]> git.openstreetmap.org Git - chef.git/blob - cookbooks/planet/templates/default/apache.erb
Relax sandboxing to allow JIT for osmosis
[chef.git] / cookbooks / planet / templates / default / apache.erb
1 # DO NOT EDIT - This file is being maintained by Chef
2
3 <VirtualHost *:443>
4         ServerName planet.openstreetmap.org
5         ServerAlias planet.osm.org
6         ServerAdmin webmaster@openstreetmap.org
7
8         CustomLog /var/log/apache2/planet.openstreetmap.org-access.log combined
9         ErrorLog /var/log/apache2/planet.openstreetmap.org-error.log
10
11         SSLEngine on
12         SSLCertificateFile /etc/ssl/certs/planet.openstreetmap.org.pem
13         SSLCertificateKeyFile /etc/ssl/private/planet.openstreetmap.org.key
14
15         DocumentRoot /store/planet
16
17         <Directory /store/planet>
18                 Options Indexes FollowSymLinks MultiViews ExecCGI
19                 AllowOverride All
20                 IndexIgnore .ht* . robots.txt HEADER.html HEADER.cgi logo.png style.css
21                 IndexOptions FancyIndexing FoldersFirst NameWidth=* TrackModified SuppressHTMLPreamble
22                 HeaderName HEADER.cgi
23                 IndexOrderDefault Descending Date
24                 AddType text/html .cgi
25                 AddHandler cgi-script .cgi
26                 Require all granted
27         </Directory>
28
29         Redirect /pbf-experimental/     /pbf/
30
31         <IfModule mod_headers.c>
32                 Header set Access-Control-Allow-Origin "*"
33         </IfModule>
34
35         RewriteEngine on
36         RewriteMap latestplanet prg:/usr/local/bin/apache-latest-planet-filename
37
38         #Direct, no redirect for the following
39         RewriteCond %{REMOTE_ADDR}  ^127\.                           [OR]
40         RewriteCond %{REMOTE_ADDR}  ^10\.                              [OR]
41         RewriteCond %{REMOTE_ADDR}  ^193\.60\.       [OR]
42         RewriteCond %{REMOTE_ADDR}  ^193\.61\.       [OR]
43         RewriteCond %{REMOTE_ADDR}  ^193\.62\.       [OR]
44         RewriteCond %{REMOTE_ADDR}  ^193\.63\.       [OR]
45         RewriteCond %{QUERY_STRING} nomirror
46         RewriteRule     .*      - [L]
47
48         RewriteRule ^(/planet/planet\-latest\.osm\.bz2(\.torrent)?)$                ${latestplanet:$1} [R,L]
49         RewriteRule ^(/planet/full\-history/history\-latest\.osm\.bz2(\.torrent)?)$ ${latestplanet:$1} [R,L]
50         RewriteRule ^(/planet/changesets\-latest\.osm\.bz2(\.torrent)?)$            ${latestplanet:$1} [R,L]
51         RewriteRule ^(/planet/discussions\-latest\.osm\.bz2(\.torrent)?)$           ${latestplanet:$1} [R,L]
52
53         RewriteRule ^(/pbf/planet\-latest\.osm\.pbf(\.torrent)?)$                   ${latestplanet:$1} [R,L]
54         RewriteRule ^(/pbf/full\-history/history\-latest\.osm\.pbf(\.torrent)?)$    ${latestplanet:$1} [R,L]
55
56         RewriteRule ^(/cc\-by\-sa/pbf/planet\-latest\.osm\.pbf)$        ${latestplanet:$1} [R,L]
57         RewriteRule ^(/cc\-by\-sa/planet\-latest\.osm\.bz2)$            ${latestplanet:$1} [R,L]
58         RewriteRule ^(/cc\-by\-sa/changesets\-latest\.osm\.bz2)$        ${latestplanet:$1} [R,L]
59         RewriteRule ^(/cc\-by\-sa/relations\-latest\.osm\.bz2)$         ${latestplanet:$1} [R,L]
60
61         # Block an abusive fake user agent
62         RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"
63         RewriteRule /.*$ - [F,L]
64
65         # Temporary download rate limit due to upstream fibre connection issues. - 13 Jan 2020
66         <FilesMatch ".+\.(7z|bz2|gz|pbf|tgz|xz)$">
67           SetOutputFilter RATE_LIMIT
68           SetEnv rate-limit 4096
69           SetEnv rate-initial-burst 8192
70         </FilesMatch>
71 </VirtualHost>
72
73 <VirtualHost *:80>
74         ServerName planet.openstreetmap.org
75         ServerAlias planet.osm.org
76         ServerAdmin webmaster@openstreetmap.org
77
78         CustomLog /var/log/apache2/planet.openstreetmap.org-access.log combined
79         ErrorLog /var/log/apache2/planet.openstreetmap.org-error.log
80
81         RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
82         RedirectPermanent / https://planet.openstreetmap.org/
83 </VirtualHost>