]> git.openstreetmap.org Git - rails.git/blobdiff - config/lighttpd.conf
Preserve URL fragments through external authentication
[rails.git] / config / lighttpd.conf
index ffe2ea4f3adb364752b2201e6246794826bb0744..e728c6716218c1b07093ce1290a470b184f4d2fb 100644 (file)
@@ -4,9 +4,12 @@
 server.modules = ( 
   "mod_access",
   "mod_accesslog",
+  "mod_cgi",
   "mod_compress",
   "mod_evasive",
+  "mod_expire",
   "mod_fastcgi",
+  "mod_redirect",
   "mod_status"
 )
 
@@ -16,34 +19,54 @@ server.modules = (
 server.username = "www-data"
 server.groupname = "www-data"
 server.pid-file = "/var/run/lighttpd.pid"
+server.max-fds = 8192
+server.reject-expect-100-with-417 = "disable"
 
 #
 # Setup logging
 #
 accesslog.filename = "/var/log/lighttpd/access.log"
+accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Accept-Language}i\""
 server.errorlog = "/var/log/lighttpd/error.log"
 
 #
 # Allow munin to monitor the server's status
 #
-$HTTP["remoteip"] == "127.0.0.1" { status.status-url = "/server-status" }
+$HTTP["remoteip"] == "128.40.168.98" {
+  status.config-url = "/server-config"
+  status.status-url = "/server-status"
+  status.statistics-url = "/server-statistics"
+}
 
 #
-# API 0.3 is long dead, so fail any attempt to access it without
-# getting rails involved at all
+# Pull in host blocks
 #
-$HTTP["url"] =~ "^/api/0.3/" { url.access-deny = ("") }
+include_shell "lighttpd-host-blocks.sh"
 
 #
-# IP blocked at SteveC's request as it was trying to download the
-# history of every object in the database one at a time
+# Block some troublesome robots
 #
-$HTTP["remoteip"] == "143.210.16.160" { url.access-deny = ("") }
+#$HTTP["useragent"] =~ "msnbot" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Twiceler" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Baiduspider" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Sosospider+" { url.access-deny = ("") }
+#$HTTP["useragent"] =~ "Yahoo! Slurp" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Yeti" { url.access-deny = ("") }
+#$HTTP["useragent"] =~ "Googlebot" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "The Hare and the Hedgeho" { url.access-deny = ("") }
 
 #
-# Limit connections to 20 per IP address
+# Block tilesAtHome
 #
-evasive.max-conns-per-ip = 20
+$HTTP["useragent"] =~ "tilesAtHome" { url.access-deny = ("") }
+
+#
+# Block JOSM revisions  1722-1727 as they have a serious bug that causes
+# lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
+#
+$HTTP["useragent"] =~ "^JOSM/[0-9]+\.[0-9]+ \(172[234567] " {
+  url.access-deny = ("")
+}
 
 #
 # Setup MIME type mapping
@@ -51,13 +74,22 @@ evasive.max-conns-per-ip = 20
 mimetype.assign = (
   ".css" => "text/css",
   ".gif" => "image/gif",
-  ".html" => "text/html",
+  ".html" => "text/html; charset=utf-8",
+  ".jpg" => "image/jpeg",
   ".js" => "application/x-javascript",
   ".png" => "image/png",
   ".swf" => "application/x-shockwave-flash",
-  ".txt" => "text/plain"
+  ".txt" => "text/plain",
+  ".xml" => "text/xml"
 )
 
+#
+# Force special MIME type for crossdomain.xml files
+#
+$HTTP["url"] =~ "/crossdomain\.xml$" {
+  mimetype.assign = ( ".xml" => "text/x-cross-domain-policy" )
+}
+
 #
 # Enable compression of appropriate static content
 #
@@ -69,37 +101,181 @@ compress.filetype = (
   "text/plain"
 )
 
+#
+# Set expiry for static content
+#
+expire.url = (
+  "/export/embed.html" => "access 7 days",
+  "/images/" => "access 10 years",
+  "/javascripts/" => "access 10 years",
+  "/openlayers/" => "access 7 days",
+  "/stylesheets/" => "access 10 years"
+)
+
 #
 # Cache compressed content
 #
 compress.cache-dir = "/var/cache/lighttpd"
 
