Update cgimap configuration

.github/workflows/chartpress.yaml

@@ -38,13 +38,13 @@ jobs:
         AWS_SSL_ARN: ${{ secrets.AWS_SSL_ARN }}
         MAILER_ADDRESS: ${{ secrets.MAILER_ADDRESS }}
         MAILER_DOMAIN: ${{ secrets.MAILER_DOMAIN }}
-        MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }}
-        MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }}
+        MAILER_PASSWORD: ${{ secrets.STAGING_MAILER_PASSWORD }}
+        MAILER_USERNAME: ${{ secrets.STAGING_MAILER_USERNAME }}
         STAGING_DB: ${{ secrets.STAGING_DB }}
         STAGING_DB_EBS: ${{ secrets.STAGING_DB_EBS }}
         STAGING_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }}
         STAGING_DB_USER: ${{ secrets.STAGING_DB_USER }}
-        STAGING_DOMAIN_NAME: ${{ secrets.STAGING_DOMAIN_NAME }}
+        STAGING_DOMAIN_NAME: staging.openhistoricalmap.org
         STAGING_ID_KEY: ${{ secrets.STAGING_ID_KEY }}
         STAGING_ID_APPLICATION: ${{ secrets.STAGING_ID_APPLICATION }}
         STAGING_OAUTH_CLIENT_ID: ${{ secrets.STAGING_OAUTH_CLIENT_ID }}

images/web/Dockerfile

@@ -96,7 +96,7 @@ RUN /usr/bin/passenger-config validate-install
 RUN /usr/sbin/passenger-memory-stats
 
 # Enable required apache modules for the cgimap Apache service
-RUN a2enmod proxy proxy_http rewrite lbmethod_byrequests
+RUN a2enmod proxy proxy_http rewrite lbmethod_byrequests proxy_fcgi
 
 # Config the virtual host apache2
 RUN apache2ctl configtest
@@ -106,7 +106,6 @@ RUN chown -R www-data: $workdir
 
 # Add settings
 ADD config/settings.yml $workdir/config/
-ADD config/lighttpd.conf $workdir/config/
 
 COPY start.sh $workdir/
 

images/web/config/production.conf

@@ -6,21 +6,38 @@
     RewriteEngine On
     RewriteCond %{HTTP:X-Forwarded-Proto} =http
     #  Development mode in case domain is localhost
-    # Rewrite to HTTPS
+
+    # ======Redirect to HTTPS
     RewriteCond %{HTTP_HOST} !=localhost
+    RewriteCond %{HTTP_HOST} !=127.0.0.1
     RewriteCond %{HTTPS} off
     RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-    # Rewrite to www. [NC] is a case-insensitive match
-    RewriteCond %{HTTP_HOST} !=localhost
-    # Avoid redirect staging sites 
-    RewriteCond %{HTTP_HOST} !=staging.openhistoricalmap.org
+
+    # ======Redirect to wwww openhistoricalmap.org
+    RewriteCond %{HTTP_HOST} =openhistoricalmap.org
     RewriteCond %{HTTP_HOST} !^www\. [NC]
     RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
+    <Location />
+        CGIPassAuth Off
+    </Location>
+
+    # ======Proxying traffic to CGImap====
+    RewriteCond %{REQUEST_URI} ^/api/0\.6/map
+    RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
+    RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    # RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+
     # Relax Apache security settings
     <Directory /var/www/public>
       AllowOverride None
       Allow from all
       Options -MultiViews
     </Directory>
-</VirtualHost>
+</VirtualHost>

images/web/start.sh

@@ -61,16 +61,15 @@ while "$flag" = true; do
 
   bundle exec rails db:migrate
 
-  # Start CGImap
-  /usr/sbin/lighttpd -f config/lighttpd.conf
+  # Start lighttpd and cgimap
   /usr/local/bin/openstreetmap-cgimap \
     --port=8000 \
     --instances=30 \
     --dbname=$POSTGRES_DB \
     --host=$POSTGRES_HOST \
     --username=$POSTGRES_USER \
-    --password=$POSTGRES_PASSWORD &
-
+    --password=$POSTGRES_PASSWORD \
+    --logfile log/cgimap.log &
   # Start the delayed jobs queue worker and  Start the app
   bundle exec rake jobs:work &
   apachectl -k start -DFOREGROUND

