X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/7450e9290e52c75980964f43badc1280769e4e2c..07840ceab6077ffa7c498daeda4ecbd591c3bc40:/cookbooks/mediawiki/templates/default/apache.erb?ds=sidebyside diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb index b37ec1b0c..d3d25a3a1 100644 --- a/cookbooks/mediawiki/templates/default/apache.erb +++ b/cookbooks/mediawiki/templates/default/apache.erb @@ -8,140 +8,13 @@ ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value memory_limit 128M - php_value max_execution_time 240 - php_value upload_max_filesize 70M - php_value post_max_size 100M - - RedirectMatch 301 ^/$ /wiki/Main_Page - - #Historical Compatibility Links - RedirectMatch 301 ^/index\.php$ /w/index.php - RedirectMatch 301 ^/index\.php/(.*)$ /wiki/$1 - RedirectMatch 301 ^/skins/(.*)$ /w/skins/$1 - RedirectMatch 301 ^/images/(.*)$ /w/images/$1 - RedirectMatch 301 ^/api\.php$ /w/api.php - RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php - - Alias /wiki <%= @mediawiki[:directory] %>/index.php - - #Support /pagename -> /wiki/pagename - RewriteEngine on - RewriteCond %{REQUEST_URI} !^/w/ - RewriteCond %{REQUEST_URI} !^/wiki/ - RewriteCond %{REQUEST_URI} !^/index\.php - RewriteCond %{REQUEST_URI} !^/skins/ - RewriteCond %{REQUEST_URI} !^/images/ - RewriteCond %{REQUEST_URI} !^/api\.php$ - RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ - RewriteCond %{REQUEST_URI} !^/server-status - RewriteCond %{LA-U:REQUEST_FILENAME} !-f - RewriteCond %{LA-U:REQUEST_FILENAME} !-d - RewriteRule ^/(.*) /wiki/$1 [R,L] - - > - Options -Indexes -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all granted -<% end -%> - - - /images/> - # No php execution in the upload area - php_admin_flag engine off - Options -ExecCGI -Includes -Indexes - AllowOverride None - AddType text/plain .html .htm .shtml -<% if @mediawiki[:private] -%> -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> -<% end -%> - - - /images/thumb/> - RewriteEngine on - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B] - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B] - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B] - - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B] - - - /maintenance/> -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - - - /LocalSettings.php> -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - - - /cache/> - Options -ExecCGI -Includes -Indexes - AllowOverride None - AddType text/plain .html .htm .shtml - php_admin_flag engine off - - - -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - - - -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - - - -<% if node[:lsb][:release].to_f >= 14.04 -%> - Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ -<% if @mediawiki[:enable_ssl] -%> + ServerName <%= @name %> <% @aliases.each do |alias_name| -%> @@ -151,22 +24,22 @@ ServerAdmin webmaster@openstreetmap.org SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-secure-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log DocumentRoot <%= @directory %> - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value memory_limit 128M - php_value max_execution_time 240 - php_value upload_max_filesize 70M - php_value post_max_size 100M + AllowEncodedSlashes NoDecode - RedirectMatch 301 ^/$ /wiki/Main_Page + ProxyTimeout 300 - #Historical Compatibility Links + RewriteCond %{SERVER_NAME} !=<%= @name %> + RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent] + + # Historical Compatibility Links RedirectMatch 301 ^/index\.php$ /w/index.php RedirectMatch 301 ^/index\.php/(.*)$ /wiki/$1 RedirectMatch 301 ^/skins/(.*)$ /w/skins/$1 @@ -174,10 +47,31 @@ RedirectMatch 301 ^/api\.php$ /w/api.php RedirectMatch 301 ^/opensearch_desc\.php$ /w/opensearch_desc.php - Alias /wiki <%= @mediawiki[:directory] %>/index.php - - #Support /pagename -> /wiki/pagename + # Support Wikidata redirects based on Wikimedia's redirects: + # https://github.com/wikimedia/puppet/blob/production/modules/mediawiki/files/apache/sites/wikidata-uris.incl + RedirectMatch 301 ^/entity/statement/([QqPp]\d+).