# DO NOT EDIT - This file is being maintained by Chef
<% [80, 443].each do |port| -%>
# Basic server configuration
ServerName <%= node[:fqdn] %>
ServerAlias api.openstreetmap.org www.openstreetmap.org
ServerAdmin webmaster@openstreetmap.org
<% if port == 443 -%>
# Enable SSL
SSLEngine on
SSLProxyEngine on
<% end -%>
# Setup logging
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Ts" combined_with_time
CustomLog /var/log/apache2/access.log combined_with_time
ErrorLog /var/log/apache2/error.log
# Turn on various features
ExpiresActive On
RewriteEngine on
# Block troublesome GPX data scrapping
RewriteRule ^/trace/\d+/data - [F,L]
# Block tilesAtHome
RewriteCond %{HTTP_USER_AGENT} tilesAtHome
RewriteRule . - [F,L]
# Block requests for the old 404 map tile
RewriteRule ^/openlayers/img/404.png$ - [G,L]
# Block attempts to access old API versions
RewriteRule ^/api/0.[12345]/ - [G,L]
# Block JOSM revisions 1722-1727 as they have a serious bug that causes
# lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)"
RewriteRule . - [F,L]
# Block a changeset that seems to lock things up
RewriteRule ^/api/0.6/changeset/6823497/download$ - [F,L]
# Force special MIME type for crossdomain.xml files
ForceType text/x-cross-domain-policy
# Set expiry for assets
Header unset Last-Modified
Header unset ETag
FileETag None
ExpiresDefault "access plus 1 year"
# Set expiry for attachments
Header unset Last-Modified
Header unset ETag
FileETag None
ExpiresDefault "access plus 1 year"
# Set expiry for other static content
ExpiresDefault "access plus 7 days"
ExpiresDefault "access plus 10 years"
ExpiresDefault "access plus 10 years"
ExpiresDefault "access plus 7 days"
ExpiresDefault "access plus 10 years"
# Set expiry for Potlatch 1
ExpiresDefault "access plus 7 days"
# Set expiry for Potlatch 2
ExpiresByType application/x-shockwave-flash "access plus 1 day"
ExpiresByType application/xml "access plus 1 day"
ExpiresByType text/css "access plus 1 day"
ExpiresByType image/png "access plus 7 days"
# Configure rails
DocumentRoot <%= node[:web][:base_directory] %>/rails/public
RailsEnv production
PassengerMinInstances 10
PassengerMaxRequests 5000
PassengerMaxRequestQueueSize 250
<% if port == 443 -%>
PassengerPreStart https://www.openstreetmap.org/
<% else -%>
PassengerPreStart http://www.openstreetmap.org/
<% end -%>
SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico
Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
Alias /stats /store/rails/stats
Alias /user/image /store/rails/user/image
Alias /attachments /store/rails/attachments
# Preserve the host name when forwarding to the proxy
ProxyPreserveHost on
# Set a long timeout - changeset uploads can take a long time
ProxyTimeout 3600
# Allow all proxy requests
Allow from all
# Pass some other API calls to the backends via a load balancer
ProxyPass /api/0.6/map balancer://backend/api/0.6/map
ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints
ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read
ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints
ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/(upload|download))$ balancer://backend$1
ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1
ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1
ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes
ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways
ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations
ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1
# Redirect trac and wiki requests to the right places
RedirectPermanent /trac/ http://trac.openstreetmap.org/
RedirectPermanent /wiki/ http://wiki.openstreetmap.org/
# Redirect requests for various images to the right place
RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