+#
+# Redirect trac and wiki requests to the right places
+#
+url.redirect = ( 
+  "^/trac/(.*)$" => "http://trac.openstreetmap.org/$1",
+  "^/wiki/(.*)$" => "http://wiki.openstreetmap.org/$1"
+)
+
+#
+# Redirect everything except www.openstreetmap.org and
+# api.openstreetmap.org to www.openstreetmap.org
+#
+$HTTP["host"] =~ "^api\." {
+  $HTTP["host"] != "api.openstreetmap.org" {
+    url.redirect = ( "^(.*)$" => "http://api.openstreetmap.org$1" )
+  }
+}
+else $HTTP["host"] != "www.openstreetmap.org" {
+  url.redirect = ( "^(.*)$" => "http://www.openstreetmap.org$1" )
+} 
+
+#
+# Run anything with a .pl iextension as a CGI script
+#
+cgi.assign = ( ".pl" => "/usr/bin/perl" )
+
 #
 # Serve static content from the rails public area ourselves
 #
-server.document-root = "/var/www/rails/public"
+server.document-root = "/home/rails/public"
 
 #
 # Send everything else to the appropriate FastCGI server
 #
-server.error-handler-404 = "/dispatch.fcgi"
-$HTTP["url"] =~ "^/api/" { server.error-handler-404 = "/dispatch.api" }
+$HTTP["url"] =~ "^/trace/[0-9]+/data$" {
+  server.error-handler-404 = "/dispatch.bulkapi"
+}
+else $HTTP["url"] =~ "^/api/0\.6/map$" {
+  server.error-handler-404 = "/dispatch.map"
+}
+else $HTTP["url"] =~ "^/api/0\.6/(trackpoints|amf|amf/read|swf/trackpoints|changeset/[0-9]+/(upload|download))$" {
+  server.error-handler-404 = "/dispatch.bulkapi"
+}
+else $HTTP["url"] =~ "^/api/0\.6/.*/(full|history|search|ways)$" {
+  server.error-handler-404 = "/dispatch.bulkapi"
+}
+else $HTTP["url"] =~ "^/api/0\.6/" {
+  server.error-handler-404 = "/dispatch.api"
+}
+else $HTTP["url"] =~ "^/api/0\.[0-9]+/" {
+  url.access-deny = ("")
+}
+else $HTTP["url"] =~ "^/geocoder/(search|description)_geonames$" {
+  server.error-handler-404 = "/dispatch.geonames"
+}
+else $HTTP["url"] =~ "^/" {
+  server.error-handler-404 = "/dispatch.web"
+}
 
 #
 # Configure the FastCGI servers
 #
 fastcgi.server = ( 
-  ".fcgi" => (
+  ".web" => (
     ( "host" => "127.0.0.1", "port" => 8000, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8001, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8002, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8003, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8004, "check-local" => "disable" ),
-    ( "host" => "127.0.0.1", "port" => 8005, "check-local" => "disable" )
-  ),
-  ".api" => (
+    ( "host" => "127.0.0.1", "port" => 8005, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8006, "check-local" => "disable" ),
     ( "host" => "127.0.0.1", "port" => 8007, "check-local" => "disable" ),
-    ( "host" => "127.0.0.1", "port" => 8008, "check-local" => "disable" )
+    ( "host" => "127.0.0.1", "port" => 8008, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8009, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8010, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8011, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8012, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8013, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8014, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8015, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8016, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8017, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8018, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8019, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8020, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8021, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8022, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8023, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8024, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8025, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8026, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8027, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8028, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8029, "check-local" => "disable" )
+  ),
+  ".geonames" => (
+    ( "host" => "127.0.0.1", "port" => 8030, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8031, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8032, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8033, "check-local" => "disable" )
+  ),
+  ".api" => (
+    ( "host" => "127.0.0.1", "port" => 8034, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8035, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8036, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8037, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8038, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8039, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8040, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8041, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8042, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8043, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8044, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8045, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8046, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8047, "check-local" => "disable" ),
+    ( "host" => "127.0.0.1", "port" => 8048, "check-local" => "disable" )
+  ),
+  ".bulkapi" => (
+    ( "host" => "10.0.0.10", "port" => 8000, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8000, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8000, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8001, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8001, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8001, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8002, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8002, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8002, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8003, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8003, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8003, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8004, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8004, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8004, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8005, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8005, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8005, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8006, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8006, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8006, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8007, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8007, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8007, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8008, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8008, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8008, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8009, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8009, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8009, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8010, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8010, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8010, "check-local" => "disable" ),
+    ( "host" => "10.0.0.10", "port" => 8011, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 8011, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 8011, "check-local" => "disable" )
+  ),
+  ".map" => (
+    ( "host" => "10.0.0.10", "port" => 9000, "check-local" => "disable" ),
+    ( "host" => "10.0.0.11", "port" => 9000, "check-local" => "disable" ),
+    ( "host" => "10.0.0.12", "port" => 9000, "check-local" => "disable" )
   )
 )