X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/981b586040b3fe307a4855e58e846da75555aa05..622372dee2d7bf45fbf482a58732478b0ccf03c6:/cookbooks/tilecache/templates/default/nginx_tile.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index 149ddd001..62e25d195 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -1,17 +1,20 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
 upstream tile_cache_backend {
-    server 127.0.0.1:8080;
-    <% @caches.each do |cache| -%>
-    <% if cache[:hostname] != node[:hostname] -%>
-    #Server <%= cache[:hostname] %>
-    <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+    server 127.0.0.1;
+
+    # Add the other caches to relieve pressure if local squid failing
+    # Balancer: round-robin
+<% @caches.each do |cache| -%>
+<% if cache[:hostname] != node[:hostname] -%>
+    # Server <%= cache[:hostname] %>
+<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
     server <%= address %> backup;
-    <% end -%>
-    <% end -%>
-    <% end -%>
+<% end -%>
+<% end -%>
+<% end -%>
 
-    keepalive 32;
+    keepalive 256;
 }
 
 # Rates table based on current cookie value
@@ -30,6 +33,27 @@ map $http_user_agent $approved_scraper {
   '~^Mozilla\/5\.0\ QGIS\/' 'QGIS';
 }
 
+map $http_user_agent $denied_scraper {
+  default '';          # Not denied
+  '~^Python\-urllib\/' 'Python';
+  '~^python\-requests\/' 'Python';
+  '~^R$'               'R';
+  '~^Java\/'           'Java';
+  '~^tiles$'           'Unknown';
+  '~^Dalvik\/'         'Dalvik';
+  '~^runtastic'        'runtastic';
+  'Mozilla/4.0'        'Unknown';
+  'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)' 'Unknown';
+}
+
+map $http_referer $denied_referer {
+  default '';                      # Not denied
+  'http://www.openstreetmap.org/'  'old-osm';
+  'http://www.osm.org/'            'old-osm';
+  'http://openstreetmap.org'       'fake-osm';
+  'http://www.openstreetmap.org'   'fake-osm';
+}
+
 # Limit Cache-Control header to only approved User-Agents
 map $http_user_agent $limit_http_cache_control {
   default '';                              # Unset Header
@@ -59,8 +83,10 @@ server {
       proxy_http_version 1.1;
       proxy_set_header Connection '';
 
-      proxy_connect_timeout 5s;
+      proxy_connect_timeout 10s;
 
+      # Preserve host header.
+      proxy_set_header Host $host;
       # Do not pass cookies to backends.
       proxy_set_header Cookie '';
       # Do not pass Accept-Encoding to backends.
@@ -85,7 +111,14 @@ server {
 
       # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
       if ($approved_scraper) {
-        set $limit_rate 32768;
+        set $limit_rate 65536;
+      }
+
+      if ($denied_scraper) {
+        return 429;
+      }
+      if ($denied_referer) {
+        return 418;
       }
 
       # Strip any ?query parameters from urls
@@ -96,11 +129,3 @@ server {
       proxy_set_header Pragma $limit_http_pragma;
     }
 }
-
-# Convert all http requests to https
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    server_name _;
-    return 301 https://$host$request_uri;
-}