# DO NOT EDIT - This file is being maintained by Chef
-WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=4
+WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000 python-home=<%= @python_home %>
<VirtualHost *:80>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- RedirectPermanent / https://<%= @name %>/
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
</VirtualHost>
+<% unless @aliases.empty? -%>
<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- SSLEngine on
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- DocumentRoot <%= @directory %>/osqa
- Alias /m/ <%= @directory %>/osqa/forum/skins/
- Alias /upfiles/ <%= @directory %>/upfiles/
- Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/
- WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% end -%>
+
+<VirtualHost *:443>
+ ServerName <%= @name %>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ DocumentRoot <%= @directory %>/osqa
+ Alias /m/ <%= @directory %>/osqa/forum/skins/
+ Alias /upfiles/ <%= @directory %>/upfiles/
+ Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/
+ WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi
+
+ WSGIProcessGroup <%= @name %>
- WSGIProcessGroup <%= @name %>
+ # Site is now closed. Block access to login page and other pages.
+ <Location /account>
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+ </Location>
+ <Location /questions/ask/>
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+ </Location>
+ <Location /contact/>
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+ </Location>
+ <Location /search/>
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+ </Location>
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} POST
+ RewriteRule ^/questions - [F,NC]
</VirtualHost>
<Directory <%= @directory %>/osqa>