X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/1b2a50a03b5beaf0d4f2e126bee875b6f66fc1bd..d054b1902c58aeda444f9c574e46c7638a65544e:/cookbooks/mediawiki/templates/default/apache.erb diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb index 16f97362d..0e173841c 100644 --- a/cookbooks/mediawiki/templates/default/apache.erb +++ b/cookbooks/mediawiki/templates/default/apache.erb @@ -1,6 +1,7 @@ # DO NOT EDIT - This file is being maintained by Chef +<% @ports.each do |port| -%> - +> ServerName <%= @name %> <% @aliases.each do |alias_name| -%> ServerAlias <%= alias_name %> @@ -8,11 +9,24 @@ ServerAdmin webmaster@openstreetmap.org +<% if port == 443 -%> + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-secure-error.log +<% else -%> CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log +<% end -%> DocumentRoot <%= @directory %> +<% if @ssl_enabled -%> + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ +<% end -%> + php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" php_value memory_limit 128M @@ -20,6 +34,13 @@ php_value upload_max_filesize 70M php_value post_max_size 100M + RewriteCond %{SERVER_NAME} !=<%= @name %> +<% if port == 443 -%> + RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent] +<% else -%> + RewriteRule ^/(.*)$ http://<%= @name %>/$1 [R=permanent] +<% end -%> + RedirectMatch 301 ^/$ /wiki/Main_Page #Historical Compatibility Links @@ -42,6 +63,7 @@ RewriteCond %{REQUEST_URI} !^/api\.php$ RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ RewriteCond %{REQUEST_URI} !^/server-status + RewriteCond %{REQUEST_URI} !^/.well-known/ RewriteCond %{LA-U:REQUEST_FILENAME} !-f RewriteCond %{LA-U:REQUEST_FILENAME} !-d RewriteRule ^/(.*) /wiki/$1 [R,L] @@ -109,114 +131,4 @@ Require all denied -<% if @ssl_enabled -%> - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - - ServerAdmin webmaster@openstreetmap.org - - SSLEngine on - - CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-secure-error.log - - DocumentRoot <%= @directory %> - - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value memory_limit 128M - php_value max_execution_time 240 - php_value upload_max_filesize 70M - php_value post_max_size 100M - - RedirectMatch 301 ^/$ /wiki/Main_Page - - #Historical Compatibility Links - RedirectMatch 301 ^/index\.php$ /w/index.php - RedirectMatch 301 ^/index\.php/(.*)$ /wiki/$1 - RedirectMatch 301 ^/skins/(.*)$ /w/skins/$1 - RedirectMatch 301 ^/images/(.*)$ /w/images/$1 - RedirectMatch 301 ^/api\.php$ /w/api.php - RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php - - Alias /wiki <%= @directory %>/w/index.php - - #Support /pagename -> /wiki/pagename - RewriteEngine on - RewriteCond %{REQUEST_URI} !^/w/ - RewriteCond %{REQUEST_URI} !^/wiki/ - RewriteCond %{REQUEST_URI} !^/index\.php - RewriteCond %{REQUEST_URI} !^/skins/ - RewriteCond %{REQUEST_URI} !^/images/ - RewriteCond %{REQUEST_URI} !^/api\.php$ - RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ - RewriteCond %{REQUEST_URI} !^/server-status - RewriteCond %{LA-U:REQUEST_FILENAME} !-f - RewriteCond %{LA-U:REQUEST_FILENAME} !-d - RewriteRule ^/(.*) /wiki/$1 [R,L] - - > - Options -Indexes - Require all granted - - - /w/images/> - # No php execution in the upload area - php_admin_flag engine off - Options -ExecCGI -Includes -Indexes - AllowOverride None -<% if @private -%> - Require all denied -<% end -%> - - - /w/images/thumb/> - RewriteEngine on - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B] - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B] - - - /w/maintenance/> - Require all denied - - - /w/LocalSettings.php> - Require all denied - - - /w/images/> - Options -ExecCGI -Includes -Indexes - AllowOverride None - AddType text/plain .html .htm .shtml - php_admin_flag engine off - - - /w/cache/> - Options -ExecCGI -Includes -Indexes - AllowOverride None - AddType text/plain .html .htm .shtml - php_admin_flag engine off - - - - Require all denied - - - - Require all denied - - - - Require all denied - - <% end -%>