X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/e20f90dd1cde25885d1d35be1d5964f792512829..b73a91d8bc8d8f4136753a8f595e419d96eb21b7:/cookbooks/web/templates/default/apache.frontend.erb

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 717d3f69b..1f53272b2 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -1,21 +1,20 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>
   #
   # Basic server configuration
   #
   ServerName <%= node[:fqdn] %>
-  ServerAlias api.openstreetmap.org www.openstreetmap.org
+  ServerAlias api.openstreetmap.org www.openstreetmap.org 127.0.0.1
   ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
 
   #
   # Enable SSL
   #
   SSLEngine on
   SSLProxyEngine on
-<% end -%>
+  SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
 
   #
   # Setup logging
@@ -56,12 +55,17 @@
   # Block changeset scraper
   #
   RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner"
-  RewriteRule . - [F,L]  
+  RewriteRule . - [F,L]
 
   #
   # Block requests for the old 404 map tile
+  # and force cache headers on response
   #
-  RewriteRule ^/openlayers/img/404.png$ - [G,L]
+  <Location /openlayers/img/404.png>
+    Header always set Cache-Control "public, max-age=31536000, immutable"
+    Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
+    RewriteRule ^ - [G,L]
+  </Location>
 
   #
   # Block attempts to access old API versions
@@ -70,7 +74,7 @@
 
   #
   # Block JOSM revisions  1722-1727 as they have a serious bug that causes
-  # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
+  # lat/lon to be swapped (https://josm.openstreetmap.de/ticket/2804)
   #
   RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)"
   RewriteRule . - [F,L]
@@ -92,17 +96,16 @@
   #
   <Location /assets/>
     Header unset Last-Modified
-    Header unset ETag
-    FileETag None
+    FileETag Size
 
     ExpiresDefault "access plus 1 year"
+    Header set Cache-Control "immutable, max-age=31536000"
   </Location>
 
   #
   # Set expiry for attachments
   #
   <Location /attachments/>
-    Header unset Last-Modified
     Header unset ETag
     FileETag None
 
@@ -118,32 +121,9 @@
   <Location /images/>
     ExpiresDefault "access plus 10 years"
   </Location>
-  <Location /javascripts/>
-    ExpiresDefault "access plus 10 years"
-  </Location>
   <Location /openlayers/>
     ExpiresDefault "access plus 7 days"
   </Location>
-  <Location /stylesheets/>
-    ExpiresDefault "access plus 10 years"
-  </Location>
-
-  #
-  # Set expiry for Potlatch 1
-  #
-  <Location /potlatch/>
-    ExpiresDefault "access plus 7 days"
-  </Location>
-
-  #
-  # Set expiry for Potlatch 2
-  #
-  <Location /potlatch2/>
-    ExpiresByType application/x-shockwave-flash "access plus 1 day"
-    ExpiresByType application/xml "access plus 1 day"
-    ExpiresByType text/css "access plus 1 day"
-    ExpiresByType image/png "access plus 7 days"
-  </Location>
 
   #
   # Configure rails
@@ -153,11 +133,9 @@
   PassengerMinInstances 10
   PassengerMaxRequests 5000
   PassengerMaxRequestQueueSize 250
-<% if port == 443 -%>
   PassengerPreStart https://www.openstreetmap.org/
-<% else -%>
-  PassengerPreStart http://www.openstreetmap.org/
-<% end -%>
+  PassengerAppGroupName rails
+  SetEnv OPENSTREETMAP_STATUS <%= @status %>
   SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
   Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico
   Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
@@ -190,7 +168,7 @@
   ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read
   ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints
   ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+)$ balancer://backend$1
-  ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://bytemark$1
+  ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://amsterdam$1
   ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://backend$1
   ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1
   ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1
@@ -202,14 +180,14 @@
   #
   # Redirect trac and wiki requests to the right places
   #
-  RedirectPermanent /trac/ http://trac.openstreetmap.org/
-  RedirectPermanent /wiki/ http://wiki.openstreetmap.org/
+  RedirectPermanent /trac/ https://trac.openstreetmap.org/
+  RedirectPermanent /wiki/ https://wiki.openstreetmap.org/
 
   #
   # Redirect requests for various images to the right place
   #
-  RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
-  RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
+  RedirectPermanent /images/osm_logo.png https://www.openstreetmap.org/assets/osm_logo.png
+  RedirectPermanent /images/cc_button.png https://www.openstreetmap.org/assets/cc_button.png
 
