X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/46d97368eb6034f2eb95d5a8400bd4bf6faf4ed2..9b8faa3fefb5e71b55429bc6b86ba72383cbf3eb:/cookbooks/mediawiki/templates/default/apache.erb

diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index dcded20cc..f41e4ca50 100644
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -11,135 +11,10 @@
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-  DocumentRoot <%= @directory %>
-
-  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
-  #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
-  php_value memory_limit 128M
-  php_value max_execution_time 240
-  php_value upload_max_filesize 70M
-  php_value post_max_size 100M
-
-  RedirectMatch 301 ^/$                           /wiki/Main_Page
-
-  #Historical Compatibility Links
-  RedirectMatch 301 ^/index\.php$                 /w/index.php
-  RedirectMatch 301 ^/index\.php/(.*)$            /wiki/$1
-  RedirectMatch 301 ^/skins/(.*)$                 /w/skins/$1
-  RedirectMatch 301 ^/images/(.*)$                /w/images/$1
-  RedirectMatch 301 ^/api\.php$                   /w/api.php
-  RedirectMatch 301 ^/opensearch_desc\.php$       /w/opensearch_desc.php
-
-  Alias /wiki <%= @mediawiki[:directory] %>/index.php
-
-  #Support /pagename -> /wiki/pagename
-  RewriteEngine on
-  RewriteCond %{REQUEST_URI} !^/w/
-  RewriteCond %{REQUEST_URI} !^/wiki/
-  RewriteCond %{REQUEST_URI} !^/index\.php
-  RewriteCond %{REQUEST_URI} !^/skins/
-  RewriteCond %{REQUEST_URI} !^/images/
-  RewriteCond %{REQUEST_URI} !^/api\.php$
-  RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
-  RewriteCond %{REQUEST_URI} !^/server-status
-  RewriteCond %{LA-U:REQUEST_FILENAME} !-f
-  RewriteCond %{LA-U:REQUEST_FILENAME} !-d
-  RewriteRule ^/(.*) /wiki/$1 [R,L]
-
-  <Directory <%= @directory %>>
-    Options -Indexes
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all granted
-<% end -%>
-  </Directory>
-
-  <Directory <%= @mediawiki[:directory] %>/images/>
-    # No php execution in the upload area
-    php_admin_flag engine off
-    Options -ExecCGI -Includes -Indexes
-    AllowOverride None
-  </Directory>
-
-  <Directory <%= @mediawiki[:directory] %>/images/thumb/>
-    RewriteEngine on
-
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B]
-
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B]
-
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B]
-
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
-  </Directory>
-
-  <Directory <%= @mediawiki[:directory] %>/maintenance/>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
-  </Directory>
-
-  <Files <%= @mediawiki[:directory] %>/LocalSettings.php>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
-  </Files>
-
-  <Directory <%= @mediawiki[:directory] %>/images/>
-    Options -ExecCGI -Includes -Indexes
-    AllowOverride None
-    AddType text/plain .html .htm .shtml
-    php_admin_flag engine off
-  </Directory>
-
-  <Directory <%= @mediawiki[:directory] %>/cache/>
-    Options -ExecCGI -Includes -Indexes
-    AllowOverride None
-    AddType text/plain .html .htm .shtml
-    php_admin_flag engine off
-  </Directory>
-
-  <Directory ~ "\.svn">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
-  </Directory>
-
-  <Directory ~ "\.git">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
-  </Directory>
-
-  <Files ~ "~$">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
-    Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
-  </Files>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
-<% if @mediawiki[:enable_ssl] -%>
+
 <VirtualHost *:443>
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
@@ -149,19 +24,24 @@
   ServerAdmin webmaster@openstreetmap.org
 
   SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
   CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
 
   DocumentRoot <%= @directory %>
 
-  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
+  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/dev/null:/tmp/
   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
-  php_value memory_limit 128M
+  php_value memory_limit 368M
   php_value max_execution_time 240
   php_value upload_max_filesize 70M
   php_value post_max_size 100M
 
+  RewriteCond %{SERVER_NAME} !=<%= @name %>
+  RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
+
   RedirectMatch 301 ^/$                           /wiki/Main_Page
 
   #Historical Compatibility Links
@@ -172,7 +52,7 @@
   RedirectMatch 301 ^/api\.php$                   /w/api.php
   RedirectMatch 301 ^/opensearch_desc\.php$       /w/opensearch_desc.php
 
-  Alias /wiki <%= @mediawiki[:directory] %>/index.php
+  Alias /wiki <%= @directory %>/w/index.php
 
   #Support /pagename -> /wiki/pagename
   RewriteEngine on
@@ -184,35 +64,38 @@
   RewriteCond %{REQUEST_URI} !^/api\.php$
   RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
   RewriteCond %{REQUEST_URI} !^/server-status
+  RewriteCond %{REQUEST_URI} !^/.well-known/
   RewriteCond %{LA-U:REQUEST_FILENAME} !-f
   RewriteCond %{LA-U:REQUEST_FILENAME} !-d
   RewriteRule ^/(.*) /wiki/$1 [R,L]
 
   <Directory <%= @directory %>>
     Options -Indexes
-<% if node[:lsb][:release].to_f >= 14.04 -%>
     Require all granted
-<% end -%>
   </Directory>
 
-  <Directory <%= @mediawiki[:directory] %>/images/>
+  <Directory <%= @directory %>/w/images/>
     # No php execution in the upload area
     php_admin_flag engine off
     Options -ExecCGI -Includes -Indexes
     AllowOverride None
-<% if @mediawiki[:private] -%>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+    AddType text/plain .html .htm .shtml
+<% if @private_site -%>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
 <% end -%>
   </Directory>
 
-  <Directory <%= @mediawiki[:directory] %>/images/thumb/>
+  <Directory <%= @directory %>/w/images/thumb/>
     RewriteEngine on
 
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B]
+
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B]
+
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B]
@@ -222,32 +105,15 @@
     RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
   </Directory>
 
-  <Directory <%= @mediawiki[:directory] %>/maintenance/>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+  <Directory <%= @directory %>/w/maintenance/>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
   </Directory>
 
-  <Files <%= @mediawiki[:directory] %>/LocalSettings.php>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+  <Files <%= @directory %>/w/LocalSettings.php>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
   </Files>
 
-  <Directory <%= @mediawiki[:directory] %>/images/>
-    Options -ExecCGI -Includes -Indexes
-    AllowOverride None
-    AddType text/plain .html .htm .shtml
-    php_admin_flag engine off
-  </Directory>
-
-  <Directory <%= @mediawiki[:directory] %>/cache/>
+  <Directory <%= @directory %>/w/cache/>
     Options -ExecCGI -Includes -Indexes
     AllowOverride None
     AddType text/plain .html .htm .shtml
@@ -255,30 +121,14 @@
   </Directory>
 
   <Directory ~ "\.svn">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
   </Directory>
 
   <Directory ~ "\.git">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
   </Directory>
 
   <Files ~ "~$">
-<% if node[:lsb][:release].to_f >= 14.04 -%>
     Require all denied
-<% else -%>
-    Order allow,deny
-    Deny from all
-<% end -%>
   </Files>
 </VirtualHost>
-<% end -%>