X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/08e15b969def6ab80697e8830ae401ac1f197e25..4687a5bf9faa00f2ff3a14545cdd58a65a65ab8d:/cookbooks/nominatim/templates/default/apache.erb diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb index eeda42062..1afe817e5 100644 --- a/cookbooks/nominatim/templates/default/apache.erb +++ b/cookbooks/nominatim/templates/default/apache.erb @@ -16,54 +16,36 @@ # Enable SSL # SSLEngine on + SSLProxyEngine on <% end -%> + # Remove Proxy request header to mitigate https://httpoxy.org/ + RequestHeader unset Proxy early + CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log DocumentRoot <%= @directory %>/website /website/"> DirectoryIndex search.php - Options MultiViews FollowSymLinks - AddType text/html .php - AddType application/xml .phpx - AddType application/json .phpj -<% if node[:lsb][:release].to_f >= 14.04 -%> + Options FollowSymLinks Require all granted -<% end -%> - -<% if node[:lsb][:release].to_f >= 14.04 -%> - ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/ - ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/ - ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/ -<% else -%> - AddHandler fcgi:/var/run/php5-fpm-www.sock .php - AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx - AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj -<% end -%> - + ProxyPassMatch ^/([^/]*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%><%= @directory %>/website/$1 <% @pools.each do |name,details| -%> Alias /pool-<%= name %>/ "<%= @directory %>/website/" - > -<% if node[:lsb][:release].to_f >= 14.04 -%> - ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/ - ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/ - ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/ -<% else -%> - AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .php - AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .phpx - AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .phpj -<% end -%> - + <% node[:nominatim][:redirects].each do |url,host| -%> + ProxyPassMatch ^/pool-<%= name %>/(<%= url %>\.php(/.*)?) http<% if port == 443 -%>s<% end -%>://<%= host %>/pool-<%= name %>/$1 + <% end -%> + ProxyPassMatch ^/pool-<%= name %>/(.*\.php(/.*)?) fcgi://127.0.0.1:<%= details[:port ]%><%= @directory %>/website/$1 <% end -%> - Redirect 420 /pool-block/ - ErrorDocument 420 /509.html + Redirect 429 /pool-block/ + ErrorDocument 429 /509.html - ErrorDocument 420 /509.html + ErrorDocument 429 /509.html Redirect 403 /pool-ban/ @@ -78,7 +60,8 @@ # regular requests and autoblocks RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map - RewriteRule ^/([sdr].*) /pool-${bulklist:%{REMOTE_ADDR}|www}/$1 [PT] + RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT] + RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]