Update web-api container

Author: Rub21

images/cgimap/start.sh

@@ -9,7 +9,7 @@ export CGIMAP_OAUTH_HOST=$POSTGRES_HOST
 export CGIMAP_UPDATE_HOST=$POSTGRES_HOST
 # Export CGIMAP configuration
 export CGIMAP_LOGFILE="/var/www/log/cgimap.log"
-export CGIMAP_MEMCACHE=$OPENSTREETMAP_MEMCACHE_SERVERS
+export CGIMAP_MEMCACHE=$MEMCACHE_SERVER
 # Average number of bytes/s to allow each client
 export CGIMAP_RATELIMIT="204800"
 # Maximum debt in MB to allow each client before rate limiting

images/web/Dockerfile

@@ -1,111 +1,98 @@
-FROM ubuntu:22.04
-ENV DEBIAN_FRONTEND=noninteractive
-ENV workdir /var/www
-
-# Production OSM setup
-ENV RAILS_ENV=production
-
-# Install the openstreetmap-website dependencies
-RUN apt-get update \
-    && apt-get install -y \
-    ruby ruby-dev ruby-bundler libmagickwand-dev libxml2-dev libxslt1-dev \
-    apache2 apache2-dev build-essential git-core postgresql-client \
-    libpq-dev libsasl2-dev imagemagick libffi-dev libgd-dev libarchive-dev libbz2-dev curl \
-    default-jre-headless file gpg-agent libvips-dev locales software-properties-common tzdata unzip \
-    advancecomp gifsicle libjpeg-progs jhead jpegoptim optipng pngcrush pngquant libyaml-dev \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-## Install node
-RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN apt-get update && apt-get install -y nodejs yarn && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-# Install openstreetmap-cgimap requirements
-RUN apt-get update &&  apt-get -y install libxml2-dev libpqxx-dev libfcgi-dev zlib1g-dev libbrotli-dev \
-  libboost-program-options-dev libfmt-dev libmemcached-dev libcrypto++-dev \
-  libargon2-dev libyajl-dev cmake libapache2-mod-fcgid && \
-  apt-get clean && \
-  rm -rf /var/lib/apt/lists/*
-
-# Install cgimap, before remove basic auth
-ENV cgimap /openstreetmap-cgimap
-ENV CGIMAP_GITSHA=26cd7fa10affe5dbd13dbe16de34421059f53f18
-RUN git clone -b master https://github.com/zerebubuth/openstreetmap-cgimap.git $cgimap \
-    && cd $cgimap \
-    && git checkout $CGIMAP_GITSHA \
-    && rm -rf .git \
-    && mkdir build \
-    && cd build \
-    && cmake .. \
-    && cmake --build .
-
-# Install svgo required
-RUN npm install -g svgo
-
-# Install openstreetmap-website
-RUN rm -rf $workdir/html
-
-## Sep 2023
-ENV OPENSTREETMAP_WEBSITE_GITSHA=d23763d6cdbf5ec11f0e83f8e6e8fb32ed973e6a
-RUN curl -L https://github.com/openstreetmap/openstreetmap-website/archive/$OPENSTREETMAP_WEBSITE_GITSHA.zip --output website.zip && unzip website.zip 
-RUN mv openstreetmap-website-$OPENSTREETMAP_WEBSITE_GITSHA/* $workdir/
-WORKDIR $workdir
-
-# Install Ruby packages
-RUN gem install bundler && bundle install
-
-# Configure database.yml and secrets.yml
-RUN cp $workdir/config/example.database.yml $workdir/config/database.yml
-RUN touch $workdir/config/settings.local.yml
-RUN cp $workdir/config/example.storage.yml $workdir/config/storage.yml
-RUN echo "#session key \n\
-production: \n\
-  secret_key_base: $(rails secret)" > $workdir/config/secrets.yml
-# Protect sensitive information
-RUN chmod 600 $workdir/config/database.yml $workdir/config/secrets.yml
-RUN bundle exec bin/yarn install
+FROM ruby:3.3-slim AS builder
 
