From f6ca0be60f59b1834347e98f9052086bd7b19163 Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Sat, 7 Feb 2026 14:38:30 +0100
Subject: [PATCH] nominatim: add a fast lane for requests from osm.org

---
 cookbooks/nominatim/attributes/default.rb     |  5 ++-
 cookbooks/nominatim/recipes/default.rb        | 40 +++++++++----------
 .../nominatim/templates/default/nginx.erb     | 17 ++++++--
 roles/dulcy.rb                                |  4 +-
 roles/longma.rb                               |  4 +-
 roles/stormfly-04.rb                          |  4 +-
 roles/vhagar.rb                               |  4 +-
 7 files changed, 49 insertions(+), 29 deletions(-)

diff --git a/cookbooks/nominatim/attributes/default.rb b/cookbooks/nominatim/attributes/default.rb
index 1b82d5f79..5c895864d 100644
--- a/cookbooks/nominatim/attributes/default.rb
+++ b/cookbooks/nominatim/attributes/default.rb
@@ -1,5 +1,5 @@
 default[:nominatim][:dbadmins] = []
-default[:nominatim][:dbcluster] = "14/main"
+default[:nominatim][:dbcluster] = "17/main"
 default[:nominatim][:dbname] = "nominatim"
 default[:nominatim][:postgis] = "3"
 default[:nominatim][:logdir] = "/var/log/nominatim"
@@ -9,7 +9,8 @@ default[:nominatim][:ui_repository] = "https://git.openstreetmap.org/public/nomi
 default[:nominatim][:ui_revision] = "master"
 default[:nominatim][:qa_repository] = "https://github.com/osm-search/Nominatim-Data-Analyser"
 default[:nominatim][:qa_revision] = "deploy"
-default[:nominatim][:api_workers] = 10
+default[:nominatim][:api_workers]["nominatim"] = 8
+default[:nominatim][:api_workers]["nominatim_fastlane"] = 2
 default[:nominatim][:api_pool_size] = 10
 default[:nominatim][:api_query_timeout] = 5
 default[:nominatim][:api_request_timeout] = 20
diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index ad17d2794..b0e65460a 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -191,26 +191,26 @@ end
   end
 end
 
-systemd_service "nominatim" do
-  description "Nominatim running as a gunicorn application"
-  user "www-data"
-  group "www-data"
-  working_directory project_directory
-  standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
-  standard_error "inherit"
-  exec_start "#{python_directory}/bin/gunicorn --max-requests 500000 -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} --worker-class asgi --worker-connections 1000 --protocol uwsgi 'nominatim_api.server.falcon.server:run_wsgi()'"
-  exec_reload "/bin/kill -s HUP $MAINPID"
-  kill_mode "mixed"
-  timeout_stop_sec 5
-  private_tmp true
-  requires "nominatim.socket"
-  after "network.target"
-end
-
-systemd_socket "nominatim" do
-  description "Gunicorn socket for Nominatim"
-  listen_stream "/run/gunicorn-nominatim.openstreetmap.org.sock"
-  socket_user "www-data"
+%w[nominatim nominatim_fastlane].each do |name|
+  systemd_service name do
+    description "Nominatim running as a gunicorn application (#{name})"
+    user "www-data"
+    group "www-data"
+    working_directory project_directory
+    exec_start "#{python_directory}/bin/gunicorn --max-requests 500000 -b unix:/run/gunicorn-#{name}.openstreetmap.org.sock -w #{node[:nominatim][:api_workers][name]} --worker-class asgi --worker-connections 1000 --protocol uwsgi 'nominatim_api.server.falcon.server:run_wsgi()'"
+    exec_reload "/bin/kill -s HUP $MAINPID"
+    kill_mode "mixed"
+    timeout_stop_sec 5
+    private_tmp true
+    requires "#{name}.socket"
+    after "network.target"
+  end
+
+  systemd_socket name do
+    description "Gunicorn socket for Nominatim (#{name})"
+    listen_stream "/run/gunicorn-#{name}.openstreetmap.org.sock"
+    socket_user "www-data"
+  end
 end
 
