# DO NOT EDIT - This file is being maintained by Chef <% [80, 443].each do |port| -%> > # # Basic server configuration # ServerName <%= node[:fqdn] %> ServerAlias api.openstreetmap.org www.openstreetmap.org ServerAdmin webmaster@openstreetmap.org <% if port == 443 -%> # # Enable SSL # SSLEngine on SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key <% end -%> # # Setup logging # LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time CustomLog /var/log/apache2/access.log combined_with_time ErrorLog /var/log/apache2/error.log # # Turn on the rewrite engine # RewriteEngine on # # Recover the unique ID from the request headers # SetEnvIf X-Request-Id ^(.*)$ UNIQUE_ID=$1 # # Configure rails # DocumentRoot <%= node[:web][:base_directory] %>/rails/public RailsEnv production PassengerMinInstances 3 PassengerMaxRequests 500 <% if port == 443 -%> PassengerPreStart https://www.openstreetmap.org/ <% else -%> PassengerPreStart http://www.openstreetmap.org/ <% end -%> SetEnv SECRET_KEY_BASE <%= @secret_key_base %> # # Get the real remote IP for requests via a trusted proxy # RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 146.179.159.160/27 RemoteIPTrustedProxy 10.0.32.0/24 # # Pass authentication related headers to cgimap # CGIPassAuth On # # Pass supported calls to cgimap # RewriteRule ^/api/0\.6/map$ fcgi://127.0.0.1:8000$0 [P] RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$ RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/(nodes|ways|relations)$ fcgi://127.0.0.1:8000$0 [P] RewriteRule ^/api/0\.6/changeset/[0-9]+/download$ fcgi://127.0.0.1:8000$0 [P] <% end -%> /rails/public> Require all granted