From: Grant Slater <git@firefishy.com>
Date: Sat, 17 Dec 2016 19:01:42 +0000 (+0000)
Subject: tilecache: enable TFO
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/b1ec1f564c74db98564f6eafebabd9a41207e2eb

tilecache: enable TFO
---

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 0ec51a10e..f0bfdf209 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -13,7 +13,7 @@ upstream tile_cache_backend {
 }
 
 server {
-    listen       443 ssl http2 default_server;
+    listen       443 ssl fastopen=2048 http2 default_server;
     server_name  localhost;
 
     proxy_buffers 8 64k;
diff --git a/roles/tilecache.rb b/roles/tilecache.rb
index 0b19eb890..8e6da21ee 100644
--- a/roles/tilecache.rb
+++ b/roles/tilecache.rb
@@ -32,6 +32,12 @@ default_attributes(
         "net.netfilter.nf_conntrack_max" => "131072"
       }
     },
+    :kernel_tfo_listen_enable => {
+      :comment => "Enable TCP Fast Open for listening sockets",
+      :parameters => {
+        "net.ipv4.tcp_fastopen" => 3
+      }
+    },
     :squid_swappiness => {
       :comment => "Prefer not to swapout to free memory",
       :parameters => {