# DO NOT EDIT - This file is being maintained by Chef

WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> processes=2 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000

<VirtualHost *:443>
	ServerName <%= @user %>.dev.openstreetmap.org
	ServerAlias <%= @user %>.dev.osm.org

	ServerAdmin webmaster@openstreetmap.org

	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/<%= @user %>.dev.openstreetmap.org.pem
	SSLCertificateKeyFile /etc/ssl/private/<%= @user %>.dev.openstreetmap.org.key

	# Remove Proxy request header to mitigate https://httpoxy.org/
	RequestHeader unset Proxy early

	UseCanonicalName Off
	DocumentRoot <%= @directory %>
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

	WSGIProcessGroup <%= @user %>.dev.openstreetmap.org

	RewriteEngine on
	#LogLevel rewrite:trace2

	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined_extended
	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log

	# Prevent abuse by an anonymous AI bot
	RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
	RewriteCond %{HTTP_REFERER} ^-?$
	RewriteCond %{HTTP_USER_AGENT} ((CriOS|Chrome)/[1-9][0-9]?\.0\.|Chrome/100\.0\.|Chrome/122\.0\.0\.0|(Firefox|FxiOS)/[1-6]?[0-9]\.|MSIE\ [5-9]\.0|Opera/[8-9]\.|Windows\ NT\ [3-5]\.|Version/[3-5]\.[0-1]) [NC]
	RewriteRule ^ - [R=429,L]

	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]

	<FilesMatch ".+\.ph(p|ps|p3|tml)$">
		SetHandler "proxy:unix:/run/php/php-<%= @user %>-fpm.sock|fcgi://127.0.0.1"
	</FilesMatch>
</VirtualHost>

<VirtualHost *:80>
	ServerName <%= @user %>.dev.openstreetmap.org
	ServerAlias <%= @user %>.dev.osm.org

	ServerAdmin webmaster@openstreetmap.org

	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined_extended
	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log

	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
	RedirectPermanent / https://<%= @user %>.dev.openstreetmap.org/
</VirtualHost>

<Directory <%= @directory %>>
	AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI
	Options SymLinksIfOwnerMatch Indexes Includes
	Require all granted
</Directory>

<Directory <%= @directory %>/cgi-bin>
	SetHandler cgi-script
	Options ExecCGI SymLinksIfOwnerMatch
	Require all granted
</Directory>

<Directory <%= @directory %>/wsgi-bin>
	SetHandler wsgi-script
	Options ExecCGI SymLinksIfOwnerMatch
	Require all granted
</Directory>