]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/templates/default/apache.erb
nominatim: fix typo
[chef.git] / cookbooks / nominatim / templates / default / apache.erb
index d14a5c8edfe372ad12c33323f57b944ef2c68471..652fd93a334251e9a3133f1d3a4f2e5062dc5b8e 100644 (file)
@@ -5,20 +5,28 @@
     ServerName <%= node[:fqdn] %>
     ServerAlias nominatim.openstreetmap.org
     ServerAlias nominatim.osm.org
-    ServerAlias nominatim.openstreetmap.org
+    ServerAlias nominatim.openstreetmap.com
     ServerAlias nominatim.openstreetmap.net
     ServerAlias nominatim.openstreetmaps.org
     ServerAlias nominatim.openmaps.org
     ServerAdmin webmaster@openstreetmap.org
 
 <% if port == 443 -%>
-    #
     # Enable SSL
-    #
     SSLEngine on
     SSLProxyEngine on
+    SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
+    SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+<% else -%>
+    # Redirect ACME challenges for certificate issuance
+    RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
 <% end -%>
 
+    # Remove Proxy request header to mitigate https://httpoxy.org/
+    RequestHeader unset Proxy early
+
+    RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500
+
     CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
     ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
 
@@ -57,7 +65,8 @@
 
     # regular requests and autoblocks
     RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
-    RewriteRule ^/(search|reverse|details|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+    RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+    RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
 
 </VirtualHost>