X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e4cd927b82f71acc58af48b9eb5757711c5e683b..0578a5d0e3acb3ea8d107083d07f07d23b48f62b:/roles/web-frontend.rb diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb index faa1017de..396cf36db 100644 --- a/roles/web-frontend.rb +++ b/roles/web-frontend.rb @@ -4,13 +4,27 @@ description "Role applied to all web/api frontend servers" default_attributes( :apache => { :mpm => "event", + :evasive => { + :page_count => 100, + :site_count => 100, + :blocking_period => 30, + :enable => false + }, :event => { - :server_limit => 40, - :max_clients => 1000, - :min_spare_threads => 50, - :max_spare_threads => 150, + :server_limit => 20, + :max_request_workers => 1000, :threads_per_child => 50, - :max_requests_per_child => 10000 + :min_spare_threads => 50, + :max_spare_threads => 450, + :async_request_worker_factor => 4 + } + }, + :memcached => { + :memory_limit => 8192 + }, + :networking => { + :firewall => { + :http_rate_limit => "s:5/sec:30" } }, :passenger => { @@ -18,15 +32,17 @@ default_attributes( }, :exim => { :local_domains => ["messages.openstreetmap.org"], - :trusted_users => ["rails"], :routes => { :messages => { :comment => "messages.openstreetmap.org", :domains => ["messages.openstreetmap.org"], - :command => "/srv/www.openstreetmap.org/rails/script/deliver-message $local_part", + :local_parts => ["${lookup{$local_part}lsearch*,ret=key{/etc/exim4/detaint}}"], + :command => "/usr/local/bin/deliver-message $local_part_data", :user => "rails", :group => "rails", - :home_directory => "/srv/www.openstreetmap.org/rails" + :home_directory => "/srv/www.openstreetmap.org/rails", + :path => "/bin:/usr/bin:/usr/local/bin", + :case_sensitive => true } } }