]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/tilecache/templates/default/nginx_tile.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update bundle
[chef.git] / cookbooks / tilecache / templates / default / nginx_tile.conf.erb
diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
deleted file mode 100644 (file)
index 0f4f9e5..0000000
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ /dev/null
@@ -1,90 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-upstream tile_cache_backend {
-    server 127.0.0.1;
-
-    keepalive 32;
-}
-
-# Rates table based on current cookie value
-map $cookie_qos_token $limit_rate_qos {
-  include /etc/nginx/conf.d/tile_qos_rates.map;
-}
-
-# Set-Cookie table based on current cookie value
-map $cookie_qos_token $cookie_qos_token_set {
-  include /etc/nginx/conf.d/tile_qos_cookies.map;
-}
-
-map $http_user_agent $approved_scraper {
-  default '';                       # Not approved
-  '~^JOSM\/' 'JOSM';
-  '~^Mozilla\/5\.0\ QGIS\/' 'QGIS';
-}
-
-# Limit Cache-Control header to only approved User-Agents
-map $http_user_agent $limit_http_cache_control {
-  default '';                              # Unset Header
-  '~^Mozilla\/5\.0\ QGIS\/' '';            # Unset Header
-  '~^Mozilla\/5\.0\ ' $http_cache_control; # Pass Header
-}
-
-# Limit Pragma header to only approved User-Agents
-map $http_user_agent $limit_http_pragma {
-  default '';                       # Unset Header
-  '~^Mozilla\/5\.0\ QGIS\/' '';     # Unset Header
-  '~^Mozilla\/5\.0\ ' $http_pragma; # Pass Header
-}
-
-server {
-    listen       443 ssl fastopen=2048 http2 default_server;
-    server_name  localhost;
-
-    proxy_buffers 8 64k;
-
-    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
-    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
-
-    location / {
-      proxy_pass http://tile_cache_backend;
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_http_version 1.1;
-      proxy_set_header Connection '';
-
-      proxy_connect_timeout 5s;
-
-      # Do not pass cookies to backends.
-      proxy_set_header Cookie '';
-      # Do not pass Accept-Encoding to backends.
-      proxy_set_header Accept-Encoding '';
-
-      # Do not allow setting cookies from backends due to caching.
-      proxy_ignore_headers Set-Cookie;
-      proxy_hide_header Set-Cookie;
-
-      # Set a QoS cookie if none presented (uses nginx Map)
-      add_header Set-Cookie $cookie_qos_token_set;
-<% if node[:ssl][:strict_transport_security] -%>
-      # Ensure Strict-Transport-Security header is removed from proxied server responses
-      proxy_hide_header Strict-Transport-Security;
-
-      # Enable HSTS
-      add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
-<% end -%>
-
-      # QoS Traffic Rate see $limit_rate on http://nginx.org/en/docs/http/ngx_http_core_module.html
-      set $limit_rate $limit_rate_qos;
-
-      # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
-      if ($approved_scraper) {
-        set $limit_rate 32768;
-      }
-
-      # Strip any ?query parameters from urls
-      set $args '';
-
-      # Allow cache purging headers only from select User-Agents (uses nginx Map)
-      proxy_set_header Cache-Control $limit_http_cache_control;
-      proxy_set_header Pragma $limit_http_pragma;
-    }
-}
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.