# DO NOT EDIT - This file is being maintained by Chef
-<VirtualHost *:80>
- ServerName nominatim.openstreetmap.org
- ServerAdmin webmaster@openstreetmap.org
- ServerAlias nominatim.osm.org
+<% [80, 443].each do |port| -%>
+<VirtualHost *:<%= port %>>
+ ServerName <%= node[:fqdn] %>
ServerAlias nominatim.openstreetmap.org
+ ServerAlias nominatim.osm.org
+ ServerAlias nominatim.openstreetmap.com
ServerAlias nominatim.openstreetmap.net
ServerAlias nominatim.openstreetmaps.org
ServerAlias nominatim.openmaps.org
+ ServerAdmin webmaster@openstreetmap.org
+
+<% if port == 443 -%>
+ # Enable SSL
+ SSLEngine on
+ SSLProxyEngine on
+ SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+<% else -%>
+ # Redirect ACME challenges for certificate issuance
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+<% end -%>
+
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
+
+ RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500
CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
DocumentRoot <%= @directory %>/website
<Directory "<%= @directory %>/website/">
DirectoryIndex search.php
- Options MultiViews FollowSymLinks
- AddType text/html .php
- AddType application/xml .phpx
- AddType application/json .phpj
- AddHandler fcgi:/var/run/php5-fpm-www.sock .php
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj
+ Options FollowSymLinks
+ Require all granted
</Directory>
- Alias /pool-www/ "<%= @directory %>/website/"
- <Location /pool-www>
- AddHandler fcgi:/var/run/php5-fpm-www.sock .php
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj
- </Location>
- Alias /pool-bulk/ "<%= @directory %>/website/"
- <Location /pool-bulk>
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .php
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .phpj
- </Location>
- Redirect 509 /pool-block/
- ErrorDocument 509 /509.html
+ ProxyPassMatch ^/([^/]*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%><%= @directory %>/website/$1
+
+ <% @pools.each do |name,details| -%>
+ Alias /pool-<%= name %>/ "<%= @directory %>/website/"
+ <% node[:nominatim][:redirects].each do |url,host| -%>
+ ProxyPassMatch ^/pool-<%= name %>/(<%= url %>\.php(/.*)?) http<% if port == 443 -%>s<% end -%>://<%= host %>/pool-<%= name %>/$1
+ <% end -%>
+ ProxyPassMatch ^/pool-<%= name %>/(.*\.php(/.*)?) fcgi://127.0.0.1:<%= details[:port ]%><%= @directory %>/website/$1
+ <% end -%>
+
+ Redirect 429 /pool-block/
+ ErrorDocument 429 /509.html
<Location /pool-block>
- ErrorDocument 509 /509.html
+ ErrorDocument 429 /509.html
</Location>
Redirect 403 /pool-ban/
<Location /pool-ban>
# regular requests and autoblocks
RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
- RewriteRule ^/([sdr].*) /pool-${bulklist:%{REMOTE_ADDR}|www}/$1 [PT]
+ RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+ RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
</VirtualHost>
+
+<% end -%>
projects / chef.git / blobdiff