# Enable SSL
SSLEngine on
SSLProxyEngine on
- SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
- SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+ SSLCertificateFile /etc/ssl/certs/<%= node[:fqdn] %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= node[:fqdn] %>.key
# Remove Proxy request header to mitigate https://httpoxy.org/
RequestHeader unset Proxy early
# regular requests and autoblocks
RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
- RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
- RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
+ RewriteRule ^/(search|reverse|lookup|details)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
</VirtualHost>
<VirtualHost *:80>
CustomLog <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://nominatim.openstreetmap.org/
+ RewriteEngine On
+
+ # manual blocks
+ Include <%= @directory %>/settings/apache_blocks.conf
+
+ RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+ RewriteCond %{REQUEST_URI} !^/server-status$
+ RewriteRule ^(.*)$ https://nominatim.openstreetmap.org$1 [L,NE,R=permanent]
</VirtualHost>