values.production.template.yaml

@@ -96,7 +96,7 @@ osm-seed:
       label_value: web
     env:
       MAILER_ADDRESS: {{MAILER_ADDRESS}}
-      MAILER_DOMAIN: {{MAILER_DOMAIN}}
+      MAILER_DOMAIN: openhistoricalmap.org
       MAILER_USERNAME: {{MAILER_USERNAME}}
       MAILER_PASSWORD: {{MAILER_PASSWORD}}
       OSM_id_key: {{PRODUCTION_ID_APPLICATION}}

values.staging.template.yaml

@@ -99,21 +99,20 @@ osm-seed:
         enabled: true
         label_key: nodegroup_type
         label_value: web
-      replicaCount: 2
+      replicaCount: 1
       # Set staticIp, if you are using cloudProvider=gcp
       staticIp: c
       serviceAnnotations:
         service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
       env:
         MAILER_ADDRESS: {{MAILER_ADDRESS}}
-        MAILER_DOMAIN: {{MAILER_DOMAIN}}
+        MAILER_DOMAIN: staging.openhistoricalmap.org
         MAILER_USERNAME: {{MAILER_USERNAME}}
         MAILER_PASSWORD: {{MAILER_PASSWORD}}
-        OSM_id_key: {{STAGING_ID_APPLICATION}} #FIXME we should use id_application to be consistent
-        # OSM_id_application: {{STAGING_ID_APPLICATION}}
+        OSM_id_key: {{STAGING_ID_APPLICATION}}
         OAUTH_CLIENT_ID: {{STAGING_OAUTH_CLIENT_ID}}
         OAUTH_KEY: {{STAGING_OAUTH_KEY}}
-        MAILER_FROM: [email protected]
+        MAILER_FROM: no-reply@staging.openhistoricalmap.org
         NOMINATIM_URL: nominatim-api-staging.openhistoricalmap.org
         OVERPASS_URL: overpass-api-staging.openhistoricalmap.org	
         NEW_RELIC_LICENSE_KEY: {{STAGING_NEW_RELIC_LICENSE_KEY}}
@@ -132,7 +131,7 @@ osm-seed:
         maxReplicas: 10
         cpuUtilization: 80
       cgimap:
-        enabled: false
+        enabled: true
     # ====================================================================================================
     # Variables for memcached. Memcached is used to store session cookies
     # ====================================================================================================
@@ -490,7 +489,7 @@ osm-seed:
         enabled: true
         label_key: nodegroup_type
         label_value: web
-      replicaCount: 2
+      replicaCount: 1
       staticIp: c
       serviceAnnotations:
         service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
@@ -503,13 +502,13 @@ osm-seed:
         TM_ORG_NAME: 'OpenHistoricalMap'
         TM_ORG_CODE: 'OHM'
         TM_ORG_URL: 'openhistoricalmap.org'
-        TM_ORG_PRIVACY_POLICY_URL: 'openhistoricalmap.org/copyright'
+        TM_ORG_PRIVACY_POLICY_URL: 'staging.openhistoricalmap.org/copyright'
         TM_ORG_GITHUB: 'github.com/openhistoricalmap'
         OSM_SERVER_URL: 'https://staging.openhistoricalmap.org'
         OSM_NOMINATIM_SERVER_URL: 'https://nominatim-api-staging.openhistoricalmap.org'
         OSM_REGISTER_URL: 'https://staging.openhistoricalmap.org/user/new'
-        ID_EDITOR_URL: 'https://openhistoricalmap.org/edit?editor=id'
-        POTLATCH2_EDITOR_URL: 'https://openhistoricalmap.org/edit?editor=potlatch2'
+        ID_EDITOR_URL: 'https://staging.openhistoricalmap.org/edit?editor=id'
+        POTLATCH2_EDITOR_URL: 'https://staging.openhistoricalmap.org/edit?editor=potlatch2'
         TM_SECRET: {{STAGING_TM_API_SECRET}}
         TM_CONSUMER_KEY: {{STAGING_TM_API_CONSUMER_KEY}}
         TM_CONSUMER_SECRET: {{STAGING_TM_API_CONSUMER_SECRET}}