X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/3f4b1edfeb4d947832a8cf8a77579e7d584ca430..11fdeeaa56975b200a46cc3ee7124e529621fba9:/cookbooks/web/templates/default/apache.frontend.erb diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index 0be76bc21..39f2a6007 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -26,6 +26,12 @@ ErrorLog /var/log/apache2/error.log SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key + # Get the real remote IP for requests via a trusted proxy + RemoteIPHeader CF-Connecting-IP +<% @cloudflare.sort.each do |address| -%> + RemoteIPTrustedProxy <%= address %> +<% end -%> + # # Turn on various features # @@ -35,7 +41,8 @@ ErrorLog /var/log/apache2/error.log # # Configure timeouts # - RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20,MinRate=500 + RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20-120,MinRate=500 + LogLevel reqtimeout:info # # Add the unique ID to the request headers @@ -116,7 +123,7 @@ ErrorLog /var/log/apache2/error.log FileETag Size ExpiresDefault "access plus 1 year" - Header set Cache-Control "immutable, max-age=31536000" + Header set Cache-Control "immutable, max-age=31536000" "expr=%{REQUEST_STATUS} == 200" #