X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/85711462acec260c1c9b7be89e5c81c72d4908d4..90aaa322c647164b10963cf080508f1d57b0ca26:/cookbooks/web/templates/default/apache.frontend.erb?ds=inline diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index 9fbb7919d..24ba35366 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -18,7 +18,11 @@ # # Setup logging # - LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time + SetEnvIfNoCase Authorization "^Basic " AUTH_METHOD=basic + SetEnvIfNoCase Authorization "^OAuth " AUTH_METHOD=oauth1 + SetEnvIfNoCase Authorization "^Bearer " AUTH_METHOD=oauth2 + SetEnvIfExpr "%{QUERY_STRING} =~ /(^|&)oauth_signature=/" AUTH_METHOD=oauth1 + LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{AUTH_METHOD}e" combined_with_time CustomLog /var/log/apache2/access.log combined_with_time ErrorLog /var/log/apache2/error.log @@ -28,6 +32,11 @@ ExpiresActive On RewriteEngine on + # + # Configure timeouts + # + RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20,MinRate=500 + # # Add the unique ID to the request headers # @@ -78,7 +87,7 @@ # https://gist.github.com/Firefishy/86ed5b86991b225179b54bbafbcd769e # RewriteCond "%{QUERY_STRING}" "^q=abcde&t=20" - RewriteRule "^/api/0\.6/notes/search$" - [R=204,L] + RewriteRule "^/api/0\.6/notes/search$" - [R=429,L] # # Force special MIME type for crossdomain.xml files @@ -139,9 +148,7 @@ SetEnv SECRET_KEY_BASE <%= @secret_key_base %> Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/favicons/favicon.ico Alias /openlayers <%= node[:web][:base_directory] %>/static/openlayers - Alias /stats /store/rails/stats - Alias /user/image /store/rails/user/image - Alias /attachments /store/rails/attachments + RedirectPermanent /stats https://planet.openstreetmap.org/statistics # # Pass authentication related headers to cgimap @@ -176,13 +183,13 @@ RedirectPermanent /images/cc_button.png https://www.openstreetmap.org/assets/cc_button.png # - # Redirect api requests made to www.osm.org to api.osm.org + # Redirect api requests made to www.openstreetmap.org to api.openstreetmap.org # # RewriteCond %{HTTP_HOST} =www.openstreetmap.org # RewriteRule ^/api/(.*)$ https://api.openstreetmap.org/api/$1 [L,NE,R=permanent] # - # Redirect non-api requests made to api.osm.org to www.osm.org + # Redirect non-api requests made to api.openstreetmap.org to www.openstreetmap.org # RewriteCond %{HTTP_HOST} =api.openstreetmap.org RewriteCond %{REQUEST_URI} !^/api/ @@ -199,6 +206,34 @@ RedirectPermanent / https://www.openstreetmap.org/ + + ServerName osm.org + + Header always set Cache-Control "max-age=31536000" + Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" + + RewriteEngine on + + RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] + + RewriteCond %{REQUEST_URI} !^/server-status$ + RewriteRule ^(.*)$ https://osm.org$1 [L,NE,R=permanent] + + + + ServerName www.osm.org + + Header always set Cache-Control "max-age=31536000" + Header always set Expires "Tue, 19 Jan 2038 03:14:07 GMT" + + RewriteEngine on + + RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L] + + RewriteCond %{REQUEST_URI} !^/server-status$ + RewriteRule ^(.*)$ https://www.osm.org$1 [L,NE,R=permanent] + + ServerName openstreetmap.org @@ -245,16 +280,25 @@ /rails/public> Require all granted + RewriteCond "%{HTTP:Accept-encoding}" "br" + RewriteCond "%{REQUEST_FILENAME}\.br" -s + RewriteRule "^(.*)\.(css|ico|js|json|svg|xml)$" "$1\.$2\.br" [QSA] + RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.(css|ico|js|json|svg|xml)$" "$1\.$2\.gz" [QSA] - RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1] - RewriteRule "\.ico\.gz$" "-" [T=image/vnd.microsoft.icon,E=no-gzip:1] - RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1] - RewriteRule "\.json\.gz$" "-" [T=application/json,E=no-gzip:1] - RewriteRule "\.svg\.gz$" "-" [T=image/svg+xml,E=no-gzip:1] - RewriteRule "\.xml\.gz$" "-" [T=application/xml,E=no-gzip:1] + RewriteRule "\.css\.(br|gz)$" "-" [T=text/css,E=no-gzip:1,E=no-brotli:1] + RewriteRule "\.ico\.(br|gz)$" "-" [T=image/vnd.microsoft.icon,E=no-gzip:1,E=no-brotli:1] + RewriteRule "\.js\.(br|gz)$" "-" [T=text/javascript,E=no-gzip:1,E=no-brotli:1] + RewriteRule "\.json\.(br|gz)$" "-" [T=application/json,E=no-gzip:1,E=no-brotli:1] + RewriteRule "\.svg\.(br|gz)$" "-" [T=image/svg+xml,E=no-gzip:1,E=no-brotli:1] + RewriteRule "\.xml\.(br|gz)$" "-" [T=application/xml,E=no-gzip:1,E=no-brotli:1] + + + Header append Content-Encoding br + Header append Vary Accept-Encoding + Header append Content-Encoding gzip @@ -273,15 +317,3 @@ Require all granted - - - Require all granted - - - - Require all granted - - - - Require all granted -