]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tilecache: do not pass cookie to backend
[chef.git] / cookbooks / tilecache / templates / default / nginx_tile_ssl.conf.erb
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 0ec51a10ef078827c6a1292be3a7b8d6d6e59c00..a223912551c16e1becc468124a0a011fa7879027 100644 (file)
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -13,7 +13,7 @@ upstream tile_cache_backend {
 }
 
 server {
-    listen       443 ssl http2 default_server;
+    listen       443 ssl fastopen=2048 http2 default_server;
     server_name  localhost;
 
     proxy_buffers 8 64k;
@@ -36,6 +36,17 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Connection "";
 
+      proxy_connect_timeout 5s;
+
+      # Do not pass cookies to backend.
+      proxy_set_header Cookie "";
+      # Do not pass Accept-Encoding to backend.
+      proxy_set_header Accept-Encoding "";
+
+      # Do not allow setting cookies from cached pages.
+      proxy_ignore_headers Set-Cookie;
+      proxy_hide_header Set-Cookie;
+
       # Slow traffic slightly
       limit_rate 24576;
     }
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.