X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/7b9ec4b60ee39614d1d083d7220e76b07d2b275f..3f5db81b561764ab48ff6f8f3cd9846b59a76d5a:/cookbooks/trac/templates/default/apache.erb
diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb
index eb53ae7ec..d462cdd36 100644
--- a/cookbooks/trac/templates/default/apache.erb
+++ b/cookbooks/trac/templates/default/apache.erb
@@ -1,39 +1,75 @@
# DO NOT EDIT - This file is being maintained by Chef
-WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> maximum-requests=5000 threads=25 inactivity-timeout=180
+WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=8 restart-interval=3600 inactivity-timeout=180 graceful-timeout=60 maximum-requests=2000
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- RedirectPermanent / https://<%= @name %>/
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+<% unless @aliases.empty? -%>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- DocumentRoot <%= @directory %>/htdocs
- Alias /robots.txt <%= @directory %>/htdocs/site/robots.txt
- WSGIScriptAlias / <%= @directory %>/cgi-bin/trac.wsgi
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- WSGIProcessGroup <%= @name %>
+ RedirectPermanent / https://<%= @name %>/
+
+<% end -%>
+
+
+ ServerName <%= @name %>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- DefineExternalAuth osm pipe /usr/local/bin/trac-authenticate
+ DocumentRoot <%= @directory %>/htdocs
+ Alias /robots.txt <%= @directory %>/htdocs/site/robots.txt
+ WSGIScriptAlias / <%= @directory %>/cgi-bin/trac.wsgi
-
- AuthType Basic
- AuthName "OpenStreetMap Trac"
- AuthBasicProvider external
- AuthExternal osm
- Require valid-user
-
+ WSGIProcessGroup <%= @name %>
- SSLEngine on
+ DefineExternalAuth osm pipe /usr/local/bin/trac-authenticate
+
+ # Disable /timeline for now
+ RedirectMatch 410 ^/timeline(.*)$
+
+
+ AuthType Basic
+ AuthName "OpenStreetMap Trac"
+ AuthBasicProvider external
+ AuthExternal osm
+ Require valid-user
+
+
+/htdocs>
+ Require all granted
+
+
+/cgi-bin>
+ Require all granted
+