nominatim: rotate apache logs more often

[chef.git] / cookbooks / nominatim / templates / default / apache.erb

diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb
index d14a5c8edfe372ad12c33323f57b944ef2c68471..b79e76dbee2ebb81fcc47ff5659aa2a5c7b9cb3a 100644 (file)
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -5,20 +5,26 @@
     ServerName <%= node[:fqdn] %>
     ServerAlias nominatim.openstreetmap.org
     ServerAlias nominatim.osm.org
-    ServerAlias nominatim.openstreetmap.org
+    ServerAlias nominatim.openstreetmap.com
     ServerAlias nominatim.openstreetmap.net
     ServerAlias nominatim.openstreetmaps.org
     ServerAlias nominatim.openmaps.org
     ServerAdmin webmaster@openstreetmap.org
 
 <% if port == 443 -%>
-    #
     # Enable SSL
-    #
     SSLEngine on
     SSLProxyEngine on
+    SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
+    SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+<% else -%>
+    # Redirect ACME challenges for certificate issuance
+    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
 <% end -%>
 
+    # Remove Proxy request header to mitigate https://httpoxy.org/
+    RequestHeader unset Proxy early
+
     CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
     ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
 
@@ -57,7 +63,8 @@
 
     # regular requests and autoblocks
     RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
-    RewriteRule ^/(search|reverse|details|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+    RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+    RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
 
 </VirtualHost>