Update OSM website version and configs (#384)

* Update osm website version

* Update OSM website gitsha

* Uncomment the dockerfile

* Istall missing libs - libgd-dev

* Updte web gitsha

* Replace arabic key for better to chekc beter logs

* Update settings

* Print logs

* Update configs for the website

* Update config

* Update script to start

* Update replication script

Author: Rub21

images/replication-job/start.sh

@@ -100,10 +100,16 @@ function enable_osmdbt_replication() {
 
     # Use osmdbt-enable-replication to set up replication properly
     echo "$(date +%F_%H:%M:%S): Running osmdbt-enable-replication..."
-    if /osmdbt/build/src/osmdbt-enable-replication -c "$osmdbtConfig" 2>&1 | tee -a "${logDirectory}/osmdbt-enable-replication.log"; then
+    local log_file="${logDirectory}/osmdbt-enable-replication.log"
+    if /osmdbt/build/src/osmdbt-enable-replication -c "$osmdbtConfig" 2>&1 | tee -a "$log_file"; then
         echo "$(date +%F_%H:%M:%S): Successfully enabled osmdbt replication."
         return 0
     else
+        # Check if error is "already exists" - this is acceptable
+        if grep -qi "already exists" "$log_file" 2>/dev/null; then
+            echo "$(date +%F_%H:%M:%S): Replication slot '$REPLICATION_SLOT' already exists. Replication should be enabled."
+            return 0
+        fi
         local error_msg="ERROR: Failed to enable osmdbt replication. Check PostgreSQL configuration (wal_level=logical, max_replication_slots >= 1, user with REPLICATION attribute)."
         echo "$(date +%F_%H:%M:%S): $error_msg"
         send_slack_message "🚨 ${ENVIROMENT:-production}: $error_msg"

images/web/Dockerfile

@@ -1,7 +1,12 @@
 FROM ruby:3.3-slim AS builder
 
 ENV DEBIAN_FRONTEND=noninteractive \
-    workdir=/var/www
+    workdir=/var/www \
+    BUNDLE_PATH=/usr/local/bundle \
+    GEM_HOME=/usr/local/bundle \
+    GEM_PATH=/usr/local/bundle \
+    PATH="/usr/local/bundle/bin:$PATH" \
+    RAILS_ENV=production
 
 WORKDIR $workdir
 
@@ -10,25 +15,24 @@ RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     git curl gnupg build-essential \
     libarchive-dev zlib1g-dev libcurl4-openssl-dev \
-    apache2 apache2-dev libapache2-mod-passenger libapache2-mod-fcgid libapr1-dev libaprutil1-dev \
+    apache2 apache2-dev libapache2-mod-fcgid libapr1-dev libaprutil1-dev \
     postgresql-client libpq-dev libxml2-dev libyaml-dev \
-    pngcrush optipng advancecomp pngquant jhead jpegoptim gifsicle libjpeg-progs \
-    && curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
+    libgd-dev \
+    pngcrush optipng advancecomp pngquant jhead jpegoptim gifsicle libjpeg-progs unzip\
+    && curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
     && apt-get install -y nodejs \
     && npm install -g yarn svgo \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN a2enmod passenger
 
 # Clone OSM Website
-ENV OPENSTREETMAP_WEBSITE_GITSHA=ea3760f94d9d74d3aaa8492182b9e1a15ec1effa
-RUN rm -rf $workdir/* && \
-    git clone https://github.com/openstreetmap/openstreetmap-website.git $workdir && \
-    cd $workdir && \
-    git checkout $OPENSTREETMAP_WEBSITE_GITSHA && \
-    git fetch && rm -rf .git
-
-# Install Ruby/Node dependencies
+ENV OPENSTREETMAP_WEBSITE_GITSHA=a244e419719ded592fb87e7ffd360f6e462a0d67
+ENV OSM_WEBSITE_URL=https://github.com/openstreetmap/openstreetmap-website/archive/${OPENSTREETMAP_WEBSITE_GITSHA}.zip
+RUN rm -rf $workdir/* && curl -fsSL $OSM_WEBSITE_URL -o /tmp/openstreetmap-website.zip && \
+    unzip /tmp/openstreetmap-website.zip -d /tmp && \
+    mv /tmp/openstreetmap-website-$OPENSTREETMAP_WEBSITE_GITSHA/* $workdir && \
+    rm -rf /tmp/*
+
 RUN gem install bundler && \
     bundle install && \
     yarn install && \
@@ -45,8 +49,8 @@ RUN rm -f config/credentials.yml.enc && \
     export RAILS_MASTER_KEY=$(openssl rand -hex 16) && \
     export SECRET_KEY_BASE=$(bundle exec rails secret) && \
     echo $RAILS_MASTER_KEY > config/master.key && \
-    EDITOR="echo" RAILS_MASTER_KEY=$RAILS_MASTER_KEY rails credentials:edit && \
-    RAILS_MASTER_KEY=$RAILS_MASTER_KEY rails runner "\
+    EDITOR="echo" RAILS_MASTER_KEY=$RAILS_MASTER_KEY bundle exec rails credentials:edit && \
+    RAILS_MASTER_KEY=$RAILS_MASTER_KEY bundle exec rails runner "\
     require 'active_support/encrypted_configuration'; \
     require 'yaml'; \
     creds = ActiveSupport::EncryptedConfiguration.new(\
@@ -59,40 +63,103 @@ RUN rm -f config/credentials.yml.enc && \
     creds.write(credentials.to_yaml); \
     puts 'Credentials configured correctly.'"
 
