1 # DO NOT EDIT - This file is being maintained by Chef
3 WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> processes=2 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000
6 ServerName <%= @user %>.dev.openstreetmap.org
7 ServerAlias <%= @user %>.dev.osm.org
9 ServerAdmin webmaster@openstreetmap.org
12 SSLCertificateFile /etc/ssl/certs/<%= @user %>.dev.openstreetmap.org.pem
13 SSLCertificateKeyFile /etc/ssl/private/<%= @user %>.dev.openstreetmap.org.key
15 # Remove Proxy request header to mitigate https://httpoxy.org/
16 RequestHeader unset Proxy early
19 DocumentRoot <%= @directory %>
20 ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
22 WSGIProcessGroup <%= @user %>.dev.openstreetmap.org
25 #LogLevel rewrite:trace2
27 CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined_extended
28 ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
30 # Prevent abuse by an anonymous AI bot
31 RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
32 RewriteCond %{HTTP_REFERER} ^-?$
33 RewriteCond %{HTTP_USER_AGENT} ((CriOS|Chrome)/[1-9][0-9]?\.0\.|Chrome/100\.0\.|Chrome/122\.0\.0\.0|(Firefox|FxiOS)/[1-6]?[0-9]\.|MSIE\ [5-9]\.0|Opera/[8-9]\.|Windows\ NT\ [3-5]\.|Version/[3-5]\.[0-1]) [NC]
34 RewriteRule ^ - [R=429,L]
36 RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
37 RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
39 <FilesMatch ".+\.ph(p|ps|p3|tml)$">
40 SetHandler "proxy:unix:/run/php/php-<%= @user %>-fpm.sock|fcgi://127.0.0.1"
45 ServerName <%= @user %>.dev.openstreetmap.org
46 ServerAlias <%= @user %>.dev.osm.org
48 ServerAdmin webmaster@openstreetmap.org
50 CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined_extended
51 ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
53 RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
54 RedirectPermanent / https://<%= @user %>.dev.openstreetmap.org/
57 <Directory <%= @directory %>>
58 AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI
59 Options SymLinksIfOwnerMatch Indexes Includes
63 <Directory <%= @directory %>/cgi-bin>
65 Options ExecCGI SymLinksIfOwnerMatch
69 <Directory <%= @directory %>/wsgi-bin>
70 SetHandler wsgi-script
71 Options ExecCGI SymLinksIfOwnerMatch