X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/46d97368eb6034f2eb95d5a8400bd4bf6faf4ed2..84c674ad57aead0d89ad041ca079f3e681c3f57c:/cookbooks/mediawiki/templates/default/apache.erb
diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index dcded20cc..d5485a620 100644
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -11,135 +11,10 @@
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
- DocumentRoot <%= @directory %>
-
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
- #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value memory_limit 128M
- php_value max_execution_time 240
- php_value upload_max_filesize 70M
- php_value post_max_size 100M
-
- RedirectMatch 301 ^/$ /wiki/Main_Page
-
- #Historical Compatibility Links
- RedirectMatch 301 ^/index\.php$ /w/index.php
- RedirectMatch 301 ^/index\.php/(.*)$ /wiki/$1
- RedirectMatch 301 ^/skins/(.*)$ /w/skins/$1
- RedirectMatch 301 ^/images/(.*)$ /w/images/$1
- RedirectMatch 301 ^/api\.php$ /w/api.php
- RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php
-
- Alias /wiki <%= @mediawiki[:directory] %>/index.php
-
- #Support /pagename -> /wiki/pagename
- RewriteEngine on
- RewriteCond %{REQUEST_URI} !^/w/
- RewriteCond %{REQUEST_URI} !^/wiki/
- RewriteCond %{REQUEST_URI} !^/index\.php
- RewriteCond %{REQUEST_URI} !^/skins/
- RewriteCond %{REQUEST_URI} !^/images/
- RewriteCond %{REQUEST_URI} !^/api\.php$
- RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
- RewriteCond %{REQUEST_URI} !^/server-status
- RewriteCond %{LA-U:REQUEST_FILENAME} !-f
- RewriteCond %{LA-U:REQUEST_FILENAME} !-d
- RewriteRule ^/(.*) /wiki/$1 [R,L]
-
- >
- Options -Indexes
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all granted
-<% end -%>
-
-
- /images/>
- # No php execution in the upload area
- php_admin_flag engine off
- Options -ExecCGI -Includes -Indexes
- AllowOverride None
-
-
- /images/thumb/>
- RewriteEngine on
-
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B]
-
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B]
-
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B]
-
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
-
-
- /maintenance/>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-
-
- /LocalSettings.php>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-
-
- /images/>
- Options -ExecCGI -Includes -Indexes
- AllowOverride None
- AddType text/plain .html .htm .shtml
- php_admin_flag engine off
-
-
- /cache/>
- Options -ExecCGI -Includes -Indexes
- AllowOverride None
- AddType text/plain .html .htm .shtml
- php_admin_flag engine off
-
-
-
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-
-
-
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-
-
-
-<% if node[:lsb][:release].to_f >= 14.04 -%>
- Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
-<% if @mediawiki[:enable_ssl] -%>
+
ServerName <%= @name %>
<% @aliases.each do |alias_name| -%>
@@ -149,19 +24,24 @@
ServerAdmin webmaster@openstreetmap.org
SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
DocumentRoot <%= @directory %>
- php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
+ php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/dev/null:/tmp/
#php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
- php_value memory_limit 128M
+ php_value memory_limit 500M
php_value max_execution_time 240
php_value upload_max_filesize 70M
php_value post_max_size 100M
+ RewriteCond %{SERVER_NAME} !=<%= @name %>
+ RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
+
RedirectMatch 301 ^/$ /wiki/Main_Page
#Historical Compatibility Links
@@ -172,7 +52,27 @@
RedirectMatch 301 ^/api\.php$ /w/api.php
RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php
- Alias /wiki <%= @mediawiki[:directory] %>/index.php
+ #Support Wikidata redirects based on Wikimedia's redirects:
+ # https://github.com/wikimedia/puppet/blob/production/modules/mediawiki/files/apache/sites/wikidata-uris.incl
+ RedirectMatch 301 ^/entity/statement/([QqPp]\d+).*$ /wiki/Special:EntityData/$1
+ RedirectMatch 301 ^/value/(.*)$ /wiki/Special:ListDatatypes
+ RedirectMatch 301 ^/reference/(.*)$ https://wikidata.org/wiki/Help:Sources
+ RedirectMatch 301 ^/prop/direct/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/direct-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/novalue/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/value/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/value-normalized/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/statement/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/qualifier/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/reference/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/prop/(.*)$ /wiki/Property:$1
+ RedirectMatch 301 ^/entity/(.*)$ /wiki/Special:EntityData/$1
+
+ Alias /wiki <%= @directory %>/w/index.php
#Support /pagename -> /wiki/pagename
RewriteEngine on
@@ -183,36 +83,44 @@
RewriteCond %{REQUEST_URI} !^/images/
RewriteCond %{REQUEST_URI} !^/api\.php$
RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
+ RewriteCond %{REQUEST_URI} !^/entity/
+ RewriteCond %{REQUEST_URI} !^/value/
+ RewriteCond %{REQUEST_URI} !^/reference/
+ RewriteCond %{REQUEST_URI} !^/prop/
+ RewriteCond %{REQUEST_URI} !^/dump/
RewriteCond %{REQUEST_URI} !^/server-status
+ RewriteCond %{REQUEST_URI} !^/.well-known/
RewriteCond %{LA-U:REQUEST_FILENAME} !-f
RewriteCond %{LA-U:REQUEST_FILENAME} !-d
RewriteRule ^/(.*) /wiki/$1 [R,L]
>
Options -Indexes
-<% if node[:lsb][:release].to_f >= 14.04 -%>
Require all granted
-<% end -%>
- /images/>
+ /w/images/>
# No php execution in the upload area
php_admin_flag engine off
Options -ExecCGI -Includes -Indexes
AllowOverride None
-<% if @mediawiki[:private] -%>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+ AddType text/plain .html .htm .shtml
+<% if @private_site -%>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
<% end -%>
- /images/thumb/>
+ /w/images/thumb/>
RewriteEngine on
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B]
+
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B]
+
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B]
@@ -222,63 +130,38 @@
RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
- /maintenance/>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+ /w/maintenance/>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
- /LocalSettings.php>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+ /w/LocalSettings.php>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
- /images/>
+ /w/cache/>
Options -ExecCGI -Includes -Indexes
AllowOverride None
AddType text/plain .html .htm .shtml
php_admin_flag engine off
- /cache/>
- Options -ExecCGI -Includes -Indexes
- AllowOverride None
- AddType text/plain .html .htm .shtml
- php_admin_flag engine off
+ /dump/>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride All
+ IndexIgnore .ht* . robots.txt HEADER.html HEADER.cgi logo.png style.css
+ IndexOptions FancyIndexing FoldersFirst NameWidth=* TrackModified
+ IndexOrderDefault Descending Date
-<% if node[:lsb][:release].to_f >= 14.04 -%>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-<% if node[:lsb][:release].to_f >= 14.04 -%>
Require all denied
-<% else -%>
- Order allow,deny
- Deny from all
-<% end -%>
-<% end -%>