From: Tom Hughes Date: Tue, 13 Jul 2021 16:19:56 +0000 (+0100) Subject: Stop handling X-Forwarded-For from old tile CDN X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/a6a40aaf96f0620bf8f4a6e9f01b44ff25d8307b Stop handling X-Forwarded-For from old tile CDN --- diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb index d31b0bc3c..957caa8ca 100644 --- a/cookbooks/tile/recipes/default.rb +++ b/cookbooks/tile/recipes/default.rb @@ -56,7 +56,6 @@ remote_file "#{Chef::Config[:file_cache_path]}/fastly-ip-list.json" do ignore_failure true end -tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] } fastlyips = JSON.parse(IO.read("#{Chef::Config[:file_cache_path]}/fastly-ip-list.json")) apache_site "default" do @@ -69,7 +68,7 @@ end apache_site "tile.openstreetmap.org" do template "apache.erb" - variables :caches => tilecaches, :fastly => fastlyips["addresses"] + variables :fastly => fastlyips["addresses"] end template "/etc/logrotate.d/apache2" do diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb index e6f8ade1c..e43d62e51 100644 --- a/cookbooks/tile/templates/default/apache.erb +++ b/cookbooks/tile/templates/default/apache.erb @@ -21,11 +21,6 @@ # Get the real remote IP for requests via a trusted proxy RemoteIPHeader X-Forwarded-For -<% @caches.each do |cache| -%> -<% cache.ipaddresses(:role => :external).sort.each do |address| -%> - RemoteIPTrustedProxy <%= address %> -<% end -%> -<% end -%> <% @fastly.sort.each do |address| -%> RemoteIPTrustedProxy <%= address %> <% end -%> @@ -73,14 +68,6 @@ ServerAlias render.openstreetmap.org ServerAdmin webmaster@openstreetmap.org - # Get the real remote IP for requests via a trusted proxy - RemoteIPHeader X-Forwarded-For -<% @caches.each do |cache| -%> -<% cache.ipaddresses(:role => :external).sort.each do |address| -%> - RemoteIPTrustedProxy <%= address %> -<% end -%> -<% end -%> - # Setup logging LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip CustomLog /var/log/apache2/access.log combined_with_remoteip