Use unix domain sockets for cgimap on the dev server

openstreetmap · Nov 30, 2023 · 4e99c5b · 4e99c5b
1 parent d484d27
commit 4e99c5b
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 16 deletions.
diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
@@ -318,16 +318,17 @@
     type "forking"
     environment_file "/etc/default/cgimap-%i"
     user "apis"
-    exec_start "/srv/%i.apis.dev.openstreetmap.org/cgimap/openstreetmap-cgimap --daemon --port $CGIMAP_PORT --instances 5"
+    group "www-data"
+    umask "0002"
+    exec_start "/srv/%i.apis.dev.openstreetmap.org/cgimap/openstreetmap-cgimap --daemon --instances 5"
     exec_reload "/bin/kill -HUP $MAINPID"
+    runtime_directory "cgimap-%i"
     sandbox :enable_network => true
     restrict_address_families "AF_UNIX"
     read_write_paths ["/srv/%i.apis.dev.openstreetmap.org/logs", "/srv/%i.apis.dev.openstreetmap.org/rails/tmp"]
     restart "on-failure"
   end
 
-  cgimap_port = 9000
-
   Dir.glob("/srv/*.apis.dev.openstreetmap.org").each do |dir|
     node.default_unless[:dev][:rails][File.basename(dir).split(".").first] = {}
   end
@@ -477,7 +478,7 @@
           owner "root"
           group "root"
           mode "640"
-          variables :cgimap_port => cgimap_port,
+          variables :cgimap_socket => "/run/cgimap-#{name}/socket",
                     :database_port => node[:postgresql][:clusters][:"15/main"][:port],
                     :database_name => database_name,
                     :log_directory => log_directory,
@@ -503,7 +504,7 @@
                   :aliases => site_aliases,
                   :secret_key_base => secret_key_base,
                   :cgimap_enabled => details.key?(:cgimap_repository),
-                  :cgimap_port => cgimap_port
+                  :cgimap_socket => "/run/cgimap-#{name}/socket"
       end
 
       template "/etc/logrotate.d/apis-#{name}" do
@@ -515,8 +516,6 @@
                   :log_directory => log_directory,
                   :rails_directory => rails_directory
       end
-
-      cgimap_port += 1
     else
       file "/etc/logrotate.d/apis-#{name}" do
         action :delete

diff --git a/cookbooks/dev/templates/default/apache.rails.erb b/cookbooks/dev/templates/default/apache.rails.erb
@@ -41,15 +41,15 @@
 
         # Pass supported calls to cgimap
         RewriteEngine on
-        RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
         RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
-        RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
-        RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:<%= @cgimap_port %>$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
+        RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ unix:<%= @cgimap_socket %>|fcgi://127.0.0.1$0 [P]
 <% end -%>
 </VirtualHost>
 

diff --git a/cookbooks/dev/templates/default/cgimap.environment.erb b/cookbooks/dev/templates/default/cgimap.environment.erb
@@ -1,6 +1,6 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-CGIMAP_PORT="<%= @cgimap_port %>"
+CGIMAP_SOCKET="<%= @cgimap_socket %>"
 CGIMAP_DBPORT="<%= @database_port %>"
 CGIMAP_DBNAME="<%= @database_name %>"
 CGIMAP_USERNAME="apis"

diff --git a/cookbooks/systemd/resources/service.rb b/cookbooks/systemd/resources/service.rb
@@ -45,6 +45,7 @@
 property :group, String
 property :dynamic_user, [true, false]
 property :working_directory, String
+property :umask, String
 property :exec_start_pre, [String, Array]
 property :exec_start, [String, Array]
 property :exec_start_post, [String, Array]

diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb
@@ -69,6 +69,9 @@ DynamicUser=<%= @dynamic_user %>
 <% if @working_directory -%>
 WorkingDirectory=<%= @working_directory %>
 <% end -%>
+<% if @umask -%>
+UMask=<%= @umask %>
+<% end -%>
 <% if @exec_start_pre -%>
 <% if @dropin -%>
 ExecStartPre=