imagery: use limit_as on service

[chef.git] / cookbooks / dev / templates / default / apache.user.erb

diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index a63829afb156227f0a05dbf4076fe9f2d09b18dd..a6d4d8866402de0405897b2048174113ab6a783a 100644 (file)
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -2,11 +2,15 @@
 
 WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivity-timeout=600
 
-<VirtualHost *:80>
+<VirtualHost *:443>
        ServerName <%= @user %>.dev.openstreetmap.org
        ServerAdmin webmaster@openstreetmap.org
        ServerAlias <%= @user %>.dev.osm.org
 
+       SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/<%= @user %>.dev.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/<%= @user %>.dev.openstreetmap.org.key
+
        # Remove Proxy request header to mitigate https://httpoxy.org/
        RequestHeader unset Proxy early
 
@@ -22,22 +26,37 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
 
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
-        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
        RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
 </VirtualHost>
 
+<VirtualHost *:80>
+       ServerName <%= @user %>.dev.openstreetmap.org
+       ServerAdmin webmaster@openstreetmap.org
+       ServerAlias <%= @user %>.dev.osm.org
+
+       CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
+       ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
+
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+       RedirectPermanent / https://<%= @user %>.dev.openstreetmap.org/
+</VirtualHost>
+
 <Directory <%= @directory %>>
        AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI
        Options SymLinksIfOwnerMatch Indexes Includes
        Require all granted
 </Directory>
 
+<Directory <%= @directory %>/cgi-bin>
+       SetHandler cgi-script
+       Options ExecCGI SymLinksIfOwnerMatch
+       Require all granted
+</Directory>
+
 <Directory <%= @directory %>/wsgi-bin>
        SetHandler wsgi-script
        Options ExecCGI SymLinksIfOwnerMatch