-# Precompile assets
-RUN bundle exec rake i18n:js:export && \
-    bundle exec rake assets:precompile
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE_DUMMY=1  \
+    bundle exec i18n export && \
+    bundle exec rails assets:precompile
+
 
 FROM ruby:3.3-slim
 
 ENV DEBIAN_FRONTEND=noninteractive \
-    workdir=/var/www
-
-WORKDIR $workdir
-
-# Install only runtime dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    apache2 libapache2-mod-passenger libapache2-mod-fcgid \
-    libpq5 libxml2 libyaml-0-2 libarchive13 file libgd-dev \
-    postgresql-client curl \
+    workdir=/var/www \
+    BUNDLE_PATH=/usr/local/bundle \
+    GEM_HOME=/usr/local/bundle \
+    GEM_PATH=/usr/local/bundle \
+    PATH="/usr/local/bundle/bin:$PATH" \
+    RAILS_ENV=production \
+    PATH="$PATH:$GEM_HOME/bin"
+
+# Install base dependencies for Passenger gem compilation and runtime
+RUN BUILD_DEPS=" \
+    build-essential \
+    apache2-dev \
+    libcurl4-openssl-dev \
+    zlib1g-dev \
+    libssl-dev \
+    npm \
+    " \
+    && apt-get update && apt-get install -y --no-install-recommends \
+    $BUILD_DEPS \
+    libgd-dev \
+    apache2 \
+    libapache2-mod-fcgid \
+    libpq5 \
+    libxml2 \
+    libyaml-0-2 \
+    libarchive13 \
+    file \
+    pngcrush \
+    optipng \
+    advancecomp \
+    pngquant \
+    jhead \
+    jpegoptim \
+    gifsicle \
+    postgresql-client \
+    curl \
+    libvips \
+    nodejs \
+    \
+    && npm install -g svgo \
+    \
+    # Install Passenger as a gem and compile the Apache module
+    \
+    && gem install passenger --no-document \
+    && yes | passenger-install-apache2-module --auto --languages ruby \
+    && passenger-config validate-install --auto \
+    \
+    # Delete the build dependencies to reduce image size
+    \
+    && apt-get purge -y --auto-remove $BUILD_DEPS \
+    \
+    # libgd-dev is requiered by the app on run time to process gps files
+    \
+    && apt-get update && apt-get install -y --no-install-recommends libgd3 libgd-dev \
+    \
+    # Final cleanup
+    \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /var/www /var/www
-COPY --from=builder /usr/local/bundle /usr/local/bundle
-
-# Symlink tmp for Passenger
-RUN ln -s /tmp /var/www/tmp
 
 # Apache configuration
 COPY config/production.conf /etc/apache2/sites-available/production.conf
+
+RUN passenger-install-apache2-module --snippet > /etc/apache2/mods-available/passenger.load && \
+    passenger-config build-native-support
+
 RUN a2enmod headers setenvif proxy proxy_http proxy_fcgi fcgid rewrite lbmethod_byrequests passenger && \
     a2dissite 000-default && \
     a2ensite production && \
     echo "ServerName localhost" >> /etc/apache2/apache2.conf && \
     apache2ctl configtest
 
+RUN echo '#!/bin/bash\nexec /usr/local/bin/ruby --yjit --yjit-exec-mem-size=64 "$@"' > /usr/local/bin/ruby_yjit && \
+    chmod +x /usr/local/bin/ruby_yjit
+    
+WORKDIR $workdir
+
+COPY --chown=www-data:www-data --from=builder /var/www /$workdir
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+
 COPY config/settings.yml $workdir/config/
 COPY start.sh liveness.sh $workdir/
-RUN chmod +x $workdir/*.sh
-RUN chown -R www-data:www-data /var/www
+
+RUN ln -s /tmp /var/www/tmp
+
+RUN mkdir -p /var/www/log && \
+    touch /var/www/log/production.log && \
+    chown -R www-data:www-data /var/www/log /var/www/public && \
+    chown -R www-data:www-data /var/www
+
 CMD ["./start.sh"]

images/web/config/production.conf

@@ -2,6 +2,7 @@
     # ServerName localhost
     # Tell Apache and Passenger where your app's 'public' directory is
     DocumentRoot /var/www/public
+    PassengerAppEnv production
     PassengerRuby /usr/local/bin/ruby
     RewriteEngine On
 
