X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/9c9ef018f48be85c5c825fabed4d908bb5aaa2a0..0f09a3d7bc4bf2083cca1cf364c99c639da5bb49:/cookbooks/web/templates/default/apache.frontend.erb diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index ceaf4874b..a950d7746 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -15,6 +15,8 @@ # SSLEngine on SSLProxyEngine on + SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key <% end -%> # @@ -56,7 +58,7 @@ # Block changeset scraper # RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner" - RewriteRule . - [F,L] + RewriteRule . - [F,L] # # Block requests for the old 404 map tile @@ -70,7 +72,7 @@ # # Block JOSM revisions 1722-1727 as they have a serious bug that causes - # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804) + # lat/lon to be swapped (https://josm.openstreetmap.de/ticket/2804) # RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)" RewriteRule . - [F,L] @@ -190,7 +192,7 @@ ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+)$ balancer://backend$1 - ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://bytemark$1 + ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://ic$1 ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1 @@ -199,17 +201,22 @@ ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1 + # + # Redirect ACME certificate challenges + # + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + # # Redirect trac and wiki requests to the right places # - RedirectPermanent /trac/ http://trac.openstreetmap.org/ - RedirectPermanent /wiki/ http://wiki.openstreetmap.org/ + RedirectPermanent /trac/ https://trac.openstreetmap.org/ + RedirectPermanent /wiki/ https://wiki.openstreetmap.org/ # # Redirect requests for various images to the right place # - RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png - RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png + RedirectPermanent /images/osm_logo.png https://www.openstreetmap.org/assets/osm_logo.png + RedirectPermanent /images/cc_button.png https://www.openstreetmap.org/assets/cc_button.png # # Define a load balancer for the local backends @@ -226,11 +233,11 @@ # - # Define a load balancer for the Bytemark backends + # Define a load balancer for the IC backends # - + ProxySet lbmethod=bybusyness -<% ["rails4.bm", "rails5.bm"].each do |backend| -%> +<% ["rails1.ic", "rails2.ic", "rails3.ic"].each do |backend| -%> <% if port == 443 -%> BalancerMember https://<%= backend %> disablereuse=on <% else -%> @@ -288,14 +295,17 @@ ServerAlias www.openstreetmap.co.uk RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics - RedirectPermanent / http://www.openstreetmap.org/ + RedirectPermanent / https://www.openstreetmap.org/ ServerName openstreetmap.org ServerAlias * - RedirectPermanent / http://www.openstreetmap.org/ + RewriteEngine on + + RewriteCond %{REQUEST_URI} !^/server-status$ + RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] @@ -303,6 +313,8 @@ ServerAlias * SSLEngine on + SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key RedirectPermanent / https://www.openstreetmap.org/