X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..e3ea52a50427f196e693043a957650f99d34dbae:/cookbooks/osqa/templates/default/apache.erb
diff --git a/cookbooks/osqa/templates/default/apache.erb b/cookbooks/osqa/templates/default/apache.erb
index ad9850162..1ef85c040 100644
--- a/cookbooks/osqa/templates/default/apache.erb
+++ b/cookbooks/osqa/templates/default/apache.erb
@@ -1,31 +1,85 @@
# DO NOT EDIT - This file is being maintained by Chef
-WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=4
+WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000 python-home=<%= @python_home %>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- RedirectPermanent / https://<%= @name %>/
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+<% unless @aliases.empty? -%>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- DocumentRoot <%= @directory %>
- Alias /m/ <%= @directory %>/forum/skins/
- Alias /upfiles/ <%= @directory %>/forum/upfiles/
- Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/
- WSGIScriptAlias / <%= @directory %>/osqa.wsgi
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- WSGIProcessGroup <%= @name %>
+ RedirectPermanent / https://<%= @name %>/
+
+<% end -%>
+
+
+ ServerName <%= @name %>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- SSLEngine on
+ DocumentRoot <%= @directory %>/osqa
+ Alias /m/ <%= @directory %>/osqa/forum/skins/
+ Alias /upfiles/ <%= @directory %>/upfiles/
+ Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/
+ WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi
+
+ WSGIProcessGroup <%= @name %>
+
+ # Site is now closed. Block access to login page and other pages.
+
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+
+
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+
+
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+
+
+ Require all denied
+ ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead."
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} POST
+ RewriteRule ^/questions - [F,NC]
+
+/osqa>
+ Require all granted
+
+
+/upfiles>
+ Require all granted
+