X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/40d07ae504526c1ee30fecd18f9cf3b32f6fd39d..1aca4d24e609b234bdf9ad4708611d79700c390d:/cookbooks/tilecache/templates/default/nginx_tile.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index 036a3506f..c1f9956c9 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -15,7 +15,8 @@ upstream tile_cache_backend {
 <% end -%>
 <% end -%>
 
-  keepalive 256;
+  keepalive 1024;
+  keepalive_requests 1024;
 }
 
 # Geo Map of tile caches
@@ -29,12 +30,12 @@ geo $tile_cache {
 }
 
 # Rates table based on current cookie value
-map $cookie_qos_token $limit_rate_qos {
+map $cookie__osm_totp_token $limit_rate_qos {
   include /etc/nginx/conf.d/tile_qos_rates.map;
 }
 
 # Set-Cookie table based on current cookie value
-map $cookie_qos_token $cookie_qos_token_set {
+map $cookie__osm_totp_token $cookie_qos_token_set {
   include /etc/nginx/conf.d/tile_qos_cookies.map;
 }
 
@@ -93,6 +94,10 @@ server {
     ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
     ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
 
+    # Requests sent within early data are subject to replay attacks.
+    # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
+    ssl_early_data on;
+
     # Immediately 404 layers we do not support
 <% for i in 20..99 do %>
     location /<%= i %>/ {
@@ -159,7 +164,14 @@ server {
       return 404;
     }
 
+<% for i in 0..13 do %>
+<% if i == 0 -%>
+    # Default Fallback Location Handler (lowest)
     location / {
+<% elsif -%>
+    # Dedicated zoom handler for caching
+    location /<%= i %>/ {
+<% end %>
       proxy_pass http://tile_cache_backend;
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_http_version 1.1;
@@ -178,6 +190,21 @@ server {
       proxy_ignore_headers Set-Cookie;
       proxy_hide_header Set-Cookie;
 
+<% if i != 0 -%>
+      # Caching
+      proxy_cache "proxy_cache_zone";
+      proxy_cache_lock on;
+      proxy_cache_valid 200 1d;
+      proxy_cache_valid 404 15m;
+      # Serve stale cache on errors or if updating
+      proxy_cache_use_stale error timeout updating http_500 http_503 http_504;
+      # If in cache as stale, serve stale and update in background
+      proxy_cache_background_update on;
+      proxy_cache_min_uses 8;
+
+      add_header X-Nginx-Cache-Status $upstream_cache_status;
+<% end -%>
+
       # Set a QoS cookie if none presented (uses nginx Map)
       add_header Set-Cookie $cookie_qos_token_set;
 <% if node[:ssl][:strict_transport_security] -%>
@@ -212,4 +239,5 @@ server {
       proxy_set_header Cache-Control $limit_http_cache_control;
       proxy_set_header Pragma $limit_http_pragma;
     }
+<% end %>
 }