# DO NOT EDIT - This file is being maintained by Chef ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> <% end -%> ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> ServerAdmin webmaster@openstreetmap.org SSLEngine on SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined ErrorLog /var/log/apache2/<%= @name %>-secure-error.log <% end -%> DocumentRoot <%= @directory %> php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" php_value memory_limit 128M php_value max_execution_time 240 php_value upload_max_filesize 70M php_value post_max_size 100M RewriteCond %{SERVER_NAME} !=<%= @name %> RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent] RedirectMatch 301 ^/$ /wiki/Main_Page #Historical Compatibility Links RedirectMatch 301 ^/index\.php$ /w/index.php RedirectMatch 301 ^/index\.php/(.*)$ /wiki/$1 RedirectMatch 301 ^/skins/(.*)$ /w/skins/$1 RedirectMatch 301 ^/images/(.*)$ /w/images/$1 RedirectMatch 301 ^/api\.php$ /w/api.php RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php Alias /wiki <%= @directory %>/w/index.php #Support /pagename -> /wiki/pagename RewriteEngine on RewriteCond %{REQUEST_URI} !^/w/ RewriteCond %{REQUEST_URI} !^/wiki/ RewriteCond %{REQUEST_URI} !^/index\.php RewriteCond %{REQUEST_URI} !^/skins/ RewriteCond %{REQUEST_URI} !^/images/ RewriteCond %{REQUEST_URI} !^/api\.php$ RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{REQUEST_URI} !^/.well-known/ RewriteCond %{LA-U:REQUEST_FILENAME} !-f RewriteCond %{LA-U:REQUEST_FILENAME} !-d RewriteRule ^/(.*) /wiki/$1 [R,L] > Options -Indexes Require all granted /w/images/> # No php execution in the upload area php_admin_flag engine off Options -ExecCGI -Includes -Indexes AllowOverride None AddType text/plain .html .htm .shtml <% if @private -%> Require all denied <% end -%> /w/images/thumb/> RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B] /w/maintenance/> Require all denied /w/LocalSettings.php> Require all denied /w/cache/> Options -ExecCGI -Includes -Indexes AllowOverride None AddType text/plain .html .htm .shtml php_admin_flag engine off Require all denied Require all denied Require all denied