X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/2a1699d4d61fef62763ce1773c2eb7d7e8df2d56..19aeb7bfffb852ab8be005c004b1ef8e555a5b77:/cookbooks/web/templates/default/apache.frontend.erb?ds=sidebyside diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index ea64b6fa4..3d244eff0 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -6,7 +6,7 @@ # Basic server configuration # ServerName <%= node[:fqdn] %> - ServerAlias api.openstreetmap.org www.openstreetmap.org + ServerAlias api.openstreetmap.org www.openstreetmap.org 127.0.0.1 ServerAdmin webmaster@openstreetmap.org <% if port == 443 -%> @@ -15,6 +15,8 @@ # SSLEngine on SSLProxyEngine on + SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key <% end -%> # @@ -56,7 +58,7 @@ # Block changeset scraper # RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner" - RewriteRule . - [F,L] + RewriteRule . - [F,L] # # Block requests for the old 404 map tile @@ -185,12 +187,13 @@ # # Pass some other API calls to the backends via a load balancer # - ProxyPass /api/0.6/map balancer://bytemark/api/0.6/map - ProxyPass /api/0.6/tracepoints balancer://bytemark/api/0.6/tracepoints - ProxyPass /api/0.6/amf/read balancer://bytemark/api/0.6/amf/read - ProxyPass /api/0.6/swf/trackpoints balancer://bytemark/api/0.6/swf/trackpoints - ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://bytemark$1 - ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://bytemark$1 + ProxyPass /api/0.6/map balancer://backend/api/0.6/map + ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints + ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read + ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints + ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+)$ balancer://backend$1 + ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/upload)$ balancer://ic$1 + ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/download)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1 ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1 ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes @@ -198,6 +201,11 @@ ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1 + # + # Redirect ACME certificate challenges + # + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + # # Redirect trac and wiki requests to the right places # @@ -215,7 +223,7 @@ # ProxySet lbmethod=bybusyness -<% (node[:web][:backends] + ["rails4.bm", "rails5.bm"]).each do |backend| -%> +<% node[:web][:backends].each do |backend| -%> <% if port == 443 -%> BalancerMember https://<%= backend %> disablereuse=on <% else -%> @@ -225,11 +233,11 @@ # - # Define a load balancer for the Bytemark backends + # Define a load balancer for the IC backends # - + ProxySet lbmethod=bybusyness -<% ["rails4.bm", "rails5.bm"].each do |backend| -%> +<% ["rails1.ic", "rails2.ic", "rails3.ic"].each do |backend| -%> <% if port == 443 -%> BalancerMember https://<%= backend %> disablereuse=on <% else -%> @@ -280,65 +288,34 @@ <% end -%> + + ServerName openstreetmap.org.uk + ServerAlias www.openstreetmap.org.uk + ServerAlias openstreetmap.co.uk + ServerAlias www.openstreetmap.co.uk + + RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics + RedirectPermanent / http://www.openstreetmap.org/ + + ServerName openstreetmap.org - ServerAlias maps.openstreetmap.org mapz.openstreetmap.org - ServerAlias openstreetmap.com www.openstreetmap.com - ServerAlias maps.openstreetmap.com mapz.openstreetmap.com - ServerAlias openstreetmap.net www.openstreetmap.net - ServerAlias maps.openstreetmap.net mapz.openstreetmap.net - ServerAlias openstreetmap.ca www.openstreetmap.ca - ServerAlias maps.openstreetmap.ca mapz.openstreetmap.ca - ServerAlias openstreetmap.eu www.openstreetmap.eu - ServerAlias maps.openstreetmap.eu mapz.openstreetmap.eu - ServerAlias openstreetmap.pro www.openstreetmap.pro - ServerAlias maps.openstreetmap.pro mapz.openstreetmap.pro - ServerAlias openstreetmaps.org www.openstreetmaps.org - ServerAlias maps.openstreetmaps.org mapz.openstreetmaps.org - ServerAlias osm.org www.osm.org - ServerAlias maps.osm.org mapz.osm.org - ServerAlias openmaps.org www.openmaps.org - ServerAlias maps.openmaps.org mapz.openmaps.org - ServerAlias openstreetmap.io www.openstreetmap.io - ServerAlias maps.openstreetmap.io mapz.openstreetmap.io - ServerAlias osm.io www.osm.io - ServerAlias maps.osm.io mapz.osm.io - ServerAlias openworldmap.org www.openworldmap.org - ServerAlias maps.openworldmap.org mapz.openworldmap.org - ServerAlias freeosm.org www.freeosm.org - ServerAlias maps.freeosm.org mapz.freeosm.org - ServerAlias open-maps.org www.open-maps.org - ServerAlias maps.open-maps.org mapz.open-maps.org - ServerAlias open-maps.com www.open-maps.com - ServerAlias maps.open-maps.com mapz.open-maps.com - ServerAlias osmbugs.org www.osmbugs.org - ServerAlias maps.osmbugs.org mapz.osmbugs.org - - #Third Party Sites - ServerAlias openstreetmap.pm www.openstreetmap.pm + ServerAlias * RedirectPermanent / http://www.openstreetmap.org/ ServerName openstreetmap.org - ServerAlias maps.openstreetmap.org mapz.openstreetmap.org + ServerAlias * SSLEngine on + SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem + SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key RedirectPermanent / https://www.openstreetmap.org/ - - ServerName openstreetmap.org.uk - ServerAlias www.openstreetmap.org.uk - ServerAlias openstreetmap.co.uk - ServerAlias www.openstreetmap.co.uk - - RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics - RedirectPermanent / http://www.openstreetmap.org/ - - /rails/public> Require all granted