X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/1c848471a16f9d1ee1fc8a327af110447ea1ef4c..efec66a495fa0b332d86aefc76af1311a011c4c2:/cookbooks/dev/templates/default/apache.user.erb

diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index 9b49158f9..13afb27c2 100644
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -2,11 +2,18 @@
 
 WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivity-timeout=600
 
-<VirtualHost *:80>
+<VirtualHost *:443>
 	ServerName <%= @user %>.dev.openstreetmap.org
 	ServerAdmin webmaster@openstreetmap.org
 	ServerAlias <%= @user %>.dev.osm.org
 
+	SSLEngine on
+	SSLCertificateFile /etc/ssl/certs/<%= @user %>.dev.openstreetmap.org.pem
+	SSLCertificateKeyFile /etc/ssl/private/<%= @user %>.dev.openstreetmap.org.key
+
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
 	UseCanonicalName Off
 	DocumentRoot <%= @directory %>
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
@@ -14,39 +21,61 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
 	WSGIProcessGroup <%= @user %>.dev.openstreetmap.org
 
 	RewriteEngine on
-	#RewriteLog /var/log/apache2/rewrite.log
-	#RewriteLogLevel 4
+	#LogLevel rewrite:trace2
+
+	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
+	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
+
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
+
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
+</VirtualHost>
+
+<VirtualHost *:80>
+	ServerName <%= @user %>.dev.openstreetmap.org
+	ServerAdmin webmaster@openstreetmap.org
+	ServerAlias <%= @user %>.dev.osm.org
+
+	# Remove Proxy request header to mitigate https://httpoxy.org/
+	RequestHeader unset Proxy early
+
+	UseCanonicalName Off
+	DocumentRoot <%= @directory %>
+	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+
+	RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+
+        WSGIProcessGroup <%= @user %>.dev.openstreetmap.org
+
+	RewriteEngine on
+	#LogLevel rewrite:trace2
 
 	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
 
 	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-	RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
+	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
 	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-	RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-	<IfModule mod_fastcgi_handler.c>
-		<FilesMatch "\.ph(p3?|tml)$">
-			SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock
-		</FilesMatch>
-		<FilesMatch "\.phps$">
-			SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock
-		</FilesMatch>
-	</IfModule>
-
-	<IfModule !mod_fastcgi_handler.c>
-		RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-		RewriteRule ^(.*\.php)$ /cgi-bin/php-cgiwrap/~<%= @user %>/$1 [PT,L]
-	</IfModule>
+	RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
 </VirtualHost>
 
 <Directory <%= @directory %>>
 	AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI
 	Options SymLinksIfOwnerMatch Indexes Includes
+	Require all granted
+</Directory>
+
+<Directory <%= @directory %>/cgi-bin>
+	SetHandler cgi-script
+	Options ExecCGI SymLinksIfOwnerMatch
+	Require all granted
 </Directory>
 
 <Directory <%= @directory %>/wsgi-bin>
 	SetHandler wsgi-script
 	Options ExecCGI SymLinksIfOwnerMatch
+	Require all granted
 </Directory>