chef.git
2 years agoAdd customised copy of squid_icp munin plugin
Tom Hughes [Tue, 5 Jun 2018 18:03:05 +0000 (19:03 +0100)]
Add customised copy of squid_icp munin plugin

This version avoid doing reverse DNS lookups to give better
names and sums multiple entries to cope with SMP squid.

2 years agoAdd host FQDN to allowed domains for tile caches
Tom Hughes [Tue, 5 Jun 2018 10:38:03 +0000 (11:38 +0100)]
Add host FQDN to allowed domains for tile caches

2 years agoPreserve the Host header when forwarding from nginx to squid
Tom Hughes [Tue, 5 Jun 2018 08:43:22 +0000 (09:43 +0100)]
Preserve the Host header when forwarding from nginx to squid

2 years agoRemove old resources
Tom Hughes [Mon, 4 Jun 2018 11:52:43 +0000 (12:52 +0100)]
Remove old resources

2 years agoForce a restart of tile caches
Tom Hughes [Mon, 4 Jun 2018 11:21:55 +0000 (12:21 +0100)]
Force a restart of tile caches

2 years agoGo back to serving http tiles directly from squid for now
Tom Hughes [Mon, 4 Jun 2018 10:20:29 +0000 (11:20 +0100)]
Go back to serving http tiles directly from squid for now

2 years agoSend Access-Control-Allow-Origin with tile redirects
Tom Hughes [Mon, 4 Jun 2018 09:13:34 +0000 (10:13 +0100)]
Send Access-Control-Allow-Origin with tile redirects

2 years agoDon't try and fallback to alternate caches
Tom Hughes [Mon, 4 Jun 2018 08:14:43 +0000 (09:14 +0100)]
Don't try and fallback to alternate caches

2 years agoRedirect http://tile.osm.org to https://tile.openstreetmap.org
Tom Hughes [Mon, 4 Jun 2018 07:29:29 +0000 (08:29 +0100)]
Redirect tile.osm.org to https://tile.openstreetmap.org

2 years agoRedirect http requests to https
Guillaume RISCHARD [Fri, 1 Jun 2018 11:31:04 +0000 (13:31 +0200)]
Redirect http requests to https

2 years agoMake sure STS and Expect-CT headers are set on redirect responses
Tom Hughes [Thu, 31 May 2018 18:04:06 +0000 (19:04 +0100)]
Make sure STS and Expect-CT headers are set on redirect responses

2 years agoAdd includeSubDomains to HSTS header
Tom Hughes [Thu, 31 May 2018 15:08:56 +0000 (16:08 +0100)]
Add includeSubDomains to HSTS header

2 years agoSend http://openstreetmap.org redirects via https://openstreetmap.org
Tom Hughes [Thu, 31 May 2018 15:07:28 +0000 (16:07 +0100)]
Send openstreetmap.org redirects via https://openstreetmap.org

2 years agoSend a report only Expect-CT header with https responses
Tom Hughes [Thu, 31 May 2018 14:35:37 +0000 (15:35 +0100)]
Send a report only Expect-CT header with https responses

2 years agoUpdate OTRS to 5.0.27
Tom Hughes [Wed, 30 May 2018 20:19:30 +0000 (21:19 +0100)]
Update OTRS to 5.0.27

2 years agoAdd simple redirect site for hot.osm.org
Tom Hughes [Wed, 30 May 2018 18:11:10 +0000 (19:11 +0100)]
Add simple redirect site for hot.osm.org

2 years agoUpdate OTRS to 4.0.29
Tom Hughes [Tue, 29 May 2018 21:54:07 +0000 (22:54 +0100)]
Update OTRS to 4.0.29

2 years agoPreserve some configuration files over OTRS upgrades
Tom Hughes [Tue, 29 May 2018 21:32:21 +0000 (22:32 +0100)]
Preserve some configuration files over OTRS upgrades

2 years agoUpdate OTRS to 3.3.20
Tom Hughes [Tue, 29 May 2018 16:31:05 +0000 (17:31 +0100)]
Update OTRS to 3.3.20

2 years agoUpdate piwik to 3.5.1
Tom Hughes [Sat, 26 May 2018 09:28:32 +0000 (10:28 +0100)]
Update piwik to 3.5.1

