From: Sarah Hoffmann <lonvia@denofr.de>
Date: Mon, 24 Apr 2017 12:10:18 +0000 (+0200)
Subject: nominatim: add read timeout to apache
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/2d62f5d569f1ef80d83eb6dab513159994da6660?ds=inline

nominatim: add read timeout to apache
---

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 19e48909f..a8009759f 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -306,6 +306,7 @@ apache_module "proxy"
 apache_module "proxy_fcgi"
 apache_module "proxy_http"
 apache_module "headers"
+apache_module "reqtimeout"
 
 service "php7.0-fpm" do
   action [:enable, :start]
@@ -357,7 +358,7 @@ web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010
 end.flatten
 
 fail2ban_filter "nominatim" do
-  failregex '^<HOST> - - \[\] "[^"]+" (400|429) '
+  failregex '^<HOST> - - \[\] "[^"]+" (408|429) '
 end
 
 fail2ban_jail "nominatim" do
diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb
index b79e76dbe..652fd93a3 100644
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -25,6 +25,8 @@
     # Remove Proxy request header to mitigate https://httpoxy.org/
     RequestHeader unset Proxy early
 
+    RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500
+
     CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
     ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log