# DO NOT EDIT - This file is being maintained by Chef # # Basic server configuration # ServerName <%= node[:fqdn] %> ServerAlias api.openstreetmap.org www.openstreetmap.org 127.0.0.1 ServerAdmin webmaster@openstreetmap.org # # Enable SSL # SSLEngine on SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key # # Setup logging # SetEnvIfNoCase Authorization "^Basic " AUTH_METHOD=basic SetEnvIfNoCase Authorization "^OAuth " AUTH_METHOD=oauth1 SetEnvIfExpr "%{QUERY_STRING} =~ /(^|&)oauth_signature=/" AUTH_METHOD=oauth1 SetEnvIfNoCase Authorization "^Bearer " AUTH_METHOD=oauth2 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{AUTH_METHOD}e" combined_with_time CustomLog /var/log/apache2/access.log combined_with_time ErrorLog /var/log/apache2/error.log # # Turn on various features # ExpiresActive On RewriteEngine on # # Configure timeouts # RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20,MinRate=500 # # Add the unique ID to the request headers # RequestHeader set X-Request-Id %{UNIQUE_ID}e # # Remove Proxy request header to mitigate https://httpoxy.org/ # RequestHeader unset Proxy early # # Block troublesome GPX data scrapping # RewriteCond %{REQUEST_METHOD} HEAD RewriteRule ^/trace/\d+/data - [F,L] # # Block tilesAtHome # RewriteCond %{HTTP_USER_AGENT} tilesAtHome RewriteRule . - [F,L] # # Block changeset scraper # RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner" RewriteRule . - [F,L] # # Block attempts to access old API versions # RewriteRule ^/api/0.[12345]/ - [G,L] # # Block JOSM revisions 1722-1727 as they have a serious bug that causes # lat/lon to be swapped (https://josm.openstreetmap.de/ticket/2804) # RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)" RewriteRule . - [F,L] # # Block a changeset that seems to lock things up # RewriteRule ^/api/0.6/changeset/6823497/download$ - [F,L] # # Ignore Vicon Valerus "online" status pings # https://gist.github.com/Firefishy/86ed5b86991b225179b54bbafbcd769e # RewriteCond "%{QUERY_STRING}" "^q=abcde&t=20" RewriteRule "^/api/0\.6/notes/search$" - [R=429,L] # # Force special MIME type for crossdomain.xml files # ForceType text/x-cross-domain-policy # # Set expiry for assets # Header unset Last-Modified FileETag Size ExpiresDefault "access plus 1 year" Header set Cache-Control "immutable, max-age=31536000" # # Set expiry for attachments # Header unset ETag FileETag None ExpiresDefault "access plus 1 year" # # Set expiry for other static content # ExpiresDefault "access plus 7 days" ExpiresDefault "access plus 10 years" Header unset Last-Modified FileETag Size Header always set Cache-Control "public, max-age=31536000, immutable" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" # # Configure rails # DocumentRoot <%= node[:web][:base_directory] %>/rails/public RailsEnv production PassengerMinInstances 10 PassengerMaxRequests 5000 PassengerMaxRequestQueueSize 250 PassengerPreStart https://www.openstreetmap.org/ PassengerAppGroupName rails SetEnv OPENSTREETMAP_STATUS <%= @status %> SetEnv SECRET_KEY_BASE <%= @secret_key_base %> Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico Alias /openlayers <%= node[:web][:base_directory] %>/static/openlayers RedirectPermanent /stats https://planet.openstreetmap.org/statistics # # Pass authentication related headers to cgimap # CGIPassAuth On # # Pass supported calls to cgimap # RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$ RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P] # # Redirect trac and wiki requests to the right places # RedirectPermanent /trac/ https://trac.openstreetmap.org/ RedirectPermanent /wiki/ https://wiki.openstreetmap.org/ # # Redirect requests for various images to the right place # RedirectPermanent /images/osm_logo.png https://www.openstreetmap.org/assets/osm_logo.png RedirectPermanent /images/cc_button.png https://www.openstreetmap.org/assets/cc_button.png # # Redirect api requests made to www.openstreetmap.org to api.openstreetmap.org # # RewriteCond %{HTTP_HOST} =www.openstreetmap.org # RewriteRule ^/api/(.*)$ https://api.openstreetmap.org/api/$1 [L,NE,R=permanent] # # Redirect non-api requests made to api.openstreetmap.org to www.openstreetmap.org # RewriteCond %{HTTP_HOST} =api.openstreetmap.org RewriteCond %{REQUEST_URI} !^/api/ RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] ServerName openstreetmap.org.uk ServerAlias www.openstreetmap.org.uk ServerAlias openstreetmap.co.uk ServerAlias www.openstreetmap.co.uk RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics RedirectPermanent / https://www.openstreetmap.org/ ServerName osm.org Header always set Cache-Control "max-age=31536000" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] RewriteCond %{REQUEST_URI} !^/server-status$ RewriteRule ^(.*)$ https://osm.org$1 [L,NE,R=permanent] ServerName www.osm.org Header always set Cache-Control "max-age=31536000" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] RewriteCond %{REQUEST_URI} !^/server-status$ RewriteRule ^(.*)$ https://www.osm.org$1 [L,NE,R=permanent] ServerName openstreetmap.org Header always set Cache-Control "max-age=31536000" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] RewriteCond %{REQUEST_URI} !^/server-status$ RewriteRule ^(.*)$ https://openstreetmap.org$1 [L,NE,R=permanent] ServerName www.openstreetmap.org ServerAlias * Header always set Cache-Control "max-age=31536000" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" RewriteEngine on RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] RewriteCond %{REQUEST_URI} !^/server-status$ RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] ServerName openstreetmap.org ServerAlias * SSLEngine on SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key Header always set Cache-Control "max-age=31536000" Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" RedirectPermanent / https://www.openstreetmap.org/ /rails/public> Require all granted RewriteCond "%{HTTP:Accept-encoding}" "br" RewriteCond "%{REQUEST_FILENAME}\.br" -s RewriteRule "^(.*)\.(css|ico|js|json|svg|xml)$" "$1\.$2\.br" [QSA] RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.(css|ico|js|json|svg|xml)$" "$1\.$2\.gz" [QSA] RewriteRule "\.css\.(br|gz)$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1] RewriteRule "\.ico\.(br|gz)$" "-" [T=image/vnd.microsoft.icon,E=no-gzip:1,E=no-brotli:1] RewriteRule "\.js\.(br|gz)$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1] RewriteRule "\.json\.(br|gz)$" "-" [T=application/json,E=no-gzip:1,E=no-brotli:1] RewriteRule "\.svg\.(br|gz)$" "-" [T=image/svg+xml,E=no-gzip:1,E=no-brotli:1] RewriteRule "\.xml\.(br|gz)$" "-" [T=application/xml,E=no-gzip:1,E=no-brotli:1] Header append Content-Encoding br Header append Vary Accept-Encoding Header append Content-Encoding gzip Header append Vary Accept-Encoding Require all granted Require all granted Require all granted