]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/dev/templates/default/apache.rails.erb
Restrict alertmanager web interface to admin users
[chef.git] / cookbooks / dev / templates / default / apache.rails.erb
index c8f5f779d52d4a3e9170269a1dea3f6266b17181..cf2a56613961280d80353b72ea1aa12f0b586e72 100644 (file)
@@ -14,7 +14,7 @@
         CustomLog /var/log/apache2/<%= @name %>-access.log combined
         ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-        DocumentRoot /srv/<%= @name %>/public
+        DocumentRoot /srv/<%= @name %>/rails/public
 
         RailsEnv production
         PassengerAppGroupName <%= @application_name %>
         <Files crossdomain.xml>
                 ForceType text/x-cross-domain-policy
         </Files>
+<% if @cgimap_enabled -%>
+
+        # Pass authentication related headers to cgimap
+        <Location />
+                CGIPassAuth On
+        </Location>
+
+        # Set a long timeout for proxying to cgimap
+        ProxyTimeout 3600
+
+        # Pass supported calls to cgimap
+        RewriteEngine on
+        RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
+        RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+<% end -%>
 </VirtualHost>
 
 <VirtualHost *:80>
         Header set X-Robots-Tag "noindex, nofollow"
 </VirtualHost>
 
-<Directory /srv/<%= @name %>/public>
+<Directory /srv/<%= @name %>/rails/public>
         Require all granted
 </Directory>
 
-<Directory /srv/<%= @name %>/app/assets>
+<Directory /srv/<%= @name %>/rails/app/assets>
         Require all granted
 </Directory>
 
-<Directory /srv/<%= @name %>/vendor/assets>
+<Directory /srv/<%= @name %>/rails/vendor/assets>
         Require all granted
 </Directory>