# DO NOT EDIT - This file is being maintained by Chef ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> <% end -%> ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ <% unless @aliases.empty? -%> ServerName <%= @aliases.first %> <% @aliases.slice(1..-1).each do |alias_name| -%> ServerAlias <%= alias_name %> <% end -%> ServerAdmin webmaster@openstreetmap.org SSLEngine on SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log RedirectPermanent / https://<%= @name %>/ <% end -%> ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org SSLEngine on SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log Alias /robots.txt /srv/<%= node[:git][:host] %>/robots.txt # Make absolutely sure it comes out as a plain file SetHandler none Require all granted SetEnv GIT_PROJECT_ROOT /var/lib/git SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_HTTP_MAX_REQUEST_BUFFER 100M SetEnvIf Git-Protocol ".*" GIT_PROTOCOL=$0 # KeepaliveTimeout longer than git config uploadpack.keepalive 5 second default KeepAliveTimeout 20 RewriteEngine on RewriteRule ^/cgimap\.git.* https://github.com/zerebubuth/openstreetmap-cgimap [QSD,L,R=permanent] RewriteRule ^/planetdump\.git.* https://github.com/openstreetmap/planetdump [QSD,L,R=permanent] RewriteRule ^/gpx-import\.git.* https://github.com/openstreetmap/gpx-import [QSD,L,R=permanent] RewriteRule ^/potlatch2\.git.* https://github.com/openstreetmap/potlatch2 [QSD,L,R=permanent] # Prevent abuse by an anonymous AI bot RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ RewriteCond %{REQUEST_URI} ^/[^/]+\.git/blob [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/commitdiff [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/history [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/log [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/patch [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/search [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/shortlog [OR] RewriteCond %{REQUEST_URI} ^/[^/]+\.git/tree RewriteCond %{HTTP_REFERER} ^-?$ RewriteCond %{HTTP_USER_AGENT} ((CriOS|Chrome)/[1-9][0-9]?\.0\.|Chrome/100\.0\.|Chrome/122\.0\.0\.0|(Firefox|FxiOS)/[1-6]?[0-9]\.|MSIE\ [5-9]\.0|Opera/[8-9]\.|Windows\ NT\ [3-5]\.|Version/[3-5]\.[0-1]) [NC] RewriteRule ^ - [R=429,L] ScriptAlias /public /usr/lib/git-core/git-http-backend/public ScriptAlias /private /usr/lib/git-core/git-http-backend/private Alias /gitweb /usr/share/gitweb Alias /git /var/cache/git ScriptAlias / /usr/lib/cgi-bin/gitweb.cgi/ Require all granted <% unless @private_allowed.empty? -%> Require ip <%= @private_allowed.sort.join(" ") %> <% end -%> Require all denied Options ExecCGI