X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..e3ea52a50427f196e693043a957650f99d34dbae:/cookbooks/osqa/templates/default/apache.erb diff --git a/cookbooks/osqa/templates/default/apache.erb b/cookbooks/osqa/templates/default/apache.erb index ad9850162..1ef85c040 100644 --- a/cookbooks/osqa/templates/default/apache.erb +++ b/cookbooks/osqa/templates/default/apache.erb @@ -1,31 +1,85 @@ # DO NOT EDIT - This file is being maintained by Chef -WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=4 +WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000 python-home=<%= @python_home %> - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent / https://<%= @name %>/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - DocumentRoot <%= @directory %> - Alias /m/ <%= @directory %>/forum/skins/ - Alias /upfiles/ <%= @directory %>/forum/upfiles/ - Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/ - WSGIScriptAlias / <%= @directory %>/osqa.wsgi + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log - WSGIProcessGroup <%= @name %> + RedirectPermanent / https://<%= @name %>/ + +<% end -%> + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended + ErrorLog /var/log/apache2/<%= @name %>-error.log - SSLEngine on + DocumentRoot <%= @directory %>/osqa + Alias /m/ <%= @directory %>/osqa/forum/skins/ + Alias /upfiles/ <%= @directory %>/upfiles/ + Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/ + WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi + + WSGIProcessGroup <%= @name %> + + # Site is now closed. Block access to login page and other pages. + + Require all denied + ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." + + + Require all denied + ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." + + + Require all denied + ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." + + + Require all denied + ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." + + RewriteEngine on + RewriteCond %{REQUEST_METHOD} POST + RewriteRule ^/questions - [F,NC] + +/osqa> + Require all granted + + +/upfiles> + Require all granted +