r/gitea: Serve kickstarts over HTTP

I want to use Gita as the canonical source for Anaconda kickstart scripts. There are certain situations, however, where they cannot be accessed via HTTPS, such as on a Raspberry Pi without an RTC, since it cannot validate the certificate without the correct time. Thus, the web server must not force an HTTPS redirect for these, but serve them directly.
2024-12-27 10:43:25 -06:00
parent a00ffd10df
commit e51e933661
2 changed files with 23 additions and 13 deletions
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -79,6 +79,8 @@
    dest: /etc/httpd/conf.d/gitea.conf
    mode: u=rw,go=r
  notify: reload httpd
+  tags:
+  - apache
 - name: ensure selinux allows apache to proxy for gitea
  seboolean:
    name=httpd_can_network_connect
--- a/roles/gitea/templates/gitea.httpd.conf.j2
+++ b/roles/gitea/templates/gitea.httpd.conf.j2
@@ -1,7 +1,23 @@
-# vim: set ft=apache :
-RewriteEngine on
-RewriteCond %{HTTPS} !on
-RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+{#- vim: set ft=apache.jinja : -#}
+# vim: set sw=4 ts=4 sts=4 et :
+{% macro proxypass() -%}
+ProxyPreserveHost On
+ProxyRequests Off
+ProxyPass / http://localhost:3000/ nocanon
+ProxyPassReverse / http://localhost:3000/
+AllowEncodedSlashes NoDecode
+{%- endmacro -%}
+
+<VirtualHost _default_:80>
+    ServerName {{ gitea_http_domain }}
+
+    RewriteEngine on
+    RewriteCond %{HTTPS} !on
+    RewriteCond %{REQUEST_FILENAME} !\.ks$
+    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+
+    {{ proxypass() | indent(4) }}
+</VirtualHost>

 <VirtualHost _default_:443>
    ServerName {{ gitea_http_domain }}
@@ -10,16 +26,8 @@ RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
    SSLCertificateKeyFile {{ gitea_ssl_certificate_key }}
    SSLCertificateChainFile {{ gitea_ssl_certificate }}

-    RewriteEngine On
-    RewriteCond %{HTTPS} !on
-    RewriteRule /.* https://%{SERVER_NAME}$0
-
    Header always set \
        Strict-Transport-Security "max-age=63072000; includeSubDomains"

-    ProxyPreserveHost On
-    ProxyRequests Off
-    ProxyPass / http://localhost:3000/ nocanon
-    ProxyPassReverse / http://localhost:3000/
-    AllowEncodedSlashes NoDecode
+    {{ proxypass() | indent(4) }}
 </VirtualHost>