Unverified Commit 93d449dd authored by Mattia Rizzolo's avatar Mattia Rizzolo
Browse files

Configure apache to require authentication on... 

Configure apache to require authentication on https://tests.reproducible-builds.org/cgi-bin/schedule

More info on https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners



Signed-off-by: Mattia Rizzolo's avatarMattia Rizzolo <mattia@debian.org>
parent a9a895f4

hosts/jenkins/etc/apache2/sites-available/jenkins.debian.net.conf

+12 −0
Original line number Diff line number Diff line
@@ -139,6 +139,18 @@ Use https-redirect www.reproducible-builds.org 
	    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

	    Require all granted

	</Directory>

	# Use the sso.debian.org CA to validate client certificates

	# Keep these files up to date with update-debsso-ca

	SSLCACertificateFile /etc/apache2/ssl/debsso/debsso.crt

	SSLCARevocationCheck chain

	SSLCARevocationFile /etc/apache2/ssl/debsso/debsso.crl

	<Location /cgi-bin/schedule>

		# Export data about the certificate to the environment

		SSLOptions +StdEnvVars

		# Allow access if one does not have a valid certificate,

		# so we can show a decent error message

		SSLVerifyClient optional

	</Location>



	<Proxy *>

		Require all granted