X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/08e15b969def6ab80697e8830ae401ac1f197e25..4687a5bf9faa00f2ff3a14545cdd58a65a65ab8d:/cookbooks/nominatim/templates/default/apache.erb
diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb
index eeda42062..1afe817e5 100644
--- a/cookbooks/nominatim/templates/default/apache.erb
+++ b/cookbooks/nominatim/templates/default/apache.erb
@@ -16,54 +16,36 @@
# Enable SSL
#
SSLEngine on
+ SSLProxyEngine on
<% end -%>
+ # Remove Proxy request header to mitigate https://httpoxy.org/
+ RequestHeader unset Proxy early
+
CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined
ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log
DocumentRoot <%= @directory %>/website
/website/">
DirectoryIndex search.php
- Options MultiViews FollowSymLinks
- AddType text/html .php
- AddType application/xml .phpx
- AddType application/json .phpj
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+ Options FollowSymLinks
Require all granted
-<% end -%>
-
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/
- ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/
- ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%>/
-<% else -%>
- AddHandler fcgi:/var/run/php5-fpm-www.sock .php
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-www.sock .phpj
-<% end -%>
-
+ ProxyPassMatch ^/([^/]*\.php(/.*)?)$ fcgi://127.0.0.1:<%= @pools[:www][:port ]%><%= @directory %>/website/$1
<% @pools.each do |name,details| -%>
Alias /pool-<%= name %>/ "<%= @directory %>/website/"
- >
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/
- ProxyPassMatch ^/(.*\.phpx(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/
- ProxyPassMatch ^/(.*\.phpj(/.*)?)$ fcgi://127.0.0.1:<%= details[:port ]%>/
-<% else -%>
- AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .php
- AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .phpx
- AddHandler fcgi:/var/run/php5-fpm-<%= name %>.sock .phpj
-<% end -%>
-
+ <% node[:nominatim][:redirects].each do |url,host| -%>
+ ProxyPassMatch ^/pool-<%= name %>/(<%= url %>\.php(/.*)?) http<% if port == 443 -%>s<% end -%>://<%= host %>/pool-<%= name %>/$1
+ <% end -%>
+ ProxyPassMatch ^/pool-<%= name %>/(.*\.php(/.*)?) fcgi://127.0.0.1:<%= details[:port ]%><%= @directory %>/website/$1
<% end -%>
- Redirect 420 /pool-block/
- ErrorDocument 420 /509.html
+ Redirect 429 /pool-block/
+ ErrorDocument 429 /509.html
- ErrorDocument 420 /509.html
+ ErrorDocument 429 /509.html
Redirect 403 /pool-ban/
@@ -78,7 +60,8 @@
# regular requests and autoblocks
RewriteMap bulklist txt:<%= @directory %>/settings/ip_blocks.map
- RewriteRule ^/([sdr].*) /pool-${bulklist:%{REMOTE_ADDR}|www}/$1 [PT]
+ RewriteRule ^/(search|reverse|lookup)(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|www}/$1.php$3 [PT]
+ RewriteRule ^/details(\.php)?(/.*)? /pool-${bulklist:%{REMOTE_ADDR}|details}/details.php$2 [PT]