   #
   # Define a load balancer for the local backends
@@ -217,11 +195,17 @@
   <Proxy balancer://backend>
     ProxySet lbmethod=bybusyness
 <% node[:web][:backends].each do |backend| -%>
-<% if port == 443 -%>
     BalancerMember https://<%= backend %> disablereuse=on
-<% else -%>
-    BalancerMember http://<%= backend %>
 <% end -%>
+  </Proxy>
+
+  #
+  # Define a load balancer for the Amsterdam backends
+  #
+  <Proxy balancer://amsterdam>
+    ProxySet lbmethod=bybusyness
+<% ["rails1.ams", "rails2.ams", "rails3.ams"].each do |backend| -%>
+    BalancerMember https://<%= backend %> disablereuse=on
 <% end -%>
   </Proxy>
 
@@ -231,39 +215,9 @@
   <Proxy balancer://bytemark>
     ProxySet lbmethod=bybusyness
 <% ["rails4.bm", "rails5.bm"].each do |backend| -%>
-<% if port == 443 -%>
     BalancerMember https://<%= backend %> disablereuse=on
-<% else -%>
-    BalancerMember http://<%= backend %>
-<% end -%>
 <% end -%>
   </Proxy>
-<% if port == 80 -%>
-
-  #
-  # Redirect requests which should be secure to https
-  #
-  RewriteCond %{REQUEST_URI} ^/login(\.html)?$ [OR]
-  RewriteCond %{REQUEST_URI} ^/user/(new|create-account\.html)$ [OR]
-  RewriteCond %{REQUEST_URI} ^/user/terms$ [OR]
-  RewriteCond %{REQUEST_URI} ^/user/save$ [OR]
-  RewriteCond %{REQUEST_URI} ^/user/([^/]+)/account$ [OR]
-  RewriteCond %{REQUEST_URI} ^/user/reset-password$
-  RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
-
-  #
-  # Redirect api requests made to www.osm.org to api.osm.org
-  #
-#  RewriteCond %{HTTP_HOST} =www.openstreetmap.org
-#  RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent]
-
-  #
-  # Redirect non-api requests made to api.osm.org to www.osm.org
-  #
-  RewriteCond %{HTTP_HOST} =api.openstreetmap.org
-  RewriteCond %{REQUEST_URI} !^/api/
-  RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
-<% elsif port == 443 -%>
 
   #
   # Redirect api requests made to www.osm.org to api.osm.org
@@ -277,10 +231,8 @@
   RewriteCond %{HTTP_HOST} =api.openstreetmap.org
   RewriteCond %{REQUEST_URI} !^/api/
   RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
-<% end -%>
 </VirtualHost>
 
-<% end -%>
 <VirtualHost *:80>
   ServerName openstreetmap.org.uk
   ServerAlias www.openstreetmap.org.uk
@@ -288,14 +240,36 @@
   ServerAlias www.openstreetmap.co.uk
 
   RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics
-  RedirectPermanent / http://www.openstreetmap.org/
+  RedirectPermanent / https://www.openstreetmap.org/
 </VirtualHost>
 
 <VirtualHost *:80>
   ServerName openstreetmap.org
+
+  Header always set Cache-Control "max-age=31536000"
+  Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
+
+  RewriteEngine on
+
+  RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+  RewriteCond %{REQUEST_URI} !^/server-status$
+  RewriteRule ^(.*)$ https://openstreetmap.org$1 [L,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:80>
+  ServerName www.openstreetmap.org
   ServerAlias *
 
-  RedirectPermanent / http://www.openstreetmap.org/
+  Header always set Cache-Control "max-age=31536000"
+  Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
+
+  RewriteEngine on
+
+  RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
+  RewriteCond %{REQUEST_URI} !^/server-status$
+  RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -303,12 +277,30 @@
   ServerAlias *
 
   SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
+
+  Header always set Cache-Control "max-age=31536000"
+  Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT"
 
   RedirectPermanent / https://www.openstreetmap.org/
 </VirtualHost>
 
 <Directory <%= node[:web][:base_directory] %>/rails/public>
   Require all granted
+
+  RewriteCond "%{HTTP:Accept-encoding}" "gzip"
+  RewriteCond "%{REQUEST_FILENAME}\.gz" -s
+  RewriteRule "^(.*)\.(css|js|svg)" "$1\.$2\.gz" [QSA]
+
+  RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
+  RewriteRule "\.js\.gz$"  "-" [T=text/javascript,E=no-gzip:1]
+  RewriteRule "\.svg\.gz$"  "-" [T=image/svg+xml,E=no-gzip:1]
+
+  <FilesMatch "(\.js\.gz|\.css\.gz|\.svg\.gz)$">
+    Header append Content-Encoding gzip
+    Header append Vary Accept-Encoding
+  </FilesMatch>
 </Directory>
 
 <Directory /srv/www.openstreetmap.org/rails/app/assets>