X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e93ea7c47fe2f91e54edde1d37db37d26a27d34e..8e010de9a9d26d57220d326e69bb0440098cf22e:/cookbooks/web/templates/default/apache.frontend.erb diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index 94ba7a007..39f2a6007 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -1,5 +1,16 @@ # DO NOT EDIT - This file is being maintained by Chef +# +# Setup logging +# +SetEnvIfNoCase Authorization "^Basic " AUTH_METHOD=basic +SetEnvIfNoCase Authorization "^OAuth " AUTH_METHOD=oauth1 +SetEnvIfNoCase Authorization "^Bearer " AUTH_METHOD=oauth2 +SetEnvIfExpr "%{QUERY_STRING} =~ /(^|&)oauth_signature=/" AUTH_METHOD=oauth1 +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{AUTH_METHOD}e" combined_with_time +CustomLog /var/log/apache2/access.log combined_with_time +ErrorLog /var/log/apache2/error.log + # # Basic server configuration @@ -15,16 +26,11 @@ SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key - # - # Setup logging - # - SetEnvIfNoCase Authorization "^Basic " AUTH_METHOD=basic - SetEnvIfNoCase Authorization "^OAuth " AUTH_METHOD=oauth1 - SetEnvIfNoCase Authorization "^Bearer " AUTH_METHOD=oauth2 - SetEnvIfExpr "%{QUERY_STRING} =~ /(^|&)oauth_signature=/" AUTH_METHOD=oauth1 - LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{AUTH_METHOD}e" combined_with_time - CustomLog /var/log/apache2/access.log combined_with_time - ErrorLog /var/log/apache2/error.log + # Get the real remote IP for requests via a trusted proxy + RemoteIPHeader CF-Connecting-IP +<% @cloudflare.sort.each do |address| -%> + RemoteIPTrustedProxy <%= address %> +<% end -%> # # Turn on various features @@ -35,7 +41,8 @@ # # Configure timeouts # - RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20,MinRate=500 + RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20-120,MinRate=500 + LogLevel reqtimeout:info # # Add the unique ID to the request headers @@ -116,7 +123,7 @@ FileETag Size ExpiresDefault "access plus 1 year" - Header set Cache-Control "immutable, max-age=31536000" + Header set Cache-Control "immutable, max-age=31536000" "expr=%{REQUEST_STATUS} == 200" #