From b1ec1f564c74db98564f6eafebabd9a41207e2eb Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Sat, 17 Dec 2016 19:01:42 +0000
Subject: [PATCH 1/1] tilecache: enable TFO

---
 .../tilecache/templates/default/nginx_tile_ssl.conf.erb     | 2 +-
 roles/tilecache.rb                                          | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 0ec51a10e..f0bfdf209 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -13,7 +13,7 @@ upstream tile_cache_backend {
 }
 
 server {
-    listen       443 ssl http2 default_server;
+    listen       443 ssl fastopen=2048 http2 default_server;
     server_name  localhost;
 
     proxy_buffers 8 64k;
diff --git a/roles/tilecache.rb b/roles/tilecache.rb
index 0b19eb890..8e6da21ee 100644
--- a/roles/tilecache.rb
+++ b/roles/tilecache.rb
@@ -32,6 +32,12 @@ default_attributes(
         "net.netfilter.nf_conntrack_max" => "131072"
       }
     },
+    :kernel_tfo_listen_enable => {
+      :comment => "Enable TCP Fast Open for listening sockets",
+      :parameters => {
+        "net.ipv4.tcp_fastopen" => 3
+      }
+    },
     :squid_swappiness => {
       :comment => "Prefer not to swapout to free memory",
       :parameters => {
-- 
2.43.2