X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/1c848471a16f9d1ee1fc8a327af110447ea1ef4c..5d1d6ab7af250de9ceff164e5337a7c8a3319a3e:/cookbooks/dev/templates/default/apache.user.erb diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb index 9b49158f9..39f1cd60f 100644 --- a/cookbooks/dev/templates/default/apache.user.erb +++ b/cookbooks/dev/templates/default/apache.user.erb @@ -7,6 +7,9 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit ServerAdmin webmaster@openstreetmap.org ServerAlias <%= @user %>.dev.osm.org + # Remove Proxy request header to mitigate https://httpoxy.org/ + RequestHeader unset Proxy early + UseCanonicalName Off DocumentRoot <%= @directory %> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ @@ -14,39 +17,32 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit WSGIProcessGroup <%= @user %>.dev.openstreetmap.org RewriteEngine on - #RewriteLog /var/log/apache2/rewrite.log - #RewriteLogLevel 4 + #LogLevel rewrite:trace2 CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f - RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L] + RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L] RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f - RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L] - - - - SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock - - - SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock - - - - - RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f - RewriteRule ^(.*\.php)$ /cgi-bin/php-cgiwrap/~<%= @user %>/$1 [PT,L] - + RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P] > AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI Options SymLinksIfOwnerMatch Indexes Includes + Require all granted + + +/cgi-bin> + SetHandler cgi-script + Options ExecCGI SymLinksIfOwnerMatch + Require all granted /wsgi-bin> SetHandler wsgi-script Options ExecCGI SymLinksIfOwnerMatch + Require all granted