Convert more URLs to https

[chef.git] / cookbooks / nominatim / recipes / default.rb

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 05227bb465bcbca205711d54dcf04a829b82c14c..de01551650c312eb49b818ca93f55b4615de1e54 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -8,7 +8,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -231,7 +231,7 @@ external_data = [
 external_data.each do |fname|
   remote_file "#{source_directory}/data/#{fname}" do
     action :create_if_missing
-    source "http://www.nominatim.org/data/#{fname}"
+    source "https://www.nominatim.org/data/#{fname}"
     owner "nominatim"
     group "nominatim"
     mode 0o644
@@ -240,7 +240,7 @@ end
 
 remote_file "#{source_directory}/data/country_osm_grid.sql.gz" do
   action :create_if_missing
-  source "http://www.nominatim.org/data/country_grid.sql.gz"
+  source "https://www.nominatim.org/data/country_grid.sql.gz"
   owner "nominatim"
   group "nominatim"
   mode 0o644
@@ -370,6 +370,19 @@ template "/etc/logrotate.d/apache2" do
   mode 0o644
 end
 
+include_recipe "fail2ban"
+
+fail2ban_filter "nominatim" do
+  failregex "Warning ignored: <HOST>"
+end
+
+fail2ban_jail "nominatim" do
+  filter "nominatim"
+  logpath "#{node[:nominatim][:logdir]}/restricted_ips.log"
+  ports [80, 443]
+  maxretry 3
+end
+
 munin_plugin_conf "nominatim" do
   template "munin.erb"
   variables :db => node[:nominatim][:dbname],