-RUN rails i18n:js:export assets:precompile
-
-# The rack interface requires a `tmp` directory to use openstreetmap-cgimap
-RUN ln -s /tmp /var/www/tmp
+ENV DEBIAN_FRONTEND=noninteractive \
+    workdir=/var/www
 
-# Add Apache configuration file
-ADD config/production.conf /etc/apache2/sites-available/production.conf
-RUN a2enmod headers
-RUN a2enmod setenvif
-RUN a2dissite 000-default
-RUN a2ensite production
+WORKDIR $workdir
 
-# Install Passenger + Apache module
-RUN apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
-RUN apt-get update && apt-get install -y libapache2-mod-passenger lighttpd
+# Install base build dependencies
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    git curl gnupg build-essential \
+    libarchive-dev zlib1g-dev libcurl4-openssl-dev \
+    apache2 apache2-dev libapache2-mod-passenger libapache2-mod-fcgid libapr1-dev libaprutil1-dev \
+    postgresql-client libpq-dev libxml2-dev libyaml-dev \
+    pngcrush optipng advancecomp pngquant jhead jpegoptim gifsicle libjpeg-progs \
+    && curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
+    && apt-get install -y nodejs \
+    && npm install -g yarn svgo \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Enable the Passenger Apache module and restart Apache
-RUN echo "ServerName $(cat /etc/hostname)" >> /etc/apache2/apache2.conf
 RUN a2enmod passenger
 
-# Check installation
-RUN /usr/bin/passenger-config validate-install
-RUN /usr/sbin/passenger-memory-stats
-
-# Enable required apache modules for the cgimap Apache service
-RUN a2enmod proxy proxy_http rewrite lbmethod_byrequests proxy_fcgi
+# Clone OSM Website
+ENV OPENSTREETMAP_WEBSITE_GITSHA=ea3760f94d9d74d3aaa8492182b9e1a15ec1effa
+RUN rm -rf $workdir/* && \
+    git clone https://github.com/openstreetmap/openstreetmap-website.git $workdir && \
+    cd $workdir && \
+    git checkout $OPENSTREETMAP_WEBSITE_GITSHA && \
+    git fetch && rm -rf .git
+
+# Install Ruby/Node dependencies
+RUN gem install bundler && \
+    bundle install && \
+    yarn install && \
+    bundle exec rake yarn:install
+
+# Dummy config for precompile
+RUN cp config/example.database.yml config/database.yml && \
+    cp config/example.storage.yml config/storage.yml && \
+    touch config/settings.local.yml && \
+    chmod 600 config/database.yml
+
+# Create dummy credentials
+RUN rm -f config/credentials.yml.enc && \
+    export RAILS_MASTER_KEY=$(openssl rand -hex 16) && \
+    export SECRET_KEY_BASE=$(bundle exec rails secret) && \
+    echo $RAILS_MASTER_KEY > config/master.key && \
+    EDITOR="echo" RAILS_MASTER_KEY=$RAILS_MASTER_KEY rails credentials:edit && \
+    RAILS_MASTER_KEY=$RAILS_MASTER_KEY rails runner "\
+    require 'active_support/encrypted_configuration'; \
+    require 'yaml'; \
+    creds = ActiveSupport::EncryptedConfiguration.new(\
+        config_path: 'config/credentials.yml.enc', \
+        key_path: 'config/master.key', \
+        env_key: 'RAILS_MASTER_KEY', \
+        raise_if_missing_key: true \
+    ); \
+    credentials = { secret_key_base: '$SECRET_KEY_BASE' }; \
+    creds.write(credentials.to_yaml); \
+    puts 'Credentials configured correctly.'"
+
+# Precompile assets
+RUN bundle exec rake i18n:js:export && \
+    bundle exec rake assets:precompile
+
+FROM ruby:3.3-slim
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    workdir=/var/www
 
