Update configs for the website

Rub21 · Rub21 · commit c7bc31cdaba9 · 2025-12-08T12:42:27.000-05:00
diff --git a/images/web/config/production.conf b/images/web/config/production.conf
@@ -2,27 +2,31 @@
     # ServerName localhost
     # Tell Apache and Passenger where your app's 'public' directory is
     DocumentRoot /var/www/public
+    PassengerAppEnv production
     PassengerRuby /usr/local/bin/ruby
     RewriteEngine On
     
-    # Redirect HTTP to HTTPS for current domain (except localhost)
+    # Redirect to HTTPS
+    RewriteCond %{HTTP:X-Forwarded-Proto} =http
     RewriteCond %{HTTP_HOST} !=localhost
     RewriteCond %{HTTP_HOST} !=127.0.0.1
     RewriteCond %{HTTPS} off
-    RewriteCond %{HTTP:X-Forwarded-Proto} !https
     RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
+    # Redirect to www
+    RewriteCond %{HTTP_HOST} =SERVER_DOMAIN_PLACEHOLDER
+    RewriteCond %{HTTP_HOST} !^www\. [NC]
+    RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
     <Location />
         CGIPassAuth On
         SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
     </Location>
 
-    # Proxying traffic to CGImap
+    #Proxying traffic to CGImap
     ProxyTimeout 1200
     RewriteCond %{REQUEST_URI} ^/api/0\.6/map
     RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
-
-    RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
     RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
     RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
     RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
@@ -48,4 +52,12 @@
         FcgidIOTimeout 1200
         FcgidConnectTimeout 1200
     </IfModule>
+
+    # Allow CORS for JSON, PBF, and PNG files for map-style
+    <FilesMatch "\.(json|pbf|png)$">
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "GET, OPTIONS"
+        Header set Access-Control-Allow-Headers "Content-Type"
+    </FilesMatch>
+
  </VirtualHost>
diff --git a/images/web/config/settings.yml b/images/web/config/settings.yml
@@ -148,15 +148,15 @@ wikimedia_commons_url: "https://commons.wikimedia.org/wiki/"
 #github_auth_secret: ""
 #microsoft_auth_id: ""
 #microsoft_auth_secret: ""
-wikipedia_auth_id: ""
-wikipedia_auth_secret: ""
+# wikipedia_auth_id: ""
+# wikipedia_auth_secret: ""
 #apple_auth_id: ""
 #apple_team_id: ""
 #apple_key_id: ""
 #apple_private_key: ""
-openstreetmap_auth_id: ""
-openstreetmap_auth_secret: ""
-openstreetmap_auth_scopes: ["read_prefs"]
+# openstreetmap_auth_id: ""
+# openstreetmap_auth_secret: ""
+# openstreetmap_auth_scopes: ["read_prefs"]
 # Thunderforest authentication details
 #thunderforest_key: ""
 # Tracestrack authentication details
@@ -168,10 +168,10 @@ csp_enforce: false
 # URL for reporting Content-Security-Policy violations
 #csp_report_url: ""
 # Storage services to use in production mode
-avatar_storage: "local" # TODO: Change to S3
-trace_file_storage: "local" # TODO: Change to S3
-trace_image_storage: "local" # TODO: Change to S3
-trace_icon_storage: "local" # TODO: Change to S3
+avatar_storage: "s3" # TODO: Change to S3
+trace_file_storage: "s3" # TODO: Change to S3
+trace_image_storage: "s3" # TODO: Change to S3
+trace_icon_storage: "s3" # TODO: Change to S3
 # Root URL for storage services
 # avatar_storage_url:
 # trace_image_storage_url:
diff --git a/images/web/start.sh b/images/web/start.sh
@@ -42,6 +42,10 @@ EOF
   sed -i -e 's/^server_protocol: ".*"/server_protocol: "'$SERVER_PROTOCOL'"/g' $workdir/config/settings.yml
   sed -i -e 's/^server_url: ".*"/server_url: "'$SERVER_URL'"/g' $workdir/config/settings.yml
 
+  #### Extract domain from SERVER_URL and replace in production.conf
+  SERVER_DOMAIN=$(echo "$SERVER_URL" | sed -e 's|^[^/]*//||' -e 's|^www\.||' -e 's|/.*$||')
+  sed -i -e "s/SERVER_DOMAIN_PLACEHOLDER/$SERVER_DOMAIN/g" /etc/apache2/sites-available/production.conf
+
   ### Setting up website status
   sed -i -e 's/^status: ".*"/status: "'$WEBSITE_STATUS'"/g' $workdir/config/settings.yml
 
@@ -82,7 +86,7 @@ EOF
   export DOORKEEPER_SIGNING_KEY=$(cat /var/www/private.pem | sed -e '1d;$d' | tr -d '\n')
   sed -i "s#PRIVATE_KEY#${DOORKEEPER_SIGNING_KEY}#" $workdir/config/settings.yml
 
-  sed -i '252s/\(\[\)/&.compact/' "$workdir/app/controllers/application_controller.rb"
+  # sed -i '252s/\(\[\)/&.compact/' "$workdir/app/controllers/application_controller.rb"
 
 }
 
