]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nominatim: add read timeout to apache
[chef.git] / cookbooks / nominatim / recipes / default.rb
diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 5dedfd4e7574b38fa67d94706a4f456ea65b3e25..a8009759ff3dba77926ab82870173bf54b2d8b5e 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -306,6 +306,7 @@ apache_module "proxy"
 apache_module "proxy_fcgi"
 apache_module "proxy_http"
 apache_module "headers"
+apache_module "reqtimeout"
 
 service "php7.0-fpm" do
   action [:enable, :start]
@@ -352,8 +353,12 @@ end
 
 include_recipe "fail2ban"
 
+web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010
+  n.ipaddresses(:role => :external)
+end.flatten
+
 fail2ban_filter "nominatim" do
-  failregex '^<HOST> - - \[\] "[^"]+" 429 '
+  failregex '^<HOST> - - \[\] "[^"]+" (408|429) '
 end
 
 fail2ban_jail "nominatim" do
@@ -361,6 +366,7 @@ fail2ban_jail "nominatim" do
   logpath "/var/log/apache2/nominatim.openstreetmap.org-access.log"
   ports [80, 443]
   maxretry 100
+  ignoreips web_servers
 end
 
 munin_plugin_conf "nominatim" do
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.