Set SECRET_KEY_BASE for production web servers

[chef.git] / cookbooks / web / templates / default / apache.frontend.erb

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index e6038730b73f399e84d946cd13ac25f71c81064a..7bfe6a3e23e7eb5ca8eb975f98760366d77bbbac 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -14,6 +14,7 @@
   # Enable SSL
   #
   SSLEngine on
   # Enable SSL
   #
   SSLEngine on

+  SSLProxyEngine on

 <% end -%>
 
   #
 <% end -%>
 
   #


@@ -136,6 +137,7 @@
   PassengerMinInstances 10
   PassengerMaxRequests 5000
   PassengerPreStart http://www.openstreetmap.org/
   PassengerMinInstances 10
   PassengerMaxRequests 5000
   PassengerPreStart http://www.openstreetmap.org/

+  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>

   Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/images/favicon.ico
   Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
   Alias /stats /store/rails/stats
   Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/images/favicon.ico
   Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
   Alias /stats /store/rails/stats


@@ -191,9 +193,15 @@
   #
   <Proxy balancer://backend>
     ProxySet lbmethod=bybusyness
   #
   <Proxy balancer://backend>
     ProxySet lbmethod=bybusyness

+<% if port == 443 -%>
+    BalancerMember https://rails1
+    BalancerMember https://rails2
+    BalancerMember https://rails3
+<% else -%>

     BalancerMember http://rails1
     BalancerMember http://rails2
     BalancerMember http://rails3
     BalancerMember http://rails1
     BalancerMember http://rails2
     BalancerMember http://rails3

+<% end -%>

   </Proxy>
 <% if port == 80 -%>
 
   </Proxy>
 <% if port == 80 -%>
 


@@ -222,12 +230,6 @@
   RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
 <% elsif port == 443 -%>
 
   RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
 <% elsif port == 443 -%>
 

-  #
-  # Redirect requests which don't work over https to http
-  #
-  RewriteCond %{REQUEST_URI} !^/edit$
-  RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
-

   #
   # Redirect api requests made to www.osm.org to api.osm.org
   #
   #
   # Redirect api requests made to www.osm.org to api.osm.org
   #


@@ -275,6 +277,8 @@
   ServerAlias maps.open-maps.org mapz.open-maps.org
   ServerAlias open-maps.com www.open-maps.com
   ServerAlias maps.open-maps.com mapz.open-maps.com
   ServerAlias maps.open-maps.org mapz.open-maps.org
   ServerAlias open-maps.com www.open-maps.com
   ServerAlias maps.open-maps.com mapz.open-maps.com

+  ServerAlias osmbugs.org www.osmbugs.org
+  ServerAlias maps.osmbugs.org mapz.osmbugs.org

 
   #Third Party Sites
   ServerAlias openstreetmap.pm www.openstreetmap.pm
 
   #Third Party Sites
   ServerAlias openstreetmap.pm www.openstreetmap.pm


@@ -282,6 +286,15 @@
   RedirectPermanent / http://www.openstreetmap.org/
 </VirtualHost>
 
   RedirectPermanent / http://www.openstreetmap.org/
 </VirtualHost>
 

+<VirtualHost *:443>
+  ServerName openstreetmap.org
+  ServerAlias maps.openstreetmap.org mapz.openstreetmap.org
+
+  SSLEngine on
+
+  RedirectPermanent / https://www.openstreetmap.org/
+</VirtualHost>
+

 <VirtualHost *:80>
   ServerName openstreetmap.org.uk
   ServerAlias www.openstreetmap.org.uk
 <VirtualHost *:80>
   ServerName openstreetmap.org.uk
   ServerAlias www.openstreetmap.org.uk