# limitations under the License.
#
+include_recipe "memcached"
include_recipe "apache::ssl"
include_recipe "web::rails"
+include_recipe "web::cgimap"
web_passwords = data_bag_item("web", "passwords")
apache_module "deflate"
apache_module "expires"
apache_module "headers"
+apache_module "proxy_fcgi"
apache_module "proxy_http"
apache_module "proxy_balancer"
apache_module "lbmethod_byrequests"
munin_plugin "api_waits_#{node[:hostname]}" do
target "api_waits_"
end
+
+node.set[:memcached][:ip_address] = node.external_ipaddress
+
+firewall_rule "accept-memcache-tcp" do
+ action :accept
+ family "inet"
+ source "ic"
+ dest "fw"
+ proto "tcp"
+ dest_ports "11211"
+ source_ports "1024:"
+end
+
+firewall_rule "accept-memcache-udp" do
+ action :accept
+ family "inet"
+ source "ic"
+ dest "fw"
+ proto "udp"
+ dest_ports "11211"
+ source_ports "1024:"
+end
gpx_dir "/store/rails/gpx"
attachments_dir "/store/rails/attachments"
log_path "#{node[:web][:log_directory]}/rails.log"
- memcache_servers %w(rails1 rails2 rails3)
+ memcache_servers %w(193.63.75.99 193.63.75.100 193.63.75.103)
potlatch2_key web_passwords["potlatch2_key"]
id_key web_passwords["id_key"]
oauth_key web_passwords["oauth_key"]
Alias /attachments /store/rails/attachments
#
- # Preserve the host name when forwarding to the proxy
+ # Pass supported calls to cgimap
#
- ProxyPreserveHost on
-
- #
- # Set a long timeout - changeset uploads can take a long time
- #
- ProxyTimeout 3600
-
- #
- # Allow all proxy requests
- #
- <Proxy *>
- Allow from all
- </Proxy>
-
- #
- # Pass some other API calls to the backends via a load balancer
- #
- ProxyPass /api/0.6/map balancer://backend/api/0.6/map
- ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints
- ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read
- ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints
- ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/(upload|download))$ balancer://backend$1
- ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1
- ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1
- ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes
- ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways
- ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations
- ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1
+ RewriteRule ^/api/0\.6/map$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
+ RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(nodes|ways|relations)$ fcgi://127.0.0.1:8000$0 [P]
#
# Redirect trac and wiki requests to the right places
#
RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
-
- #
- # Define a load balancer for the backends
- #
- <Proxy balancer://backend>
- ProxySet lbmethod=bybusyness
-<% if port == 443 -%>
- BalancerMember https://rails1 disablereuse=on
- BalancerMember https://rails2 disablereuse=on
- BalancerMember https://rails3 disablereuse=on
-<% else -%>
- BalancerMember http://rails1
- BalancerMember http://rails2
- BalancerMember http://rails3
-<% end -%>
- </Proxy>
<% if port == 80 -%>
#
:checkpoint_completion_target => "0.8",
:cpu_tuple_cost => "0.1",
:late_authentication_rules => [
- { :address => "146.179.159.160/27" }
+ { :address => "146.179.159.160/27" },
+ { :address => "193.63.75.96/27" }
]
}
}
projects / chef.git / commitdiff