Enable netplan for all Bytemark machines

[chef.git] / cookbooks / dev / templates / default / apache.rails.erb
diff --git a/cookbooks/dev/templates/default/apache.rails.erb b/cookbooks/dev/templates/default/apache.rails.erb

index 7301fd83415761ed75b199413d085b2a5cbe7d0d..0307c78ff79baac18cbe524982eaa4904670c02c 100644 (file)
--- a/cookbooks/dev/templates/default/apache.rails.erb
+++ b/cookbooks/dev/templates/default/apache.rails.erb
@@ -1,30 +1,82 @@
  # DO NOT EDIT - This file is being maintained by Chef
  
-<VirtualHost *:80>
+<VirtualHost *:443>
          ServerName <%= @name %>
  <% @aliases.each do |alias_name| -%>
          ServerAlias <%= alias_name %>
  <% end -%>
          ServerAdmin webmaster@openstreetmap.org
  
-        DocumentRoot /srv/<%= @name %>/public
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+        SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
  
          CustomLog /var/log/apache2/<%= @name %>-access.log combined
          ErrorLog /var/log/apache2/<%= @name %>-error.log
  
+        DocumentRoot /srv/<%= @name %>/rails/public
+
          RailsEnv production
+        PassengerAppGroupName <%= @application_name %>
  
          SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
+
+        # Ensure robots do not index dev site
+        # https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
+        Header set X-Robots-Tag "noindex, nofollow"
+
+        # Force special MIME type for crossdomain.xml files
+        <Files crossdomain.xml>
+                ForceType text/x-cross-domain-policy
+        </Files>
+<% if @cgimap_enabled -%>
+
+        # Pass authentication related headers to cgimap
+        <Location />
+                CGIPassAuth On
+        </Location>
+
+        # Set a long timeout for proxying to cgimap
+        ProxyTimeout 3600
+
+        # Pass supported calls to cgimap
+        RewriteEngine on
+        RewriteRule ^/api/0\.6/map(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
+        RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+<% end -%>
+</VirtualHost>
+
+<VirtualHost *:80>
+        ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+        ServerAlias <%= alias_name %>
+<% end -%>
+        ServerAdmin webmaster@openstreetmap.org
+
+        CustomLog /var/log/apache2/<%= @name %>-access.log combined
+        ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+        RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+        RedirectPermanent / https://<%= @name %>/
+
+        # Ensure robots do not index dev site
+        # https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
+        Header set X-Robots-Tag "noindex, nofollow"
  </VirtualHost>
  
-<Directory /srv/<%= @name %>/public>
+<Directory /srv/<%= @name %>/rails/public>
          Require all granted
  </Directory>
  
-<Directory /srv/<%= @name %>/app/assets>
+<Directory /srv/<%= @name %>/rails/app/assets>
          Require all granted
  </Directory>
  
-<Directory /srv/<%= @name %>/vendor/assets>
+<Directory /srv/<%= @name %>/rails/vendor/assets>
          Require all granted
  </Directory>