-# Config the virtual host apache2
-RUN apache2ctl configtest
+WORKDIR $workdir
 
-# Set Permissions for www-data
-RUN chown -R www-data: $workdir
+# Install only runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    apache2 libapache2-mod-passenger libapache2-mod-fcgid \
+    libpq5 libxml2 libyaml-0-2 libarchive13 file libgd-dev \
+    postgresql-client curl \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Add settings
-ADD config/settings.yml $workdir/config/
+COPY --from=builder /var/www /var/www
+COPY --from=builder /usr/local/bundle /usr/local/bundle
 
-COPY start.sh $workdir/
-COPY liveness.sh $workdir/
+# Symlink tmp for Passenger
+RUN ln -s /tmp /var/www/tmp
 
-CMD $workdir/start.sh
+# Apache configuration
+COPY config/production.conf /etc/apache2/sites-available/production.conf
+RUN a2enmod headers setenvif proxy proxy_http proxy_fcgi fcgid rewrite lbmethod_byrequests passenger && \
+    a2dissite 000-default && \
+    a2ensite production && \
+    echo "ServerName localhost" >> /etc/apache2/apache2.conf && \
+    apache2ctl configtest
+
+COPY config/settings.yml $workdir/config/
+COPY start.sh liveness.sh $workdir/
+RUN chmod +x $workdir/*.sh
+RUN chown -R www-data:www-data /var/www
+CMD ["./start.sh"]

images/web/config/production.conf

@@ -2,41 +2,55 @@
     # ServerName localhost
     # Tell Apache and Passenger where your app's 'public' directory is
     DocumentRoot /var/www/public
-    PassengerRuby /usr/bin/ruby
+    PassengerRuby /usr/local/bin/ruby
     RewriteEngine On
+    
+    # Redirect to HTTPS
     RewriteCond %{HTTP:X-Forwarded-Proto} =http
-    #  Development mode in case domain is localhost
-    # ======Redirect to HTTPS
     RewriteCond %{HTTP_HOST} !=localhost
     RewriteCond %{HTTP_HOST} !=127.0.0.1
     RewriteCond %{HTTPS} off
     RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
-    # ======Redirect to wwww osmseed.org
-    # RewriteCond %{HTTP_HOST} =osmseed.org
-    # RewriteCond %{HTTP_HOST} !^www\. [NC]
-    # RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+    ; # Redirect to www openstreetmap.org
+    ; RewriteCond %{HTTP_HOST} =openstreetmap.org
+    ; RewriteCond %{HTTP_HOST} !^www\. [NC]
+    ; RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
     <Location />
-            CGIPassAuth On
+        CGIPassAuth On
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
     </Location>
 
-    # ======Proxying traffic to CGImap====
+    # Proxying traffic to CGImap
+    ProxyTimeout 1200
     RewriteCond %{REQUEST_URI} ^/api/0\.6/map
-    RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+
     RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
-    RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-    RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
+    RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
+    RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://${CGIMAP_URL}:${CGIMAP_PORT}$0 [P]
 
     # Relax Apache security settings
     <Directory /var/www/public>
       AllowOverride None
       Allow from all
       Options -MultiViews
     </Directory>
-</VirtualHost>
+    
+    # Additional FastCGI configurations
+    <IfModule mod_proxy_fcgi.c>
+        ProxyTimeout 1200
+        ProxyBadHeader Ignore
+    </IfModule>
+
+    <IfModule mod_fcgid.c>
+        FcgidIOTimeout 1200
+        FcgidConnectTimeout 1200
+    </IfModule>
+ </VirtualHost>

