# DO NOT EDIT - This file is being maintained by Chef
-<% [80, 443].each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:443>
#
# Basic server configuration
#
ServerName <%= node[:fqdn] %>
ServerAlias api.openstreetmap.org www.openstreetmap.org
ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
#
# Enable SSL
#
SSLEngine on
-<% end -%>
+ SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
#
# Setup logging
#
- LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Ts" combined_with_time
+ LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time
CustomLog /var/log/apache2/access.log combined_with_time
ErrorLog /var/log/apache2/error.log
#
RewriteEngine on
+ #
+ # Recover the unique ID from the request headers
+ #
+ SetEnvIf X-Request-Id ^(.*)$ UNIQUE_ID=$1
+
#
# Configure rails
#
RailsEnv production
PassengerMinInstances 3
PassengerMaxRequests 500
- PassengerPreStart http://www.openstreetmap.org/
+ PassengerPreStart https://www.openstreetmap.org/
+ PassengerAppGroupName rails
+ SetEnv OPENSTREETMAP_STATUS <%= @status %>
SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
#
# Get the real remote IP for requests via a trusted proxy
#
RemoteIPHeader X-Forwarded-For
- RemoteIPTrustedProxy 146.179.159.160/27
+ RemoteIPTrustedProxy 10.0.32.0/24
+ RemoteIPTrustedProxy 10.0.48.0/24
+
+ #
+ # Pass authentication related headers to cgimap
+ #
+ <Location />
+ CGIPassAuth On
+ </Location>
#
# Pass supported calls to cgimap
#
- RewriteRule ^/api/0\.6/map$ - [H=fcgi:127.0.0.1:8000]
+ RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(nodes|ways|relations)$ fcgi://127.0.0.1:8000$0 [P]
-<% else -%>
- RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+$ - [H=fcgi:127.0.0.1:8000]
- RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ - [H=fcgi:127.0.0.1:8000]
- RewriteRule ^/api/0\.6/(nodes|ways|relations)$ - [H=fcgi:127.0.0.1:8000]
-<% end -%>
+ RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+ RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
</VirtualHost>
-<% end -%>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
<Directory <%= node[:web][:base_directory] %>/rails/public>
- Require all granted
+ Require all granted
</Directory>
-<% end -%>