X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/44d47ed890517c96d524f093039489b6655ebb18..ae60e569aa65b63bf638f6e216a47156673c8c9b:/cookbooks/tilecache/templates/default/nginx_tile.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index f5ae62618..aaea48377 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -1,9 +1,20 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 upstream tile_cache_backend {
-    server 127.0.0.1:8080;
+    server 127.0.0.1;
+
+    # Add the other caches to relieve pressure if local squid failing
+    # Balancer: round-robin
+<% @caches.each do |cache| -%>
+<% if cache[:hostname] != node[:hostname] -%>
+    # Server <%= cache[:hostname] %>
+<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+    server <%= address %> backup;
+<% end -%>
+<% end -%>
+<% end -%>
 
-    keepalive 32;
+    keepalive 256;
 }
 
 # Rates table based on current cookie value
@@ -22,6 +33,22 @@ map $http_user_agent $approved_scraper {
   '~^Mozilla\/5\.0\ QGIS\/' 'QGIS';
 }
 
+map $http_user_agent $denied_scraper {
+  default '';          # Not denied
+  '~^Python\-urllib\/' 'Python';
+  '~^R$'               'R';
+  '~^Java\/'           'Java';
+  '~^tiles$'           'Unknown';
+}
+
+map $http_referer $denied_referer {
+  default '';                      # Not denied
+  'http://www.openstreetmap.org/'  'old-osm';
+  'http://www.osm.org/'            'old-osm';
+  'http://openstreetmap.org'       'fake-osm';
+  'http://www.openstreetmap.org'   'fake-osm';
+}
+
 # Limit Cache-Control header to only approved User-Agents
 map $http_user_agent $limit_http_cache_control {
   default '';                              # Unset Header
@@ -51,8 +78,10 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Connection '';
 
-      proxy_connect_timeout 5s;
+      proxy_connect_timeout 10s;
 
+      # Preserve host header.
+      proxy_set_header Host $host;
       # Do not pass cookies to backends.
       proxy_set_header Cookie '';
       # Do not pass Accept-Encoding to backends.
@@ -77,7 +106,14 @@ server {
 
       # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
       if ($approved_scraper) {
-        set $limit_rate 32768;
+        set $limit_rate 65536;
+      }
+
+      if ($denied_scraper) {
+        return 429;
+      }
+      if ($denied_referer) {
+        return 418;
       }
 
       # Strip any ?query parameters from urls
@@ -88,18 +124,3 @@ server {
       proxy_set_header Pragma $limit_http_pragma;
     }
 }
-
-# Convert all http requests to https
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    server_name _;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 80;
-    listen [::]:80;
-    server_name ~^(?<subdomain>(?:[a-d]\.)?tile)\.osm\.org$;
-    return 301 https://$subdomain.openstreetmap.org$request_uri;
-}