2 years agoEnforce CSP for dev apis
Tom Hughes [Wed, 23 May 2018 20:53:10 +0000 (21:53 +0100)]
Enforce CSP for dev apis

2 years agoUse memcached for the dev apis
Tom Hughes [Wed, 23 May 2018 18:07:45 +0000 (19:07 +0100)]
Use memcached for the dev apis

2 years agoFix new foodcritic warnings
Tom Hughes [Wed, 23 May 2018 10:00:27 +0000 (11:00 +0100)]
Fix new foodcritic warnings

2 years agoFix rubocop warnings
Tom Hughes [Wed, 23 May 2018 09:52:01 +0000 (10:52 +0100)]
Fix rubocop warnings

2 years agoUpdate bundle
Tom Hughes [Wed, 23 May 2018 09:44:21 +0000 (10:44 +0100)]
Update bundle

2 years agoPut CSP in enforcing mode
Tom Hughes [Tue, 22 May 2018 08:01:13 +0000 (09:01 +0100)]
Put CSP in enforcing mode

2 years agonominatim: more tables to vacuum
Sarah Hoffmann [Mon, 21 May 2018 09:58:19 +0000 (11:58 +0200)]
nominatim: more tables to vacuum

2 years agoUpdate carto stylesheet to v4.11.0
Tom Hughes [Fri, 18 May 2018 17:58:29 +0000 (18:58 +0100)]
Update carto stylesheet to v4.11.0

Closes #162

2 years agoRemove AP and EU from gdnsd config
Tom Hughes [Tue, 15 May 2018 19:36:48 +0000 (20:36 +0100)]
Remove AP and EU from gdnsd config

2 years agoDrop http support on web backends
Tom Hughes [Tue, 15 May 2018 18:08:38 +0000 (19:08 +0100)]
Drop http support on web backends

2 years agoRedirect http to https for the main web site
Tom Hughes [Tue, 15 May 2018 17:56:45 +0000 (18:56 +0100)]
Redirect http to https for the main web site

2 years agoRevert "Disable HSTS for Firefox 52 to avoid issues with remote editing"
Tom Hughes [Tue, 15 May 2018 13:27:04 +0000 (14:27 +0100)]
Revert "Disable HSTS for Firefox 52 to avoid issues with remote editing"

This reverts commit 2443cfc7684f070dac2dd89772db3a3db5e50a78.

3 years agoCreate gdnsd config before trying to start the service
Tom Hughes [Fri, 11 May 2018 13:09:23 +0000 (14:09 +0100)]
Create gdnsd config before trying to start the service

3 years agoRemove AN and FX which gdnsd says are invalid
Tom Hughes [Fri, 11 May 2018 13:02:41 +0000 (14:02 +0100)]
Remove AN and FX which gdnsd says are invalid

3 years agoRedirect http to https for nominatim
Tom Hughes [Fri, 11 May 2018 09:32:50 +0000 (10:32 +0100)]
Redirect http to https for nominatim

3 years agoUpdate gdnsd configuration with latest MaxMind country mappings
Tom Hughes [Fri, 11 May 2018 08:09:00 +0000 (09:09 +0100)]
Update gdnsd configuration with latest MaxMind country mappings

3 years agoUpdate piwiki plugin list
Tom Hughes [Thu, 10 May 2018 07:42:18 +0000 (08:42 +0100)]
Update piwiki plugin list

3 years agoUpdate piwik to 3.5.0
Tom Hughes [Wed, 9 May 2018 14:45:58 +0000 (15:45 +0100)]
Update piwik to 3.5.0

3 years agoRedirect http to https for planet
Tom Hughes [Wed, 9 May 2018 07:22:11 +0000 (08:22 +0100)]
Redirect http to https for planet

3 years agoAdd role for ascalon
Tom Hughes [Tue, 8 May 2018 20:56:12 +0000 (21:56 +0100)]
Add role for ascalon

3 years agoFix copy paste error
Tom Hughes [Mon, 30 Apr 2018 16:10:05 +0000 (17:10 +0100)]
Fix copy paste error

3 years agoChange default skin of OSMF wiki
Michael Glanznig [Mon, 30 Apr 2018 08:07:04 +0000 (10:07 +0200)]
Change default skin of OSMF wiki

Closes #161

3 years agoRemove MobileFrontend mediawiki extension from OSMF wiki
Michael Glanznig [Mon, 30 Apr 2018 07:55:20 +0000 (09:55 +0200)]
Remove MobileFrontend mediawiki extension from OSMF wiki

Remove MobileFrontend mediawiki extension from common extensions
and re-add to all wikis except OSMF wiki.

