X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/035db560165f0470673c8eae8c3dffd675a496bc..a6e0efe8ae453d88e170d975543c749c17a97a19:/cookbooks/donate/templates/default/apache.erb diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb index 9529c5a82..936303285 100644 --- a/cookbooks/donate/templates/default/apache.erb +++ b/cookbooks/donate/templates/default/apache.erb @@ -3,85 +3,28 @@ <% [80, 443].each do |port| -%> > - ServerName donate.openstreetmap.org + ServerName donate.openstreetmap.org ServerAlias donate.openstreetmap.com ServerAlias donate.openstreetmap.net - ServerAlias donate.osm.org - ServerAlias donate.osm.org.za - ServerAlias donate.openstreetmap.org.za - ServerAlias donate.openstreetmap.org.uk - ServerAlias donate.openstreetmap.co.uk + ServerAlias donate.osm.org - ServerAdmin webmaster@openstreetmap.org + ServerAdmin webmaster@openstreetmap.org <% if port == 80 -%> - # Redirect to secure site - Redirect permanent / https://donate.openstreetmap.org/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://donate.openstreetmap.org/ <% end -%> <% if port == 443 -%> - # - # Enable SSL - # - SSLEngine on - SSLCertificateFile /etc/ssl/certs/openstreetmap.pem - SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key - SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem + SSLEngine on + SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key - # HSTS (mod_headers is required) - Header always set Strict-Transport-Security "max-age=300" -<% end -%> - - CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined - ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log - - Options -Indexes - - DocumentRoot /srv/donate.openstreetmap.org - - php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - - # Alias Dynamic Content to data folder to avoid serving dummy git content - Alias /donors-eur.csv /srv/donate.openstreetmap.org/data/donors-eur.csv - Alias /donors.csv /srv/donate.openstreetmap.org/data/donors.csv - - # Redirect previous compaigns to homepage - Redirect permanent /domain https://donate.openstreetmap.org/ - Redirect permanent /memorial https://donate.openstreetmap.org/ - Redirect permanent /server2011 https://donate.openstreetmap.org/ - Redirect permanent /server2013 https://donate.openstreetmap.org/ - Redirect permanent /server2015 https://donate.openstreetmap.org/ - - - Require all granted - - - - Require all denied - - - - Require all denied - - - - Require all denied - - - - Require all denied - + RedirectMatch . https://supporting.openstreetmap.org/ + <% end -%> - # Enable deflate compression on .csv files if possible - - AddOutputFilterByType DEFLATE text/csv - + CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined + ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log - - ExpiresDefault "access plus 15 minutes" - ExpiresByType text/html "access plus 5 minutes" - ExpiresByType text/csv "access plus 1 minute" - <% end -%>