nominatim: add read timeout to apache

[chef.git] / cookbooks / nominatim / templates / default / apache.erb

# DO NOT EDIT - This file is being maintained by Chef

<% [80, 443].each do |port| -%>
<VirtualHost *:<%= port %>>
    ServerName <%= node[:fqdn] %>
    ServerAlias nominatim.openstreetmap.org
    ServerAlias nominatim.osm.org
    ServerAlias nominatim.openstreetmap.com
    ServerAlias nominatim.openstreetmap.net
    ServerAlias nominatim.openstreetmaps.org
    ServerAlias nominatim.openmaps.org
    ServerAdmin webmaster@openstreetmap.org

<% if port == 443 -%>
    # Enable SSL
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
    SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
<% else -%>
    # Redirect ACME challenges for certificate issuance
    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
<% end -%>

    # Remove Proxy request header to mitigate https://httpoxy.org/
    RequestHeader unset Proxy early

    RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500

    CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
    ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log

    DocumentRoot <%= @directory %>/website
    <Directory "<%= @directory %>/website/">
        DirectoryIndex search.php
        Options FollowSymLinks
        Require all granted
    </Directory>

    ProxyPassMatch ^/([^/]*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%><%= @directory %>/website/$1

    <% @pools.each do |name,details| -%>
    Alias /pool-<%= name %>/ "<%= @directory %>/website/"
    <% node[:nominatim][:redirects].each do |url,host| -%>
    ProxyPassMatch ^/pool-<%= name %>/(<%= url %>\.php(/.*)?) http<% if port == 443 -%>s<% end -%>://<%= host %>/pool-<%= name %>/$1
    <% end -%>
    ProxyPassMatch ^/pool-<%= name %>/(.*\.php(/.*)?) fcgi://127.0.0.1:<%= details[:port ]%><%= @directory %>/website/$1
    <% end -%>

    Redirect 429 /pool-block/
    ErrorDocument 429 /509.html
    <Location /pool-block>
        ErrorDocument 429 /509.html
    </Location>
    Redirect 403 /pool-ban/
    <Location /pool-ban>
        ErrorDocument 403 /403.html
    </Location>
    ErrorDocument 403 /403.html

    RewriteEngine On

    # manual blocks
    Include <%= @directory %>/settings/apache_blocks.conf

    # regular requests and autoblocks
    RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
    RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
    RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]

</VirtualHost>

<% end -%>