# DO NOT EDIT - This file is being maintained by Chef
<% [80, 443].each do |port| -%>
>
  #
  # Basic server configuration
  #
  ServerName <%= node[:fqdn] %>
  ServerAlias api.openstreetmap.org www.openstreetmap.org
  ServerAdmin webmaster@openstreetmap.org
<% if port == 443 -%>
  #
  # Enable SSL
  #
  SSLEngine on
  SSLProxyEngine on
<% end -%>
  #
  # Setup logging
  #
  LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time
  CustomLog /var/log/apache2/access.log combined_with_time
  ErrorLog /var/log/apache2/error.log
  #
  # Turn on various features
  #
  ExpiresActive On
  RewriteEngine on
  #
  # Add the unique ID to the request headers
  #
  RequestHeader set X-Request-Id %{UNIQUE_ID}e
  #
  # Remove Proxy request header to mitigate https://httpoxy.org/
  #
  RequestHeader unset Proxy early
  #
  # Block troublesome GPX data scrapping
  #
  RewriteCond %{REQUEST_METHOD} HEAD
  RewriteRule ^/trace/\d+/data - [F,L]
  #
  # Block tilesAtHome
  #
  RewriteCond %{HTTP_USER_AGENT} tilesAtHome
  RewriteRule . - [F,L]
  #
  # Block changeset scraper
  #
  RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner"
  RewriteRule . - [F,L]  
  #
  # Block requests for the old 404 map tile
  #
  RewriteRule ^/openlayers/img/404.png$ - [G,L]
  #
  # Block attempts to access old API versions
  #
  RewriteRule ^/api/0.[12345]/ - [G,L]
  #
  # Block JOSM revisions  1722-1727 as they have a serious bug that causes
  # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
  #
  RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)"
  RewriteRule . - [F,L]
  #
  # Block a changeset that seems to lock things up
  #
  RewriteRule ^/api/0.6/changeset/6823497/download$ - [F,L]
  #
  # Force special MIME type for crossdomain.xml files
  #
  
    ForceType text/x-cross-domain-policy
  
  #
  # Set expiry for assets
  #
  
    Header unset Last-Modified
    Header unset ETag
    FileETag None
    ExpiresDefault "access plus 1 year"
  
  #
  # Set expiry for attachments
  #
  
    Header unset Last-Modified
    Header unset ETag
    FileETag None
    ExpiresDefault "access plus 1 year"
  
  #
  # Set expiry for other static content
  #
  
    ExpiresDefault "access plus 7 days"
  
  
    ExpiresDefault "access plus 10 years"
  
  
    ExpiresDefault "access plus 10 years"
  
  
    ExpiresDefault "access plus 7 days"
  
  
    ExpiresDefault "access plus 10 years"
  
  #
  # Set expiry for Potlatch 1
  #
  
    ExpiresDefault "access plus 7 days"
  
  #
  # Set expiry for Potlatch 2
  #
  
    ExpiresByType application/x-shockwave-flash "access plus 1 day"
    ExpiresByType application/xml "access plus 1 day"
    ExpiresByType text/css "access plus 1 day"
    ExpiresByType image/png "access plus 7 days"
  
  #
  # Configure rails
  #
  DocumentRoot <%= node[:web][:base_directory] %>/rails/public
  RailsEnv production
  PassengerMinInstances 10
  PassengerMaxRequests 5000
  PassengerMaxRequestQueueSize 250
<% if port == 443 -%>
  PassengerPreStart https://www.openstreetmap.org/
<% else -%>
  PassengerPreStart http://www.openstreetmap.org/
<% end -%>
  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
  Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico
  Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
  Alias /stats /store/rails/stats
  Alias /user/image /store/rails/user/image
  Alias /attachments /store/rails/attachments
  #
  # Preserve the host name when forwarding to the proxy
  #
  ProxyPreserveHost on
  #
  # Set a long timeout - changeset uploads can take a long time
  #
  ProxyTimeout 3600
  #
  # Allow all proxy requests
  #
  
    Require all granted
  
  #
  # Pass some other API calls to the backends via a load balancer
  #
  ProxyPass /api/0.6/map balancer://backend/api/0.6/map
  ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints
  ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read
  ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints
  ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://bytemark$1
  ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://backend$1
  ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1
  ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1
  ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes
  ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways
  ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations
  ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1
  #
  # Redirect trac and wiki requests to the right places
  #
  RedirectPermanent /trac/ http://trac.openstreetmap.org/
  RedirectPermanent /wiki/ http://wiki.openstreetmap.org/
  #
  # Redirect requests for various images to the right place
  #
  RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
  RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
  #
  # Define a load balancer for the local backends
  #
  
    ProxySet lbmethod=bybusyness
<% node[:web][:backends].each do |backend| -%>
<% if port == 443 -%>
    BalancerMember https://<%= backend %> disablereuse=on
<% else -%>
    BalancerMember http://<%= backend %>
<% end -%>
<% end -%>
  