@@ -12,22 +13,19 @@
     RewriteCond %{HTTPS} off
     RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
-    # Redirect to www openstreetmap.org
-    # RewriteCond %{HTTP_HOST} =openstreetmap.org
-    # RewriteCond %{HTTP_HOST} !^www\. [NC]
-    # RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+    RewriteCond %{HTTP_HOST} =SERVER_DOMAIN_PLACEHOLDER
+    RewriteCond %{HTTP_HOST} !^www\. [NC]
+    RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
     <Location />
         CGIPassAuth On
         SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
     </Location>
 
-    # Proxying traffic to CGImap
+    #Proxying traffic to CGImap
     ProxyTimeout 1200
     RewriteCond %{REQUEST_URI} ^/api/0\.6/map
     RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
-
-    RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
     RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
     RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
     RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
@@ -53,4 +51,12 @@
         FcgidIOTimeout 1200
         FcgidConnectTimeout 1200
     </IfModule>
+
+    # Allow CORS for JSON, PBF, and PNG files for map-style
+    <FilesMatch "\.(json|pbf|png)$">
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "GET, OPTIONS"
+        Header set Access-Control-Allow-Headers "Content-Type"
+    </FilesMatch>
+
  </VirtualHost>

images/web/config/settings.yml

@@ -1,13 +1,15 @@
 # The server protocol and host
 server_protocol: "http"
-server_url: "openstreetmap.example.com" 
+server_url: "openstreetmap.example.com"
 # Publisher
 #publisher_url: ""
 # The generator
 generator: "OpenStreetMap server"
 copyright_owner: "OpenStreetMap and contributors"
 attribution_url: "http://www.openstreetmap.org/copyright"
 license_url: "http://opendatacommons.org/licenses/odbl/1-0/"
+# Legal email address
+legal_email: "legal@openstreetmap.org"
 # Support email address
 support_email: "openstreetmap@example.com"
 # Sender addresses for emails
@@ -102,13 +104,13 @@ default_legale: GB
 # Location of data for attachments
 attachments_dir: ":rails_root/public/attachments"
 # Log file to use
-#log_path: ""
+log_path: "/var/www/log/production.log"
 # Log file to use for logstash
 #logstash_path: ""
 # List of memcache servers to use for caching
 memcache_servers: []
 # URL of Nominatim instance to use for geocoding
-nominatim_url: "https://nominatim-api.openstreetmap.org/"
+nominatim_url: "https://nominatim.openstreetmap.org/"
 # Default editor
 default_editor: "id"
 # OAuth application for the web site
@@ -131,6 +133,11 @@ overpass_credentials: false
 graphhopper_url: "https://graphhopper.com/api/1/route"
 fossgis_osrm_url: "https://routing.openstreetmap.de/"
 fossgis_valhalla_url: "https://valhalla1.openstreetmap.de/route"
+
+# Endpoints for Wikimedia integration
+wikidata_api_url: "https://www.wikidata.org/w/api.php"
+wikimedia_commons_url: "https://commons.wikimedia.org/wiki/"
+
 # External authentication credentials
 #google_auth_id: ""
 #google_auth_secret: ""
@@ -141,8 +148,15 @@ fossgis_valhalla_url: "https://valhalla1.openstreetmap.de/route"
 #github_auth_secret: ""
 #microsoft_auth_id: ""
 #microsoft_auth_secret: ""
-#wikipedia_auth_id: ""
-#wikipedia_auth_secret: ""
+# wikipedia_auth_id: ""
+# wikipedia_auth_secret: ""
+#apple_auth_id: ""
+#apple_team_id: ""
+#apple_key_id: ""
+#apple_private_key: ""
+# openstreetmap_auth_id: ""
+# openstreetmap_auth_secret: ""
+# openstreetmap_auth_scopes: ["read_prefs"]
 # Thunderforest authentication details
 #thunderforest_key: ""
 # Tracestrack authentication details
@@ -154,10 +168,10 @@ csp_enforce: false
 # URL for reporting Content-Security-Policy violations
 #csp_report_url: ""
 # Storage services to use in production mode
-avatar_storage: "local"
-trace_file_storage: "local"
-trace_image_storage: "local"
-trace_icon_storage: "local"
+avatar_storage: "s3" # TODO: Change to S3
+trace_file_storage: "s3" # TODO: Change to S3
+trace_image_storage: "s3" # TODO: Change to S3
+trace_icon_storage: "s3" # TODO: Change to S3
 # Root URL for storage services
 # avatar_storage_url:
 # trace_image_storage_url:
@@ -185,3 +199,5 @@ doorkeeper_signing_key: |
   -----BEGIN PRIVATE KEY-----
   PRIVATE_KEY
   -----END PRIVATE KEY-----
+
+mastodon_url: "https://mapstodon.space/@osm"