X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/91e029600c447d436e3d01246fb5b578dba4dc91..HEAD:/cookbooks/tilecache/templates/default/nginx_tile.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
deleted file mode 100644
index d5d40405c..000000000
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ /dev/null
@@ -1,150 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-upstream tile_cache_backend {
-  server 127.0.0.1;
-
-  # Add the other caches to relieve pressure if local squid failing
-  # Balancer: round-robin
-<% @caches.each do |cache| -%>
-<% if cache[:hostname] != node[:hostname] -%>
-<% if node[:tilecache][:tile_siblings].include? cache[:fqdn] -%>
-<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
-  server <%= address %> backup; # Server <%= cache[:hostname] %>
-<% end -%>
-<% end -%>
-<% end -%>
-<% end -%>
-
-  keepalive 256;
-}
-
-# Geo Map of tile caches
-geo $tile_cache {
-  default 0;
-<% @caches.each do |cache| -%>
-<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
-  <%= address %> 1; # <%= cache[:hostname] %>
-<% end -%>
-<% end -%>
-}
-
-# Rates table based on current cookie value
-map $cookie_qos_token $limit_rate_qos {
-  include /etc/nginx/conf.d/tile_qos_rates.map;
-}
-
-# Set-Cookie table based on current cookie value
-map $cookie_qos_token $cookie_qos_token_set {
-  include /etc/nginx/conf.d/tile_qos_cookies.map;
-}
-
-map $http_user_agent $approved_scraper {
-  default                   0; # Not approved
-  '~^JOSM\/'                1; # JOSM
-  '~^Mozilla\/5\.0\ QGIS\/' 1; # QGIS
-}
-
-map $http_user_agent $denied_scraper {
-  default                0; # Not denied
-  ''                     1; # No User-Agent Set
-  '~^Python\-urllib\/'   1; # Library Default
-  '~^python\-requests\/' 1; # Library Default
-  '~^node\-fetch\/'      1; # Library Default
-  '~^R$'                 1; # Library Default
-  '~^Java\/'             1; # Library Default
-  '~^tiles$'             1; # Library Default
-  '~^Dalvik\/'           1; # Library Default
-  '~^runtastic'          1; # App
-  'Mozilla/4.0'          1; # Fake
-  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' 1;  # Fake
-}
-
-map $http_referer $denied_referer {
-  default                          0; # Not denied
-  'http://www.openstreetmap.org/'  1; # Faked
-  'http://www.openstreetmap.org'   1; # Faked
-  'http://openstreetmap.org/'      1; # Faked
-  'http://openstreetmap.org'       1; # Faked
-  'http://www.osm.org/'            1; # Faked
-  'http://www.osm.org'             1; # Faked
-  'http://osm.org/'                1; # Faked
-  'http://osm.org'                 1; # Faked
-}
-
-# Limit Cache-Control header to only approved User-Agents
-map $http_user_agent $limit_http_cache_control {
-  default '';                              # Unset Header
-  '~^Mozilla\/5\.0\ QGIS\/' '';            # Unset Header
-  '~^Mozilla\/5\.0\ ' $http_cache_control; # Pass Header
-}
-
-# Limit Pragma header to only approved User-Agents
-map $http_user_agent $limit_http_pragma {
-  default '';                       # Unset Header
-  '~^Mozilla\/5\.0\ QGIS\/' '';     # Unset Header
-  '~^Mozilla\/5\.0\ ' $http_pragma; # Pass Header
-}
-
-server {
-    listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
-    server_name  localhost;
-
-    proxy_buffers 8 64k;
-
-    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
-    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
-
-    location / {
-      proxy_pass http://tile_cache_backend;
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_http_version 1.1;
-      proxy_set_header Connection '';
-
-      proxy_connect_timeout 5s;
-
-      # Preserve host header.
-      proxy_set_header Host $host;
-      # Do not pass cookies to backends.
-      proxy_set_header Cookie '';
-      # Do not pass Accept-Encoding to backends.
-      proxy_set_header Accept-Encoding '';
-
-      # Do not allow setting cookies from backends due to caching.
-      proxy_ignore_headers Set-Cookie;
-      proxy_hide_header Set-Cookie;
-
-      # Set a QoS cookie if none presented (uses nginx Map)
-      add_header Set-Cookie $cookie_qos_token_set;
-<% if node[:ssl][:strict_transport_security] -%>
-      # Ensure Strict-Transport-Security header is removed from proxied server responses
-      proxy_hide_header Strict-Transport-Security;
-
-      # Enable HSTS
-      add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
-<% end -%>
-
-      # QoS Traffic Rate see $limit_rate on http://nginx.org/en/docs/http/ngx_http_core_module.html
-      set $limit_rate $limit_rate_qos;
-
-      # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
-      if ($approved_scraper) {
-        set $limit_rate 65536;
-      }
-
-      if ($denied_scraper) {
-        set $limit_rate 512;
-        return 429;
-      }
-      if ($denied_referer) {
-        set $limit_rate 512;
-        return 418;
-      }
-
-      # Strip any ?query parameters from urls
-      set $args '';
-
-      # Allow cache purging headers only from select User-Agents (uses nginx Map)
-      proxy_set_header Cache-Control $limit_http_cache_control;
-      proxy_set_header Pragma $limit_http_pragma;
-    }
-}