# DO NOT EDIT - This file is being maintained by Chef
-<VirtualHost *:80>
- ServerName nominatim.openstreetmap.org
- ServerAdmin webmaster@openstreetmap.org
- ServerAlias nominatim.osm.org
+<VirtualHost *:443>
+ ServerName <%= node[:fqdn] %>
ServerAlias nominatim.openstreetmap.org
+ ServerAlias nominatim.osm.org
+ ServerAlias nominatim.openstreetmap.com
ServerAlias nominatim.openstreetmap.net
ServerAlias nominatim.openstreetmaps.org
ServerAlias nominatim.openmaps.org
+ ServerAdmin webmaster@openstreetmap.org
+
+ # Enable SSL
+ SSLEngine on
+ SSLProxyEngine on
+ SSLCertificateFile /etc/ssl/certs/nominatim.openstreetmap.org.pem
+ SSLCertificateKeyFile /etc/ssl/private/nominatim.openstreetmap.org.key
+
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
- CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
+ RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500
+
+ CustomLog <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
DocumentRoot <%= @directory %>/website
<Directory "<%= @directory %>/website/">
DirectoryIndex search.php
- Options MultiViews FollowSymLinks
- AddType text/html .php
- AddType application/xml .phpx
- AddType application/json .phpj
- AddHandler fcgi:/var/run/php5-fpm-www.sock .php
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj
+ Options FollowSymLinks
+ Require all granted
</Directory>
- Alias /pool-www/ "<%= @directory %>/website/"
- <Location /pool-www>
- AddHandler fcgi:/var/run/php5-fpm-www.sock .php
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj
- </Location>
- Alias /pool-bulk/ "<%= @directory %>/website/"
- <Location /pool-bulk>
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .php
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-bulk.sock .phpj
- </Location>
- Redirect 509 /pool-block/
- ErrorDocument 509 /509.html
+ ProxyPassMatch ^/([^/]*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%><%= @directory %>/website/$1
+
+ <% @pools.each do |name,details| -%>
+ Alias /pool-<%= name %>/ "<%= @directory %>/website/"
+ <% node[:nominatim][:redirects].each do |url,host| -%>
+ ProxyPassMatch ^/pool-<%= name %>/(<%= url %>\.php(/.*)?) http<% if port == 443 -%>s<% end -%>://<%= host %>/pool-<%= name %>/$1
+ <% end -%>
+ ProxyPassMatch ^/pool-<%= name %>/(.*\.php(/.*)?) fcgi://127.0.0.1:<%= details[:port ]%><%= @directory %>/website/$1
+ <% end -%>
+
+ Redirect 429 /pool-block/
+ ErrorDocument 429 /509.html
<Location /pool-block>
- ErrorDocument 509 /509.html
+ ErrorDocument 429 /509.html
</Location>
Redirect 403 /pool-ban/
<Location /pool-ban>
# regular requests and autoblocks
RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
- RewriteRule ^/([sdr].*) /pool-${bulklist:%{REMOTE_ADDR}|www}/$1 [PT]
+ RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+ RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName <%= node[:fqdn] %>
+ ServerAlias nominatim.openstreetmap.org
+ ServerAlias nominatim.osm.org
+ ServerAlias nominatim.openstreetmap.com
+ ServerAlias nominatim.openstreetmap.net
+ ServerAlias nominatim.openstreetmaps.org
+ ServerAlias nominatim.openmaps.org
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined
+ ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
+
+ RewriteEngine On
+
+ # manual blocks
+ Include <%= @directory %>/settings/apache_blocks.conf
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://nominatim.openstreetmap.org/
</VirtualHost>