47 @@ ErrorDocument 401 /401.html ErrorDocument 404 /404.html ErrorDocument 500 /500.html +#++ Maintenance page setup + +# To enable maintenance mode, create the file +# /srv/whimsy/www/maintenance.txt +# This should ideally contain brief details of the maintenance outage +# as the file is linked from the 503 page. +# However an empty file will work +# To end maintenance, remove the file. + +# Redirect all requests to a 503 return code when in maintenance mode +ErrorDocument 503 /503.html + +RewriteEngine on + +# Check the marker file first +RewriteCond /srv/whimsy/www/maintenance.txt -f + +# Allow access to error pages +RewriteCond %{REQUEST_URI} !^/\d\d\d.html$ +# Allow access to assets +RewriteCond %{REQUEST_URI} !^/assets/ +RewriteCond %{REQUEST_URI} !^/icons/ +RewriteCond %{REQUEST_URI} !=/whimsy.svg +RewriteCond %{REQUEST_URI} !=/favicon.ico +# Allow access to JSON files +RewriteCond %{REQUEST_URI} !^/public$ +RewriteCond %{REQUEST_URI} !^/public/ +# Access to linked docs +RewriteCond %{REQUEST_URI} !=/test/dataflow.cgi +RewriteCond %{REQUEST_URI} !=/test/dataflow.json +# Don't redirect 503 page! +RewriteCond %{REQUEST_URI} !=/503.html +RewriteCond %{REQUEST_URI} !=/maintenance.txt +RewriteRule ^ - [R=503,L] + +# Redirect away from the maintenance page if not in maintenance mode +RewriteCond /srv/whimsy/www/maintenance.txt !-f +RewriteRule ^/503.html$ / [R,L] + +#-- Maintenance page setup + Alias /board/agenda/ /srv/whimsy/www/board/agenda/public <Location /board/agenda> @@ -228,86 +255,6 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org </Directory> -<Directory /srv/whimsy/www/test/roster> - AuthType Basic - AuthName "ASF Committers" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org -</Directory> - -<Directory /srv/whimsy/www/test/public> - Require all granted -</Directory> - -<Directory /srv/whimsy/www/test/committer> - AuthType Basic - AuthName "ASF committer" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - Require ldap-alias-committer -</Directory> - -<Directory /srv/whimsy/www/test/member> - AuthType Basic - AuthName "ASF Members" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - Require ldap-alias-member -</Directory> - -<Directory /srv/whimsy/www/test/incubator> - AuthType Basic - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - AuthName "Incubator PMC" - Require ldap-alias-incubator-pmc -</Directory> - -<Directory /srv/whimsy/www/test/member-incubator> - AuthType Basic - AuthName "ASF Members and Incubator PMC" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - <RequireAny> - Require ldap-alias-member - Require ldap-alias-incubator-pmc - </RequireAny> -</Directory> - -<Directory /srv/whimsy/www/test/pmc-chair> - AuthType Basic - AuthName "ASF PMC Chairs" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - Require ldap-alias-pmc-chair -</Directory> - -<Directory /srv/whimsy/www/test/secretary> - AuthType Basic - AuthName "ASF secretarial team" - AuthBasicProvider ldap - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" - Require ldap-alias-secretary -</Directory> - <LocationMatch ^/incubator/moderators> AuthType Basic AuthName "ASF Members and Incubator PMC" @@ -477,6 +424,69 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public </RequireAny> </LocationMatch> +<Directory /srv/whimsy/www/test/committer> + AuthType Basic + AuthName "ASF Committer" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + Require ldap-alias-committer +</Directory> + +<Directory /srv/whimsy/www/test/member> + AuthType Basic + AuthName "ASF Member" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + Require ldap-alias-member +</Directory> + +<Directory /srv/whimsy/www/test/incubator> + AuthType Basic + AuthName "Incubator PMC" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + Require ldap-alias-incubator-pmc +</Directory> + +<Directory /srv/whimsy/www/test/member-incubator> + AuthType Basic + AuthName "ASF Members and Incubator PMC" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + <RequireAny> + Require ldap-alias-member + Require ldap-alias-incubator-pmc + </RequireAny> +</Directory> + +<Directory /srv/whimsy/www/test/pmc-chair> + AuthType Basic + AuthName "PMC Chair" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + Require ldap-alias-pmc-chair +</Directory> + +<Directory /srv/whimsy/www/test/secretary> + AuthType Basic + AuthName "Secretary" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn%> + AuthLDAPBindPassword "<%= ldapbindpw%>" + Require ldap-alias-secretary +</Directory> + # Needs libapache2-mod-svn to be installed # These are separate repos, as per the real ones <Location /repos/asf>