[PATCH] Move pagure.io above pagure.org to server pagure.io SSL ceret by default

Wed Aug 5 08:29:31 UTC 2015

---
 roles/pagure/frontend/templates/0_pagure.conf | 72 ++++++++++++++-------------
 1 file changed, 37 insertions(+), 35 deletions(-)

diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf
index 05bb090..34b71d7 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -6,6 +6,8 @@ WSGIPassAuthorization On
 WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=4 threads=4 inactivity-timeout=300
 WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300
 
+## Redirects http -> https
+
 <VirtualHost *:80>
 {% if env == 'pagure-staging' %}
   ServerName stg.pagure.io
@@ -16,7 +18,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 {% endif %}
 </VirtualHost>
 
-
 <VirtualHost *:80>
 {% if env == 'pagure-staging' %}
   ServerName docs.stg.pagure.org
@@ -49,40 +50,7 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 {% endif %}
 </VirtualHost>
 
-
-<VirtualHost *:443>
-{% if env == 'pagure-staging' %}
-  ServerName docs.stg.pagure.org
-{% else %}
-  ServerName docs.pagure.org
-{% endif %}
-
-  WSGIScriptAlias / /var/www/docs_pagure.wsgi
-
-  SSLEngine on
-  SSLProtocol all -SSLv2 -SSLv3
-  # Use secure TLSv1.1 and TLSv1.2 ciphers
-  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
-
-  SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
-  SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
-  SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
-
-  Alias /static /usr/lib/python2.7/site-packages/pagure/static/
-
-  <Location />
-    WSGIProcessGroup paguredocs
-    <IfModule mod_authz_core.c>
-      # Apache 2.4
-      Require all granted
-    </IfModule>
-    <IfModule !mod_authz_core.c>
-      # Apache 2.2
-      Order deny,allow
-      Allow from all
-    </IfModule>
-   </Location>
-</VirtualHost>
+## End of redirects http -> https
 
 
 <VirtualHost *:443>
@@ -149,3 +117,37 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 
 </VirtualHost>
 
+<VirtualHost *:443>
+{% if env == 'pagure-staging' %}
+  ServerName docs.stg.pagure.org
+{% else %}
+  ServerName docs.pagure.org
+{% endif %}
+
+  WSGIScriptAlias / /var/www/docs_pagure.wsgi
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  # Use secure TLSv1.1 and TLSv1.2 ciphers
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
+  SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
+  SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
+
+  Alias /static /usr/lib/python2.7/site-packages/pagure/static/
+
+  <Location />
+    WSGIProcessGroup paguredocs
+    <IfModule mod_authz_core.c>
+      # Apache 2.4
+      Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+      # Apache 2.2
+      Order deny,allow
+      Allow from all
+    </IfModule>
+   </Location>
+</VirtualHost>
+
-- 
2.1.0