  #
  # Define a load balancer for the Bytemark backends
  #
  
    ProxySet lbmethod=bybusyness
<% ["rails4.bm", "rails5.bm"].each do |backend| -%>
<% if port == 443 -%>
    BalancerMember https://<%= backend %> disablereuse=on
<% else -%>
    BalancerMember http://<%= backend %>
<% end -%>
<% end -%>
  
<% if port == 80 -%>
  #
  # Redirect requests which should be secure to https
  #
  RewriteCond %{REQUEST_URI} ^/login(\.html)?$ [OR]
  RewriteCond %{REQUEST_URI} ^/user/(new|create-account\.html)$ [OR]
  RewriteCond %{REQUEST_URI} ^/user/terms$ [OR]
  RewriteCond %{REQUEST_URI} ^/user/save$ [OR]
  RewriteCond %{REQUEST_URI} ^/user/([^/]+)/account$ [OR]
  RewriteCond %{REQUEST_URI} ^/user/reset-password$
  RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
  #
  # Redirect api requests made to www.osm.org to api.osm.org
  #
#  RewriteCond %{HTTP_HOST} =www.openstreetmap.org
#  RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent]
  #
  # Redirect non-api requests made to api.osm.org to www.osm.org
  #
  RewriteCond %{HTTP_HOST} =api.openstreetmap.org
  RewriteCond %{REQUEST_URI} !^/api/
  RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
<% elsif port == 443 -%>
  #
  # Redirect api requests made to www.osm.org to api.osm.org
  #
#  RewriteCond %{HTTP_HOST} =www.openstreetmap.org
#  RewriteRule ^/api/(.*)$ https://api.openstreetmap.org/api/$1 [L,NE,R=permanent]
  #
  # Redirect non-api requests made to api.osm.org to www.osm.org
  #
  RewriteCond %{HTTP_HOST} =api.openstreetmap.org
  RewriteCond %{REQUEST_URI} !^/api/
  RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
<% end -%>
<% end -%>
  ServerName openstreetmap.org
  ServerAlias maps.openstreetmap.org mapz.openstreetmap.org
  ServerAlias openstreetmap.com www.openstreetmap.com
  ServerAlias maps.openstreetmap.com mapz.openstreetmap.com
  ServerAlias openstreetmap.net www.openstreetmap.net
  ServerAlias maps.openstreetmap.net mapz.openstreetmap.net
  ServerAlias openstreetmap.ca www.openstreetmap.ca
  ServerAlias maps.openstreetmap.ca mapz.openstreetmap.ca
  ServerAlias openstreetmap.eu www.openstreetmap.eu
  ServerAlias maps.openstreetmap.eu mapz.openstreetmap.eu
  ServerAlias openstreetmap.pro www.openstreetmap.pro
  ServerAlias maps.openstreetmap.pro mapz.openstreetmap.pro
  ServerAlias openstreetmaps.org www.openstreetmaps.org
  ServerAlias maps.openstreetmaps.org mapz.openstreetmaps.org
  ServerAlias osm.org www.osm.org
  ServerAlias maps.osm.org mapz.osm.org
  ServerAlias openmaps.org www.openmaps.org
  ServerAlias maps.openmaps.org mapz.openmaps.org
  ServerAlias openstreetmap.io www.openstreetmap.io
  ServerAlias maps.openstreetmap.io mapz.openstreetmap.io
  ServerAlias osm.io www.osm.io
  ServerAlias maps.osm.io mapz.osm.io
  ServerAlias openworldmap.org www.openworldmap.org
  ServerAlias maps.openworldmap.org mapz.openworldmap.org
  ServerAlias freeosm.org www.freeosm.org
  ServerAlias maps.freeosm.org mapz.freeosm.org
  ServerAlias open-maps.org www.open-maps.org
  ServerAlias maps.open-maps.org mapz.open-maps.org
  ServerAlias open-maps.com www.open-maps.com
  ServerAlias maps.open-maps.com mapz.open-maps.com
  ServerAlias osmbugs.org www.osmbugs.org
  ServerAlias maps.osmbugs.org mapz.osmbugs.org
  #Third Party Sites
  ServerAlias openstreetmap.pm www.openstreetmap.pm
  RedirectPermanent / http://www.openstreetmap.org/
  ServerName openstreetmap.org
  ServerAlias maps.openstreetmap.org mapz.openstreetmap.org
  SSLEngine on
  RedirectPermanent / https://www.openstreetmap.org/
  ServerName openstreetmap.org.uk
  ServerAlias www.openstreetmap.org.uk
  ServerAlias openstreetmap.co.uk
  ServerAlias www.openstreetmap.co.uk
  RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics
  RedirectPermanent / http://www.openstreetmap.org/
/rails/public>
  Require all granted
  Require all granted
  Require all granted
  Require all granted
  Require all granted
  Require all granted