images/web/config/settings.yml

@@ -1,6 +1,6 @@
 # The server protocol and host
 server_protocol: "http"
-server_url: "openstreetmap.example.com"
+server_url: "openstreetmap.example.com" 
 # Publisher
 #publisher_url: ""
 # The generator
@@ -32,7 +32,7 @@ default_changeset_query_limit: 100
 # Maximum limit on the number of changesets returned by the changeset query api method
 max_changeset_query_limit: 100
 # Maximum number of nodes that will be returned by the api in a map request
-max_number_of_nodes: 50000
+max_number_of_nodes: 100000
 # Maximum number of nodes that can be in a way (checked on save)
 max_number_of_way_nodes: 2000
 # Maximum number of members that can be in a relation (checked on save)
@@ -50,21 +50,26 @@ max_trace_size: 1000000
 # Zoom level to use for postcode results from the geocoder
 postcode_zoom: 15
 # Timeout for API calls in seconds
-api_timeout: 300
+api_timeout: 600
 # Timeout for web pages in seconds
-web_timeout: 30
+web_timeout: 600
 # Periods (in hours) which are allowed for user blocks
 user_block_periods: [0, 1, 3, 6, 12, 24, 48, 96, 168, 336, 731, 4383, 8766, 87660]
 # Account deletion cooldown period (in hours) since last changeset close; null to disable, 0 to make sure there aren't any open changesets when the deletion happens
 user_account_deletion_delay: null
 # Rate limit for message sending
 max_messages_per_hour: 60
+# Default limit on the number of messages returned by inbox and outbox message api
+default_message_query_limit: 100
+# Maximum number of messages returned by inbox and outbox message api
+max_message_query_limit: 100
 # Rate limit for friending
 max_friends_per_hour: 60
 # Rate limit for changeset comments
 min_changeset_comments_per_hour: 1
 initial_changeset_comments_per_hour: 6
 max_changeset_comments_per_hour: 60
+comments_to_max_changeset_comments: 200
 moderator_changeset_comments_per_hour: 36000
 # Rate limit for changes
 min_changes_per_hour: 100
@@ -73,6 +78,13 @@ max_changes_per_hour: 100000
 days_to_max_changes: 7
 importer_changes_per_hour: 1000000
 moderator_changes_per_hour: 1000000
+# Size limit for changes
+min_size_limit: 10000000
+initial_size_limit: 30000000
+max_size_limit: 5400000000
+days_to_max_size_limit: 28
+importer_size_limit: 5400000000
+moderator_size_limit: 5400000000
 # Domain for handling message replies
 #messages_domain: "messages.openstreetmap.org"
 # MaxMind GeoIPv2 database
@@ -94,25 +106,26 @@ attachments_dir: ":rails_root/public/attachments"
 # Log file to use for logstash
 #logstash_path: ""
 # List of memcache servers to use for caching
-#memcache_servers: []
-# Enable HTTP basic authentication support
-basic_auth_support: true
-# Enable legacy OAuth 1.0 support
-oauth_10_support: true
-oauth_10_registration: true
+memcache_servers: []
 # URL of Nominatim instance to use for geocoding
-nominatim_url: "https://nominatim.openstreetmap.org/"
+nominatim_url: "https://nominatim-api.openstreetmap.org/"
 # Default editor
 default_editor: "id"
 # OAuth application for the web site
-oauth_application: "OAUTH_CLIENT_ID"
-oauth_key: "OAUTH_KEY"
+oauth_application: ""
+oauth_key: ""
 # OAuth application for iD
 id_application: ""
 # Imagery to return in capabilities as blacklisted
-imagery_blacklist: []
+imagery_blacklist:
+  # Current Google imagery URLs have google or googleapis in the domain
+  - ".*\\.google(apis)?\\..*/.*"
+  # Blacklist VWorld
+  - "http://xdworld\\.vworld\\.kr:8080/.*"
+  # Blacklist here
+  - ".*\\.here\\.com[/:].*"
 # URL of Overpass instance to use for feature queries
-overpass_url: "https://overpass-api.de/api/interpreter"
+overpass_url: "https://overpass-api.openstreetmap.org/api/interpreter"
 overpass_credentials: false
 # Routing endpoints
 graphhopper_url: "https://graphhopper.com/api/1/route"