# DO NOT EDIT - This file is being maintained by Chef <% [80, 443].each do |port| -%> > # # Basic server configuration # ServerName <%= node[:fqdn] %> ServerAlias api.openstreetmap.org www.openstreetmap.org 127.0.0.1 ServerAdmin webmaster@openstreetmap.org <% if port == 443 -%> # # Enable SSL # SSLEngine on SSLProxyEngine on <% end -%> # # Setup logging # LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time CustomLog /var/log/apache2/access.log combined_with_time ErrorLog /var/log/apache2/error.log # # Turn on various features # ExpiresActive On RewriteEngine on # # Add the unique ID to the request headers # RequestHeader set X-Request-Id %{UNIQUE_ID}e # # Remove Proxy request header to mitigate https://httpoxy.org/ # RequestHeader unset Proxy early # # Block troublesome GPX data scrapping # RewriteCond %{REQUEST_METHOD} HEAD RewriteRule ^/trace/\d+/data - [F,L] # # Block tilesAtHome # RewriteCond %{HTTP_USER_AGENT} tilesAtHome RewriteRule . - [F,L] # # Block changeset scraper # RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner" RewriteRule . - [F,L] # # Block requests for the old 404 map tile # RewriteRule ^/openlayers/img/404.png$ - [G,L] # # Block attempts to access old API versions # RewriteRule ^/api/0.[12345]/ - [G,L] # # Block JOSM revisions 1722-1727 as they have a serious bug that causes # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804) # RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ $172[234567]$" RewriteRule . - [F,L] # # Block a changeset that seems to lock things up # RewriteRule ^/api/0.6/changeset/6823497/download$ - [F,L] # # Force special MIME type for crossdomain.xml files # ForceType text/x-cross-domain-policy # # Set expiry for assets # Header unset Last-Modified Header unset ETag FileETag None ExpiresDefault "access plus 1 year" # # Set expiry for attachments # Header unset Last-Modified Header unset ETag FileETag None ExpiresDefault "access plus 1 year" # # Set expiry for other static content # ExpiresDefault "access plus 7 days" ExpiresDefault "access plus 10 years" ExpiresDefault "access plus 10 years" ExpiresDefault "access plus 7 days" ExpiresDefault "access plus 10 years" # # Set expiry for Potlatch 1 # ExpiresDefault "access plus 7 days" # # Set expiry for Potlatch 2 # ExpiresByType application/x-shockwave-flash "access plus 1 day" ExpiresByType application/xml "access plus 1 day" ExpiresByType text/css "access plus 1 day" ExpiresByType image/png "access plus 7 days" # # Configure rails # DocumentRoot <%= node[:web][:base_directory] %>/rails/public RailsEnv production PassengerMinInstances 10 PassengerMaxRequests 5000 PassengerMaxRequestQueueSize 250 <% if port == 443 -%> PassengerPreStart https://www.openstreetmap.org/ <% else -%> PassengerPreStart http://www.openstreetmap.org/ <% end -%> SetEnv SECRET_KEY_BASE <%= @secret_key_base %> Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers Alias /stats /store/rails/stats Alias /user/image /store/rails/user/image Alias /attachments /store/rails/attachments # # Preserve the host name when forwarding to the proxy # ProxyPreserveHost on # # Set a long timeout - changeset uploads can take a long time # ProxyTimeout 3600 # # Allow all proxy requests # Require all granted # # Pass some other API calls to the backends via a load balancer # ProxyPass /api/0.6/map balancer://backend/api/0.6/map ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://bytemark$1 ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1 ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1 # # Redirect trac and wiki requests to the right places # RedirectPermanent /trac/ http://trac.openstreetmap.org/ RedirectPermanent /wiki/ http://wiki.openstreetmap.org/ # # Redirect requests for various images to the right place # RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png # # Define a load balancer for the local backends # ProxySet lbmethod=bybusyness <% node[:web][:backends].each do |backend| -%> <% if port == 443 -%> BalancerMember https://<%= backend %> disablereuse=on <% else -%> BalancerMember http://<%= backend %> <% end -%> <% end -%> # # Define a load balancer for the Bytemark backends # ProxySet lbmethod=bybusyness <% ["rails4.bm", "rails5.bm"].each do |backend| -%> <% if port == 443 -%> BalancerMember https://<%= backend %> disablereuse=on <% else -%> BalancerMember http://<%= backend %> <% end -%> <% end -%> <% if port == 80 -%> # # Redirect requests which should be secure to https # RewriteCond %{REQUEST_URI} ^/login(\.html)?$ [OR] RewriteCond %{REQUEST_URI} ^/user/(new|create-account\.html)$ [OR] RewriteCond %{REQUEST_URI} ^/user/terms$ [OR] RewriteCond %{REQUEST_URI} ^/user/save$ [OR] RewriteCond %{REQUEST_URI} ^/user/([^/]+)/account$ [OR] RewriteCond %{REQUEST_URI} ^/user/reset-password$ RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] # # Redirect api requests made to www.osm.org to api.osm.org # # RewriteCond %{HTTP_HOST} =www.openstreetmap.org # RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent] # # Redirect non-api requests made to api.osm.org to www.osm.org # RewriteCond %{HTTP_HOST} =api.openstreetmap.org RewriteCond %{REQUEST_URI} !^/api/ RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent] <% elsif port == 443 -%> # # Redirect api requests made to www.osm.org to api.osm.org # # RewriteCond %{HTTP_HOST} =www.openstreetmap.org # RewriteRule ^/api/(.*)$ https://api.openstreetmap.org/api/$1 [L,NE,R=permanent] # # Redirect non-api requests made to api.osm.org to www.osm.org # RewriteCond %{HTTP_HOST} =api.openstreetmap.org RewriteCond %{REQUEST_URI} !^/api/ RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] <% end -%> <% end -%> ServerName openstreetmap.org.uk ServerAlias www.openstreetmap.org.uk ServerAlias openstreetmap.co.uk ServerAlias www.openstreetmap.co.uk RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics RedirectPermanent / http://www.openstreetmap.org/ ServerName openstreetmap.org ServerAlias * RedirectPermanent / http://www.openstreetmap.org/ ServerName openstreetmap.org ServerAlias * SSLEngine on RedirectPermanent / https://www.openstreetmap.org/ /rails/public> Require all granted Require all granted Require all granted Require all granted Require all granted Require all granted