include_recipe "accounts"
include_recipe "munin"
-include_recipe "php::fpm"
include_recipe "prometheus"
+if node[:nominatim][:api_flavour] == "php"
+ include_recipe "php::fpm"
+end
+
basedir = data_bag_item("accounts", "nominatim")["home"]
email_errors = data_bag_item("accounts", "lonvia")["email"]
python3-sqlalchemy-ext
python3-geoalchemy2
python3-asyncpg
- php-pgsql
- php-intl
ruby
ruby-file-tail
ruby-pg
ruby-webrick
]
+if node[:nominatim][:api_flavour] == "php"
+ package %w[
+ php-pgsql
+ php-intl
+ ]
+elsif node[:nominatim][:api_flavour] == "python"
+ package %w[
+ gunicorn
+ uvicorn
+ python3-starlette
+ ]
+end
+
source_directory = "#{basedir}/src/nominatim"
build_directory = "#{basedir}/src/build"
project_directory = "#{basedir}/planet-project"
end
end
-remote_directory "#{project_directory}/website" do
+remote_directory "#{project_directory}/static-website" do
source "website"
owner "nominatim"
group "nominatim"
end
end
-node[:nominatim][:fpm_pools].each do |name, data|
- php_fpm name do
- port data[:port]
- pm data[:pm]
- pm_max_children data[:max_children]
- pm_start_servers 20
- pm_min_spare_servers 10
- pm_max_spare_servers 20
- pm_max_requests 10000
- prometheus_port data[:prometheus_port]
+if node[:nominatim][:api_flavour] == "php"
+ node[:nominatim][:fpm_pools].each do |name, data|
+ php_fpm name do
+ port data[:port]
+ pm data[:pm]
+ pm_max_children data[:max_children]
+ pm_start_servers 20
+ pm_min_spare_servers 10
+ pm_max_spare_servers 20
+ pm_max_requests 10000
+ prometheus_port data[:prometheus_port]
+ end
+ end
+elsif node[:nominatim][:api_flavour] == "python"
+ systemd_service "nominatim" do
+ description "Nominatim running as a gunicorn application"
+ user "www-data"
+ group "www-data"
+ working_directory project_directory
+ standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
+ standard_error "inherit"
+ exec_start "/usr/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w 10 -k uvicorn.workers.UvicornWorker nominatim.server.starlette.server:run_wsgi"
+ exec_reload "/bin/kill -s HUP $MAINPID"
+ environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/"
+ kill_mode "mixed"
+ timeout_stop_sec 5
+ private_tmp true
+ requires "nominatim.socket"
+ after "network.target"
+ end
+
+ systemd_socket "nominatim" do
+ description "Gunicorn socket for Nominatim"
+ listen_stream "/run/gunicorn-nominatim.openstreetmap.org.sock"
+ socket_user "www-data"
end
end
upstream nominatim_service {
- server unix:/run/php/php-nominatim.openstreetmap.org-fpm.sock;
+<% if node[:nominatim][:api_flavour] == "php" %>
+ server unix:/run/php/php-nominatim.openstreetmap.org-fpm.sock fail_timeout=0;
+<% elsif node[:nominatim][:api_flavour] == "python" %>
+ server unix:/run/gunicorn-nominatim.openstreetmap.org.sock fail_timeout=0;
+<% end -%>
}
map $uri $nominatim_script_name {
ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
ssl_certificate_key /etc/ssl/private/<%= node[:fqdn] %>.key;
- root <%= @directory %>/website;
+ root <%= @directory %>/static-website;
index search.php;
access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined;
limit_req zone=tarpit burst=5;
limit_req zone=reverse burst=5;
limit_req_status 429;
+<% if node[:nominatim][:api_flavour] == "php" %>
fastcgi_pass nominatim_service;
include fastcgi_params;
fastcgi_param QUERY_STRING $args;
fastcgi_param PATH_INFO "$nominatim_path_info";
- fastcgi_param SCRIPT_FILENAME "$document_root/$nominatim_script_name";
+ fastcgi_param SCRIPT_FILENAME "<%= @directory %>/website/$nominatim_script_name";
+<% elsif node[:nominatim][:api_flavour] == "python" %>
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_redirect off;
+ proxy_pass http://nominatim_service;
+<% end -%>
if ($forward_to_ui) {
rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
}
}
+<% if node[:nominatim][:api_flavour] == "php" %>
location ~* \.php$ {
if ($blocked_user_agent ~ ^2$)
{ return 403; }
limit_req_status 429;
fastcgi_pass nominatim_service;
include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param SCRIPT_FILENAME <%= @directory %>/website/$fastcgi_script_name;
if ($forward_to_ui) {
rewrite (.*).php https://$host/ui$1.html redirect;
}
}
+<% end -%>
}
projects / chef.git / commitdiff