~libravatar/libravatar/master : contents of config/cdn-common.apache2.conf at revision 952

~libravatar/libravatar/master : (revision 952)
# -*-mode: apache;-*-
    DocumentRoot /usr/share/libravatar/static/cdn
    Alias /avatar /var/lib/libravatar/avatar

    # Reduce the size of response body when redirecting
    ErrorDocument 301 " "
    ErrorDocument 302 " "
    ErrorDocument 307 " "

    ExpiresActive On

    # Whitelist paths to be served (assuming server config denies the rest)
    <Directory /usr/share/libravatar/static/cdn>
        FileETag None
        ExpiresDefault "access plus 1 week"
        Require all granted
        Options -Indexes
    </Directory>

    RewriteEngine on
    # For developers wanting to debug the rewrite rules
    #RewriteLogLevel 9
    #RewriteLog /tmp/rewrite.log

    # Redirect to the Libravatar homepage
    RewriteRule  ^/$ https://__WWWSERVERNAME__/ [last,redirect=301,env=longexpiry:1]

    # Remove extensions from filenames
    RewriteRule ^/avatar/([0-9a-f]{32,64})\..*$ /avatar/$1 [next]

    # Pull the size out of the query string and into a subdirectory
    RewriteCond %{QUERY_STRING} ^((?:.*&)?)s(?:ize)?=([0-9]+)((?:&.*)?)$
    RewriteRule ^/avatar/([0-9a-f]{32,64})$ /avatar/%2/$1?%1%3 [next]

    # Add a default size of 80 if it's missing
    RewriteCond %{QUERY_STRING} !^((?:.*&)?)s(?:ize)?=([0-9]+)((?:&.*)?)$
    RewriteRule ^/avatar/([0-9a-f]{32,64})$ /avatar/80/$1 [next]

    # Queries which include a domain need to go to the Django resolver
    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} ^(?:.*&)?domain=([^&]+)(?:&.*)?$
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ https://__WWWSERVERNAME__/resolve/?email_hash=$2&size=$1&https=0 [qsappend,redirect=307,last,env=nocache:1]

    RewriteCond %{HTTPS} on
    RewriteCond %{QUERY_STRING} ^(?:.*&)?domain=([^&]+)(?:&.*)?$
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ https://__WWWSERVERNAME__/resolve/?email_hash=$2&size=$1&https=1 [qsappend,redirect=307,last,env=nocache:1]

    # Serve the file if it exists
    RewriteCond  /var/lib/libravatar%{SCRIPT_FILENAME} -f
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]+)$ /avatar/$1/$2 [passthrough]

    # If the requested size is not available but another is, go to the Django resizer
    RewriteCond %{HTTPS} off
    RewriteCond %{SCRIPT_FILENAME} ^/avatar/([0-9]+)/([0-9a-f]{32,64})$
    RewriteCond /var/lib/libravatar/avatar/%2 -f
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ https://__WWWSERVERNAME__/resize/?email_hash=$2&size=$1&https=0 [redirect=307,last,env=nocache:1]

    RewriteCond %{HTTPS} on
    RewriteCond %{SCRIPT_FILENAME} ^/avatar/([0-9]+)/([0-9a-f]{32,64})$
    RewriteCond /var/lib/libravatar/avatar/%2 -f
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ https://__WWWSERVERNAME__/resize/?email_hash=$2&size=$1&https=1 [redirect=307,last,env=nocache:1]

    # Delegate md5-hashed files that don't exist to Gravatar
    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 !^mm$
    RewriteRule  ^/avatar/([0-9]+)/([0-9a-f]{32})$ http://www.gravatar.com/avatar/$2.jpg?r=g&s=$1&d=%1 [last,redirect=302,noescape,env=longexpiry:1]

    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 ^mm$
    RewriteRule  ^/avatar/([0-9]+)/([0-9a-f]{32})$ http://www.gravatar.com/avatar/$2.jpg?r=g&s=$1&d=http://%{SERVER_NAME}/mm/$1.png  [last,redirect=302,env=longexpiry:1]

    RewriteCond %{HTTPS} off
    RewriteRule  ^/avatar/([0-9]+)/([0-9a-f]{32})$ http://www.gravatar.com/avatar/$2.jpg?r=g&s=$1&d=http://%{SERVER_NAME}/nobody/$1.png  [last,redirect=302,env=longexpiry:1]

    RewriteCond %{HTTPS} on
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteRule  ^/avatar/([0-9]+)/([0-9a-f]{32})$ https://secure.gravatar.com/avatar/$2.jpg?r=g&s=$1&d=%1 [last,redirect,noescape=302,env=longexpiry:1]

    RewriteCond %{HTTPS} on
    RewriteRule  ^/avatar/([0-9]+)/([0-9a-f]{32})$ https://secure.gravatar.com/avatar/$2.jpg?r=g&s=$1&d=https://%{SERVER_NAME}/nobody/$1.png  [last,redirect=302,env=longexpiry:1]

    # Easter egg
    RewriteRule ^/avatar/deadbeef\.? %{DOCUMENT_ROOT}/deadbeef.png [last]

    # File not found (with a "default" parameter)
    RewriteMap url_decode int:unescape

    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 !^(retro|identicon|monsterid|wavatar|mm|404)$
    RewriteRule ^/avatar/ ${url_decode:%1}? [last,redirect=302,env=longexpiry:1]

    # File not found (default=<things we don't support yet>)
    RewriteCond %{HTTPS} off
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 ^(retro|identicon|monsterid|wavatar)$
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ http://www.gravatar.com/avatar/$2.jpg?s=$1&d=%1 [last,redirect=302,env=longexpiry:1]

    RewriteCond %{HTTPS} on
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 ^(retro|identicon|monsterid|wavatar)$
    RewriteRule ^/avatar/([0-9]+)/([0-9a-f]{32,64})$ https://secure.gravatar.com/avatar/$2.jpg?s=$1&d=%1 [last,redirect=302,env=longexpiry:1]

    # File not found (default=404)
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=404(?:&.*)?$
    RewriteRule ^/avatar/ - [last]

    # File not found (default=mm)
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=mm(?:&.*)?$
    RewriteRule ^/avatar/([0-9]+)/ %{DOCUMENT_ROOT}/mm/$1.png [last]

    # File not found
    RewriteRule ^/avatar/([0-9]+)/ %{DOCUMENT_ROOT}/nobody/$1.png [last]
    RewriteRule ^/avatar/ %{DOCUMENT_ROOT}/nobody/80.png [last]

    Header always set Cache-Control "no-transform"
    Header always set Cache-Control "no-store, no-cache, must-revalidate" env=nocache
    Header always set Cache-Control "max-age=86400" env=longexpiry

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/lib/libravatar/avatar>
        FileETag None
        ExpiresDefault "access plus 1 week"
        DefaultType image/jpeg
        Header set Access-Control-Allow-Origin "*"
        Options FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
    </Directory>