 ssl_certificate node[:fqdn] do
diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 4645cc132..afd63b546 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -1,6 +1,8 @@
-upstream nominatim_service {
-  server unix:/run/gunicorn-nominatim.openstreetmap.org.sock fail_timeout=0;
+<% %w(nominatim nominatim_fastlane).each do |sname| -%>
+upstream <%= sname %>_service {
+  server unix:/run/gunicorn-<%= sname %>.openstreetmap.org.sock fail_timeout=0;
 }
+<% end -%>
 
 map $uri $nominatim_script_name {
     ~^/*(.+?)\.php        $1;
@@ -68,6 +70,15 @@ geo $whitelisted {
     35.153.15.118 1; # gnome - https://github.com/openstreetmap/operations/issues/1160
 }
 
+geo $proxyname {
+    default nominatim_service;
+<% @frontends.each do |frontend| -%>
+<% frontend.ipaddresses(:role => :external).sort.each do |address| -%>
+    <%= address %> nominatim_fastlane_service;
+<% end -%>
+<% end -%>
+}
+
 map $server_protocol$http_user_agent $cleaned_user_agent {
     default $http_user_agent;
     "~^HTTP/1..Mozilla/" Script$http_user_agent;
@@ -223,7 +234,7 @@ server {
           return 204;
         }
 
-        uwsgi_pass nominatim_service;
+        uwsgi_pass $proxyname;
         include uwsgi_params;
 
         add_header Vary "accept-language";
diff --git a/roles/dulcy.rb b/roles/dulcy.rb
index bc21860eb..1025522ae 100644
--- a/roles/dulcy.rb
+++ b/roles/dulcy.rb
@@ -81,7 +81,9 @@ default_attributes(
     :dbcluster => "17/main",
     :flatnode_file => "/srv/nominatim.openstreetmap.org/planet-project/nodes.store",
     :enable_qa_tiles => false,
-    :api_workers => 12,
+    :api_workers => {
+      "nominatim" => 11
+    },
     :api_pool_size => 8
   }
 )
diff --git a/roles/longma.rb b/roles/longma.rb
index c6226ac7f..888d262ef 100644
--- a/roles/longma.rb
+++ b/roles/longma.rb
@@ -44,7 +44,9 @@ default_attributes(
     :dbcluster => "17/main",
     :enable_qa_tiles => true,
     :flatnode_file => "/srv/nominatim.openstreetmap.org/planet-project/nodes.store",
-    :api_workers => 24,
+    :api_workers => {
+      "nominatim" => 22
+    },
     :api_pool_size => 8
   }
 )
diff --git a/roles/stormfly-04.rb b/roles/stormfly-04.rb
index ed65f18e8..137956d78 100644
--- a/roles/stormfly-04.rb
+++ b/roles/stormfly-04.rb
@@ -95,7 +95,9 @@ default_attributes(
   :nominatim => {
     :dbcluster => "17/main",
     :flatnode_file => "/srv/nominatim.openstreetmap.org/planet-project/nodes.store",
-    :api_workers => 19,
+    :api_workers => {
+      "nominatim" => 17
+    },
     :api_pool_size => 5
   }
 )
diff --git a/roles/vhagar.rb b/roles/vhagar.rb
index c8cd4a92f..c2381517a 100644
--- a/roles/vhagar.rb
+++ b/roles/vhagar.rb
@@ -34,7 +34,9 @@ default_attributes(
     :dbcluster => "17/main",
     :flatnode_file => "/srv/nominatim.openstreetmap.org/planet-project/nodes.store",
     :api_flavour => "python",
-    :api_workers => 24,
+    :api_workers => {
+      "nominatim" => 22
+    },
     :api_pool_size => 8
   }
 )
-- 
2.39.5