X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ae56a522a5782d71b7b758464e2592ac0d2ef07f..ab49f1fed889c2eac1ffd67fe8035c98d5a001b9:/roles/web-frontend.rb diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb index 5f23e0618..5221de62d 100644 --- a/roles/web-frontend.rb +++ b/roles/web-frontend.rb @@ -4,6 +4,12 @@ description "Role applied to all web/api frontend servers" default_attributes( :apache => { :mpm => "event", + :evasive => { + :page_count => 100, + :site_count => 100, + :blocking_period => 30, + :enable => false + }, :event => { :server_limit => 20, :max_request_workers => 1000, @@ -15,27 +21,36 @@ default_attributes( }, :logstash => { :forwarder => { - "filebeat.prospectors" => [ - { "input_type" => "log", "paths" => ["/var/log/apache2/access.log"], "fields" => { "type" => "apache" } }, - { "input_type" => "log", "paths" => ["/var/log/web/rails-logstash.log"], "fields" => { "type" => "rails" } } + "filebeat.inputs" => [ + { "type" => "filestream", "id" => "apache", "paths" => ["/var/log/apache2/access.log"], "fields" => { "type" => "apache" }, "fields_under_root" => true }, + { "type" => "filestream", "id" => "rails", "paths" => ["/var/log/web/rails-logstash.log"], "fields" => { "type" => "rails" }, "fields_under_root" => true } ] } }, + :memcached => { + :memory_limit => 8192 + }, + :networking => { + :firewall => { + :http_rate_limit => "s:5/sec:30" + } + }, :passenger => { :max_pool_size => 50 }, :exim => { :local_domains => ["messages.openstreetmap.org"], - :trusted_users => ["rails"], :routes => { :messages => { :comment => "messages.openstreetmap.org", :domains => ["messages.openstreetmap.org"], - :command => "/usr/local/bin/passenger-ruby /srv/www.openstreetmap.org/rails/script/deliver-message $local_part", + :local_parts => ["${lookup{$local_part}lsearch*,ret=key{/etc/exim4/detaint}}"], + :command => "/usr/local/bin/deliver-message $local_part_data", :user => "rails", :group => "rails", :home_directory => "/srv/www.openstreetmap.org/rails", - :path => "/bin:/usr/bin:/usr/local/bin" + :path => "/bin:/usr/bin:/usr/local/bin", + :case_sensitive => true } } }