# limitations under the License.
#
+include_recipe "accounts"
include_recipe "munin"
+include_recipe "php::fpm"
basedir = data_bag_item("accounts", "nominatim")["home"]
email_errors = data_bag_item("accounts", "lonvia")["email"]
python3-pyosmium
pyosmium
python3-psycopg2
- php
- php-fpm
php-pgsql
php-intl
]
mode 0o775
end
-file "#{basedir}/etc/nginx_blocked_user_agent.conf" do
- action :create_if_missing
- owner "nominatim"
- group "adm"
- mode 0o664
-end
-
-file "#{basedir}/etc/nginx_blocked_referrer.conf" do
- action :create_if_missing
- owner "nominatim"
- group "adm"
- mode 0o664
-end
-
-service "php7.2-fpm" do
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
+%w[user_agent referrer email].each do |name|
+ file "#{basedir}/etc/nginx_blocked_#{name}.conf" do
+ action :create_if_missing
+ owner "nominatim"
+ group "adm"
+ mode 0o664
+ end
end
node[:nominatim][:fpm_pools].each do |name, data|
- template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do
- source "fpm.conf.erb"
- owner "root"
- group "root"
- mode 0o644
+ php_fpm name do
+ template "fpm.conf.erb"
variables data.merge(:name => name)
- notifies :reload, "service[php7.2-fpm]"
end
end
template "nginx.erb"
directory build_directory
variables :pools => node[:nominatim][:fpm_pools],
+ :frontends => search(:node, "recipes:web\\:\\:frontend"),
:confdir => "#{basedir}/etc"
end
target "#{source_directory}/munin/nominatim_requests_querylog"
end
-munin_plugin "nominatim_throttled_ips" do
- target "#{source_directory}/munin/nominatim_throttled_ips"
-end
-
directory "#{basedir}/status" do
owner "nominatim"
group "postgres"
mode 0o775
end
+
+include_recipe "fail2ban"
+
+fail2ban_jail "nominatim_limit_req" do
+ filter "nginx-limit-req"
+ logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
+ ports [80, 443]
+ maxretry 5
+end
projects / chef.git / blobdiff