Fixes #159
Closes #160

3 years agoUpdate carto stylesheet to v4.10.0
Tom Hughes [Fri, 20 Apr 2018 17:37:17 +0000 (18:37 +0100)]
Update carto stylesheet to v4.10.0

Closes #158

3 years agoUpdate chef client to 13.8.5
Tom Hughes [Fri, 20 Apr 2018 18:01:41 +0000 (19:01 +0100)]
Update chef client to 13.8.5

3 years agoUse local name servers on longma
Tom Hughes [Wed, 18 Apr 2018 07:34:44 +0000 (08:34 +0100)]
Use local name servers on longma

3 years agoAdd osmlab-osm-community-index to supybot
Grant Slater [Tue, 17 Apr 2018 11:19:42 +0000 (12:19 +0100)]
Add osmlab-osm-community-index to supybot

3 years agoRemove Strict-Transport-Security proxy passed header
Grant Slater [Mon, 16 Apr 2018 22:21:53 +0000 (23:21 +0100)]
Remove Strict-Transport-Security proxy passed header

3 years agoActually delete files.
Matt Amos [Mon, 16 Apr 2018 16:39:07 +0000 (17:39 +0100)]
Actually delete files.

3 years agoFix typo.
Matt Amos [Mon, 16 Apr 2018 16:38:13 +0000 (17:38 +0100)]
Fix typo.

3 years agoUpdate piwik to 3.4.0
Tom Hughes [Thu, 29 Mar 2018 16:19:55 +0000 (17:19 +0100)]
Update piwik to 3.4.0

3 years agoReduce disk cache size on jakelong
Tom Hughes [Wed, 28 Mar 2018 07:35:40 +0000 (08:35 +0100)]
Reduce disk cache size on jakelong

3 years agoUpdate carto stylesheet to v4.9.0
Tom Hughes [Fri, 23 Mar 2018 18:56:26 +0000 (18:56 +0000)]
Update carto stylesheet to v4.9.0

Closes #156

3 years agoSwitch GRNET hosts to use Google resolvers
Tom Hughes [Thu, 22 Mar 2018 12:02:22 +0000 (12:02 +0000)]
Switch GRNET hosts to use Google resolvers

3 years agoUpdate CiviCRM to 4.7.31
Tom Hughes [Tue, 20 Mar 2018 11:23:10 +0000 (11:23 +0000)]
Update CiviCRM to 4.7.31

3 years agoConfigure CIVICRM_CMSDIR
Tom Hughes [Tue, 20 Mar 2018 00:57:34 +0000 (00:57 +0000)]
Configure CIVICRM_CMSDIR

3 years agoDo more SMART self tests
Tom Hughes [Sat, 17 Mar 2018 14:43:19 +0000 (14:43 +0000)]
Do more SMART self tests

Run a short test at 4am every day and a long test at 2am on Sunday.

3 years agoBump planet-dump-ng version to v1.1.6.
Matt Amos [Tue, 13 Mar 2018 16:48:09 +0000 (16:48 +0000)]
Bump planet-dump-ng version to v1.1.6.

Version 1.1.6 includes a fix for the table header parser to allow explicit public schemas, which started getting added to the dumps as part of the upstream PostgreSQL fix for CVE-2018-1058.

