# DO NOT EDIT - This file is being maintained by Chef
-<% @ports.each do |port| -%>
-<VirtualHost *:<%= port %>>
+<VirtualHost *:80>
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>
ServerName <%= @name %>
<% @aliases.each do |alias_name| -%>
ServerAlias <%= alias_name %>
ServerAdmin webmaster@openstreetmap.org
-<% if port == 443 -%>
SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
-<% else -%>
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-<% end -%>
DocumentRoot <%= @directory %>
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
- #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value memory_limit 128M
- php_value max_execution_time 240
- php_value upload_max_filesize 70M
- php_value post_max_size 100M
+ AllowEncodedSlashes NoDecode
+
+ ProxyTimeout 300
+
+ RewriteCond %{SERVER_NAME} !=<%= @name %>
+ RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
RedirectMatch 301 ^/$ /wiki/Main_Page
RedirectMatch 301 ^/api\.php$ /w/api.php
RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php
+ #Support Wikidata redirects based on Wikimedia's redirects:
+ # https://github.com/wikimedia/puppet/blob/production/modules/mediawiki/files/apache/sites/wikidata-uris.incl
+ RedirectMatch 301 ^/entity/statement/([QqPp]\d+).*$ /wiki/Special:EntityData/$1
+ RedirectMatch 301 ^/value/(.*)$ /wiki/Special:ListDatatypes
+ RedirectMatch 301 ^/reference/(.*)$ https://wikidata.org/wiki/Help:Sources
+ RedirectMatch 301 ^/prop/direct/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/direct-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/novalue/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/entity/(.*)$ /wiki/Special:EntityData/$1
+
Alias /wiki <%= @directory %>/w/index.php
#Support /pagename -> /wiki/pagename
RewriteCond %{REQUEST_URI} !^/images/
RewriteCond %{REQUEST_URI} !^/api\.php$
RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
+ RewriteCond %{REQUEST_URI} !^/entity/
+ RewriteCond %{REQUEST_URI} !^/value/
+ RewriteCond %{REQUEST_URI} !^/reference/
+ RewriteCond %{REQUEST_URI} !^/prop/
+ RewriteCond %{REQUEST_URI} !^/dump/
RewriteCond %{REQUEST_URI} !^/server-status
+ RewriteCond %{REQUEST_URI} !^/.well-known/
RewriteCond %{LA-U:REQUEST_FILENAME} !-f
RewriteCond %{LA-U:REQUEST_FILENAME} !-d
RewriteRule ^/(.*) /wiki/$1 [R,L]
<Directory <%= @directory %>>
Options -Indexes
Require all granted
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+ </FilesMatch>
</Directory>
<Directory <%= @directory %>/w/images/>
- # No php execution in the upload area
- php_admin_flag engine off
Options -ExecCGI -Includes -Indexes
AllowOverride None
AddType text/plain .html .htm .shtml
-<% if @private -%>
+<% if @private_site -%>
Require all denied
<% end -%>
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler None
+ </FilesMatch>
</Directory>
<Directory <%= @directory %>/w/images/thumb/>
Options -ExecCGI -Includes -Indexes
AllowOverride None
AddType text/plain .html .htm .shtml
- php_admin_flag engine off
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler None
+ </FilesMatch>
+ </Directory>
+
+ <Directory <%= @directory %>/dump/>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride All
+ IndexIgnore .ht* . robots.txt HEADER.html HEADER.cgi logo.png style.css
+ IndexOptions FancyIndexing FoldersFirst NameWidth=* TrackModified
+ IndexOrderDefault Descending Date
</Directory>
<Directory ~ "\.svn">
Require all denied
</Files>
</VirtualHost>
-<% end -%>