diff options
author | Michael Hudson <michael.hudson@linaro.org> | 2011-02-07 11:50:33 +1300 |
---|---|---|
committer | Michael Hudson <michael.hudson@linaro.org> | 2011-02-07 11:50:33 +1300 |
commit | 0289917eac057143f3e7febf019ce70f3d170d49 (patch) | |
tree | 7747d7adcf367ce5b139d3b3dff818b516efbebf /control | |
parent | feb67d8ba50c6fe9743591538650294504e87c8f (diff) |
this probably sets up remote https access to hudson
Diffstat (limited to 'control')
-rwxr-xr-x | control/setup-control-node | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/control/setup-control-node b/control/setup-control-node index cc8bd43..450778a 100755 --- a/control/setup-control-node +++ b/control/setup-control-node @@ -40,25 +40,52 @@ bzr co ~jenkins jenkins-config # +++ APACHE +++ # enable mod proxy -# sudo apt-get install -y apache2 -# sudo a2enmod proxy -# sudo a2enmod proxy_http -# -# cat << EOF | sudo tee /etc/apache2/conf.d/jenkins > /dev/null -# ProxyPass / http://localhost:8080/jenkins -# ProxyPassReverse / http://localhost:8080/jenkins -# ProxyRequests Off -# -# # Local reverse proxy authorization override -# # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) -# <Proxy http://localhost:8088/*> -# Order deny,allow -# Allow from all -# </Proxy> -# EOF -# -# sudo /etc/init.d/apache2 reload +sudo apt-get install -y apache2 +sudo a2enmod proxy +sudo a2enmod proxy_http + +# make self-signed certificate +cat <<EOF > /tmp/ssleay.conf +RANDFILE = /dev/urandom +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +prompt = no +policy = policy_anything +[ req_distinguished_name ] +commonName = android-build.linaro.org +EOF +sudo openssl req -config /tmp/ssleay.cnf -new -x509 -days 3650 -nodes -out /etc/ssl/private/android-build.linaro.org.crt +sudo chmod go-a /etc/ssl/private/android-build.linaro.org.crt +rm /tmp/ssleay.conf + +cat <<EOF | sudo tee /etc/apache2/sites-available/android-build.linaro.org > /dev/null +<VirtualHost _default_:443> + ServerAdmin webmaster@localhost + ServerName android-build.linaro.org + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + ProxyPreserveHost on + ProxyPass / http://localhost:8080/ retry=1 + + SSLEngine on + SSLCertificateFile /etc/ssl/private/android-build.linaro.org.crt + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + +</VirtualHost> +EOF +sudo a2ensite android-build.linaro.org +sudo apache2ctl graceful # # +++ android mirror +++ |