3 years agoSend any civicrm cron output to admins
Tom Hughes [Thu, 8 Mar 2018 20:16:33 +0000 (20:16 +0000)]
Send any civicrm cron output to admins

3 years agoIncrease cache memory for drogon
Tom Hughes [Thu, 8 Mar 2018 16:19:40 +0000 (16:19 +0000)]
Increase cache memory for drogon

3 years agoExempt /mod_tile from redirection on tile servers
Tom Hughes [Sun, 4 Mar 2018 16:32:50 +0000 (16:32 +0000)]
Exempt /mod_tile from redirection on tile servers

3 years agoUpdate CiviCRM to 4.7.30
Tom Hughes [Sun, 25 Feb 2018 19:20:06 +0000 (19:20 +0000)]
Update CiviCRM to 4.7.30

3 years agoUpdate carto stylesheet to v4.8.0
Tom Hughes [Fri, 23 Feb 2018 18:53:23 +0000 (18:53 +0000)]
Update carto stylesheet to v4.8.0

Closes #153

3 years agoExempt /server-status from redirection on tile servers
Tom Hughes [Fri, 23 Feb 2018 08:28:15 +0000 (08:28 +0000)]
Exempt /server-status from redirection on tile servers

3 years agoRemove nadder-01 and nadder-02
Tom Hughes [Tue, 20 Feb 2018 20:30:02 +0000 (20:30 +0000)]
Remove nadder-01 and nadder-02

3 years agoAdded application/vnd.openstreetmap.data+xml type for uploads
Clive Blackledge [Tue, 20 Feb 2018 18:51:27 +0000 (18:51 +0000)]
Added application/vnd.openstreetmap.data+xml type for uploads

Closes #151

3 years agoAdd missing whitespace
Tom Hughes [Tue, 20 Feb 2018 16:11:32 +0000 (16:11 +0000)]
Add missing whitespace

3 years agoSet autovacuum scale factors for tile servers
Paul Norman [Tue, 20 Feb 2018 14:35:37 +0000 (06:35 -0800)]
Set autovacuum scale factors for tile servers

Reducing these factors helps make sure autovacuum runs often
enough and keeps bloat down.

Closes #152

3 years agoAllow vacuum_scale_factor and analyze_scale_factor to be configured
Tom Hughes [Tue, 20 Feb 2018 16:05:25 +0000 (16:05 +0000)]
Allow vacuum_scale_factor and analyze_scale_factor to be configured

3 years agoRedirect http requests on render servers to https
Tom Hughes [Fri, 16 Feb 2018 18:37:38 +0000 (18:37 +0000)]
Redirect http requests on render servers to https

3 years agoFix alias processing in mediawiki apache configuration
Tom Hughes [Fri, 16 Feb 2018 12:40:12 +0000 (12:40 +0000)]
Fix alias processing in mediawiki apache configuration

3 years agoRemove junk link from wordpress cookbook
Tom Hughes [Fri, 16 Feb 2018 09:00:37 +0000 (09:00 +0000)]
Remove junk link from wordpress cookbook

3 years agoMake sure apt-transport-https is installed
Tom Hughes [Fri, 16 Feb 2018 08:31:16 +0000 (08:31 +0000)]
Make sure apt-transport-https is installed

3 years agoInstall libffi-dev for rails
Tom Hughes [Thu, 15 Feb 2018 18:24:53 +0000 (18:24 +0000)]
Install libffi-dev for rails

3 years agoAdd osm as an allowed file type for wiki uploads
Clive Blackledge [Mon, 12 Feb 2018 16:54:39 +0000 (08:54 -0800)]
Add osm as an allowed file type for wiki uploads

Fixes operations/194
Closes #150

3 years agoRemove ssl_enabled option for mediawiki sites
Tom Hughes [Sun, 11 Feb 2018 19:55:14 +0000 (19:55 +0000)]
Remove ssl_enabled option for mediawiki sites

3 years agoRemove ssl_enabled option for wordpress sites
Tom Hughes [Sun, 11 Feb 2018 19:50:25 +0000 (19:50 +0000)]
Remove ssl_enabled option for wordpress sites

3 years agoConvert some URLs to https
Tom Hughes [Sun, 11 Feb 2018 19:47:17 +0000 (19:47 +0000)]
Convert some URLs to https

3 years agoConvert more URLs to https
Tom Hughes [Sun, 11 Feb 2018 00:17:41 +0000 (00:17 +0000)]
Convert more URLs to https

3 years agonominatim: fix rights for restricted IP log
Sarah Hoffmann [Sun, 11 Feb 2018 08:59:54 +0000 (09:59 +0100)]
nominatim: fix rights for restricted IP log

3 years agoConvert various URLs to https
Tom Hughes [Sat, 10 Feb 2018 18:02:05 +0000 (18:02 +0000)]
Convert various URLs to https

