X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/6088534f1b61e4667c74e4b83a82ba434b22e494..622372dee2d7bf45fbf482a58732478b0ccf03c6:/cookbooks/tilecache/templates/default/nginx_tile.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index 0f4f9e520..62e25d195 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -3,7 +3,18 @@
 upstream tile_cache_backend {
     server 127.0.0.1;
 
-    keepalive 32;
+    # Add the other caches to relieve pressure if local squid failing
+    # Balancer: round-robin
+<% @caches.each do |cache| -%>
+<% if cache[:hostname] != node[:hostname] -%>
+    # Server <%= cache[:hostname] %>
+<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+    server <%= address %> backup;
+<% end -%>
+<% end -%>
+<% end -%>
+
+    keepalive 256;
 }
 
 # Rates table based on current cookie value
@@ -22,6 +33,27 @@ map $http_user_agent $approved_scraper {
   '~^Mozilla\/5\.0\ QGIS\/' 'QGIS';
 }
 
+map $http_user_agent $denied_scraper {
+  default '';          # Not denied
+  '~^Python\-urllib\/' 'Python';
+  '~^python\-requests\/' 'Python';
+  '~^R$'               'R';
+  '~^Java\/'           'Java';
+  '~^tiles$'           'Unknown';
+  '~^Dalvik\/'         'Dalvik';
+  '~^runtastic'        'runtastic';
+  'Mozilla/4.0'        'Unknown';
+  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' 'Unknown';
+}
+
+map $http_referer $denied_referer {
+  default '';                      # Not denied
+  'http://www.openstreetmap.org/'  'old-osm';
+  'http://www.osm.org/'            'old-osm';
+  'http://openstreetmap.org'       'fake-osm';
+  'http://www.openstreetmap.org'   'fake-osm';
+}
+
 # Limit Cache-Control header to only approved User-Agents
 map $http_user_agent $limit_http_cache_control {
   default '';                              # Unset Header
@@ -51,8 +83,10 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Connection '';
 
-      proxy_connect_timeout 5s;
+      proxy_connect_timeout 10s;
 
+      # Preserve host header.
+      proxy_set_header Host $host;
       # Do not pass cookies to backends.
       proxy_set_header Cookie '';
       # Do not pass Accept-Encoding to backends.
@@ -77,7 +111,14 @@ server {
 
       # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
       if ($approved_scraper) {
-        set $limit_rate 32768;
+        set $limit_rate 65536;
+      }
+
+      if ($denied_scraper) {
+        return 429;
+      }
+      if ($denied_referer) {
+        return 418;
       }
 
       # Strip any ?query parameters from urls