From: Tom Hughes <tom@compton.nu>
Date: Tue, 13 Jul 2021 16:19:56 +0000 (+0100)
Subject: Stop handling X-Forwarded-For from old tile CDN
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/a6a40aaf96f0620bf8f4a6e9f01b44ff25d8307b

Stop handling X-Forwarded-For from old tile CDN
---

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index d31b0bc3c..957caa8ca 100644
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -56,7 +56,6 @@ remote_file "#{Chef::Config[:file_cache_path]}/fastly-ip-list.json" do
   ignore_failure true
 end
 
-tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
 fastlyips = JSON.parse(IO.read("#{Chef::Config[:file_cache_path]}/fastly-ip-list.json"))
 
 apache_site "default" do
@@ -69,7 +68,7 @@ end
 
 apache_site "tile.openstreetmap.org" do
   template "apache.erb"
-  variables :caches => tilecaches, :fastly => fastlyips["addresses"]
+  variables :fastly => fastlyips["addresses"]
 end
 
 template "/etc/logrotate.d/apache2" do
diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
index e6f8ade1c..e43d62e51 100644
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -21,11 +21,6 @@
 
   # Get the real remote IP for requests via a trusted proxy
   RemoteIPHeader X-Forwarded-For
-<% @caches.each do |cache| -%>
-<% cache.ipaddresses(:role => :external).sort.each do |address| -%>
-  RemoteIPTrustedProxy <%= address %>
-<% end -%>
-<% end -%>
 <% @fastly.sort.each do |address| -%>
   RemoteIPTrustedProxy <%= address %>
 <% end -%>
@@ -73,14 +68,6 @@
   ServerAlias render.openstreetmap.org
   ServerAdmin webmaster@openstreetmap.org
 
-  # Get the real remote IP for requests via a trusted proxy
-  RemoteIPHeader X-Forwarded-For
-<% @caches.each do |cache| -%>
-<% cache.ipaddresses(:role => :external).sort.each do |address| -%>
-  RemoteIPTrustedProxy <%= address %>
-<% end -%>
-<% end -%>
-
   # Setup logging
   LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip
   CustomLog /var/log/apache2/access.log combined_with_remoteip