# Define a load balancer for the backends
ProxySet lbmethod=bybusyness
<% if port == 443 -%>
BalancerMember https://rails1 disablereuse=on
BalancerMember https://rails2 disablereuse=on
BalancerMember https://rails3 disablereuse=on
<% else -%>
BalancerMember http://rails1
BalancerMember http://rails2
BalancerMember http://rails3
<% end -%>
<% if port == 80 -%>
# Redirect requests which should be secure to https
RewriteCond %{REQUEST_URI} ^/login(\.html)?$ [OR]
RewriteCond %{REQUEST_URI} ^/user/(new|create-account\.html)$ [OR]
RewriteCond %{REQUEST_URI} ^/user/terms$ [OR]
RewriteCond %{REQUEST_URI} ^/user/save$ [OR]
RewriteCond %{REQUEST_URI} ^/user/([^/]+)/account$ [OR]
RewriteCond %{REQUEST_URI} ^/user/reset-password$
RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
# Redirect api requests made to www.osm.org to api.osm.org
# RewriteCond %{HTTP_HOST} =www.openstreetmap.org
# RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent]
# Redirect non-api requests made to api.osm.org to www.osm.org
RewriteCond %{HTTP_HOST} =api.openstreetmap.org
RewriteCond %{REQUEST_URI} !^/api/
RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent]
<% elsif port == 443 -%>
# Redirect api requests made to www.osm.org to api.osm.org
# RewriteCond %{HTTP_HOST} =www.openstreetmap.org
# RewriteRule ^/api/(.*)$ https://api.openstreetmap.org/api/$1 [L,NE,R=permanent]
# Redirect non-api requests made to api.osm.org to www.osm.org
RewriteCond %{HTTP_HOST} =api.openstreetmap.org
RewriteCond %{REQUEST_URI} !^/api/
RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
<% end -%>
<% end -%>
ServerName openstreetmap.org
ServerAlias maps.openstreetmap.org mapz.openstreetmap.org
ServerAlias openstreetmap.com www.openstreetmap.com
ServerAlias maps.openstreetmap.com mapz.openstreetmap.com
ServerAlias openstreetmap.net www.openstreetmap.net
ServerAlias maps.openstreetmap.net mapz.openstreetmap.net
ServerAlias openstreetmap.ca www.openstreetmap.ca
ServerAlias maps.openstreetmap.ca mapz.openstreetmap.ca
ServerAlias openstreetmap.eu www.openstreetmap.eu
ServerAlias maps.openstreetmap.eu mapz.openstreetmap.eu
ServerAlias openstreetmap.pro www.openstreetmap.pro
ServerAlias maps.openstreetmap.pro mapz.openstreetmap.pro
ServerAlias openstreetmaps.org www.openstreetmaps.org
ServerAlias maps.openstreetmaps.org mapz.openstreetmaps.org
ServerAlias osm.org www.osm.org
ServerAlias maps.osm.org mapz.osm.org
ServerAlias openmaps.org www.openmaps.org
ServerAlias maps.openmaps.org mapz.openmaps.org
ServerAlias openstreetmap.io www.openstreetmap.io
ServerAlias maps.openstreetmap.io mapz.openstreetmap.io
ServerAlias osm.io www.osm.io
ServerAlias maps.osm.io mapz.osm.io
ServerAlias openworldmap.org www.openworldmap.org
ServerAlias maps.openworldmap.org mapz.openworldmap.org
ServerAlias freeosm.org www.freeosm.org
ServerAlias maps.freeosm.org mapz.freeosm.org
ServerAlias open-maps.org www.open-maps.org
ServerAlias maps.open-maps.org mapz.open-maps.org
ServerAlias open-maps.com www.open-maps.com
ServerAlias maps.open-maps.com mapz.open-maps.com
ServerAlias osmbugs.org www.osmbugs.org
ServerAlias maps.osmbugs.org mapz.osmbugs.org
#Third Party Sites
ServerAlias openstreetmap.pm www.openstreetmap.pm
RedirectPermanent / http://www.openstreetmap.org/
ServerName openstreetmap.org
ServerAlias maps.openstreetmap.org mapz.openstreetmap.org
SSLEngine on
RedirectPermanent / https://www.openstreetmap.org/
ServerName openstreetmap.org.uk
ServerAlias www.openstreetmap.org.uk
ServerAlias openstreetmap.co.uk
ServerAlias www.openstreetmap.co.uk
RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics
RedirectPermanent / http://www.openstreetmap.org/
Require all granted
Require all granted
Require all granted
Require all granted
Require all granted
Require all granted