*$ /wiki/Special:EntityData/$1 + RedirectMatch 301 ^/value/(.*)$ /wiki/Special:ListDatatypes + RedirectMatch 301 ^/reference/(.*)$ https://wikidata.org/wiki/Help:Sources + RedirectMatch 301 ^/prop/direct/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/direct-normalized/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/novalue/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/statement/value/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/statement/value-normalized/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/qualifier/value/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/qualifier/value-normalized/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/reference/value/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/reference/value-normalized/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/statement/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/qualifier/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/reference/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/prop/(.*)$ /wiki/Property:$1 + RedirectMatch 301 ^/entity/(.*)$ /wiki/Special:EntityData/$1 + + Alias /wiki <%= @directory %>/w/index.php + + # Support /pagename -> /wiki/pagename RewriteEngine on + RewriteRule ^/$ /w/index.php?title=Main_Page [L,QSA] RewriteCond %{REQUEST_URI} !^/w/ RewriteCond %{REQUEST_URI} !^/wiki/ RewriteCond %{REQUEST_URI} !^/index\.php @@ -185,36 +79,50 @@ RewriteCond %{REQUEST_URI} !^/images/ RewriteCond %{REQUEST_URI} !^/api\.php$ RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$ + RewriteCond %{REQUEST_URI} !^/entity/ + RewriteCond %{REQUEST_URI} !^/value/ + RewriteCond %{REQUEST_URI} !^/reference/ + RewriteCond %{REQUEST_URI} !^/prop/ + RewriteCond %{REQUEST_URI} !^/dump/ RewriteCond %{REQUEST_URI} !^/server-status + RewriteCond %{REQUEST_URI} !^/server-info + RewriteCond %{REQUEST_URI} !^/.well-known/ RewriteCond %{LA-U:REQUEST_FILENAME} !-f RewriteCond %{LA-U:REQUEST_FILENAME} !-d RewriteRule ^/(.*) /wiki/$1 [R,L] > Options -Indexes -<% if node[:lsb][:release].to_f >= 14.04 -%> Require all granted -<% end -%> + + + SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1" + - /images/> - # No php execution in the upload area - php_admin_flag engine off + /w/images/> Options -ExecCGI -Includes -Indexes AllowOverride None -<% if @mediawiki[:private] -%> -<% if node[:lsb][:release].to_f >= 14.04 -%> + AddType text/plain .html .htm .shtml +<% if @private_site -%> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> <% end -%> + + SetHandler None + - /images/thumb/> + /w/images/thumb/> RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3 [L,QSA,B] + + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/page([0-9]+)-([0-9]+)px-.*$ /w/thumb.php?f=$1&page=$2&width=$3&archived=1 [L,QSA,B] + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2 [L,QSA,B] @@ -224,63 +132,40 @@ RewriteRule ^archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B] - /maintenance/> -<% if node[:lsb][:release].to_f >= 14.04 -%> + /w/maintenance/> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - /LocalSettings.php> -<% if node[:lsb][:release].to_f >= 14.04 -%> + /w/LocalSettings.php> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> - /images/> + /w/cache/> Options -ExecCGI -Includes -Indexes AllowOverride None AddType text/plain .html .htm .shtml - php_admin_flag engine off + + SetHandler None + - /cache/> - Options -ExecCGI -Includes -Indexes - AllowOverride None - AddType text/plain .html .htm .shtml - php_admin_flag engine off + /dump/> + Options Indexes FollowSymLinks MultiViews + AllowOverride All + IndexIgnore .ht* . robots.txt HEADER.html HEADER.cgi logo.png style.css + IndexOptions FancyIndexing FoldersFirst NameWidth=* TrackModified + IndexOrderDefault Descending Date -<% if node[:lsb][:release].to_f >= 14.04 -%> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> -<% if node[:lsb][:release].to_f >= 14.04 -%> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> -<% if node[:lsb][:release].to_f >= 14.04 -%> Require all denied -<% else -%> - Order allow,deny - Deny from all -<% end -%> -<% end -%>