3 years agoAdd https support for git.osm.org
Tom Hughes [Sat, 10 Feb 2018 17:42:52 +0000 (17:42 +0000)]
Add https support for git.osm.org

3 years agoMake trac use https when authenticating
Tom Hughes [Sat, 10 Feb 2018 17:14:20 +0000 (17:14 +0000)]
Make trac use https when authenticating

3 years agoAdd tile.openstreetmap.org to render server certificates
Tom Hughes [Sat, 10 Feb 2018 14:44:38 +0000 (14:44 +0000)]
Add tile.openstreetmap.org to render server certificates

3 years agoUse https between tile caches and render servers
Tom Hughes [Sat, 10 Feb 2018 14:28:51 +0000 (14:28 +0000)]
Use https between tile caches and render servers

3 years agoEnable SSL on tile render servers
Tom Hughes [Fri, 9 Feb 2018 19:04:44 +0000 (19:04 +0000)]
Enable SSL on tile render servers

3 years agoDisable HSTS for Firefox 52 to avoid issues with remote editing
Tom Hughes [Thu, 8 Feb 2018 19:13:36 +0000 (19:13 +0000)]
Disable HSTS for Firefox 52 to avoid issues with remote editing

3 years agonominatim: reinstate fail2ban on restricted_ips.log
Sarah Hoffmann [Wed, 7 Feb 2018 20:39:04 +0000 (21:39 +0100)]
nominatim: reinstate fail2ban on restricted_ips.log

This file is smaller so that fail2ban hopefully can handle it.

3 years agonominatim: add restricted_ips.log to log rotation
Sarah Hoffmann [Wed, 7 Feb 2018 20:38:31 +0000 (21:38 +0100)]
nominatim: add restricted_ips.log to log rotation

3 years agoUse RewriteRule for ACME redirect on gps-tile
Tom Hughes [Wed, 7 Feb 2018 14:33:30 +0000 (14:33 +0000)]
Use RewriteRule for ACME redirect on gps-tile

3 years agoRun old planet file cleanup on first Monday of the month.
Matt Amos [Mon, 5 Feb 2018 13:51:11 +0000 (13:51 +0000)]
Run old planet file cleanup on first Monday of the month.

Not every Monday and additionally the 1st through 7th, as the
previous cron configuration actually meant. Turns out the command
runs when either the day of week matches _or_ the day of month
matches, unlike all the other rules.

3 years agoFix ooc.osm.org HTML title
Grant Slater [Sun, 4 Feb 2018 11:39:19 +0000 (11:39 +0000)]
Fix ooc.osm.org HTML title

3 years agoIncrease HSTS expiry to a year
Tom Hughes [Sat, 3 Feb 2018 12:18:48 +0000 (12:18 +0000)]
Increase HSTS expiry to a year

3 years agoUpdate carto stylesheet to v4.7.1
Tom Hughes [Fri, 2 Feb 2018 19:52:04 +0000 (19:52 +0000)]
Update carto stylesheet to v4.7.1

Closes #148

3 years agoAdd crossdomain.xml for ooc site
Tom Hughes [Fri, 2 Feb 2018 19:37:20 +0000 (19:37 +0000)]
Add crossdomain.xml for ooc site

3 years agoRewrite ooc site using leaflet and bring it under chef control
Tom Hughes [Fri, 2 Feb 2018 19:23:53 +0000 (19:23 +0000)]
Rewrite ooc site using leaflet and bring it under chef control

3 years agoIncrease pool_idle_time for frontends
Tom Hughes [Thu, 1 Feb 2018 20:33:05 +0000 (20:33 +0000)]
Increase pool_idle_time for frontends

3 years agoUpdate carto stylesheet to v4.7.0
Tom Hughes [Fri, 26 Jan 2018 18:47:11 +0000 (18:47 +0000)]
Update carto stylesheet to v4.7.0

Closes #146

3 years agoSort certificates in a stable order
Tom Hughes [Fri, 26 Jan 2018 15:34:13 +0000 (15:34 +0000)]
Sort certificates in a stable order

3 years agoDon't check the certificate when the connection failed
Tom Hughes [Fri, 26 Jan 2018 15:30:13 +0000 (15:30 +0000)]
Don't check the certificate when the connection failed