-user www-data www-data;\r
-worker_processes 2;\r
-\r
-error_log /var/log/nginx/error.log;\r
-pid /var/run/nginx.pid;\r
-\r
-events {\r
- # max clients = worker_processes * worker_connections\r
- worker_connections 1024;\r
-}\r
-\r
-http {\r
- include /etc/nginx/mime.types;\r
- default_type application/octet-stream;\r
-\r
- #access_log /var/log/nginx/access.log;\r
-\r
- sendfile on;\r
- #tcp_nopush on;\r
-\r
- #keepalive_timeout 0;\r
- keepalive_timeout 65;\r
- tcp_nodelay on;\r
-\r
- gzip on;\r
- gzip_min_length 1100;\r
- gzip_buffers 4 8k;\r
- # text/html is added gzip_types by default\r
- gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css;\r
- \r
- #NO CGI SUPPORT IN NGINX fix stat .pl later\r
-\r
- upstream web_backend {\r
- server 127.0.0.1:8000;\r
- server 127.0.0.1:8001;\r
- server 127.0.0.1:8002;\r
- server 127.0.0.1:8003;\r
- server 127.0.0.1:8004;\r
- server 127.0.0.1:8005;\r
- server 127.0.0.1:8006;\r
- server 127.0.0.1:8007;\r
- server 127.0.0.1:8008;\r
- server 127.0.0.1:8009;\r
- server 127.0.0.1:8010;\r
- server 127.0.0.1:8011;\r
- server 127.0.0.1:8012;\r
- server 127.0.0.1:8013;\r
- server 127.0.0.1:8014;\r
- server 127.0.0.1:8015;\r
- server 127.0.0.1:8016;\r
- server 127.0.0.1:8017;\r
- server 127.0.0.1:8018;\r
- server 127.0.0.1:8019;\r
- server 127.0.0.1:8020;\r
- server 127.0.0.1:8021;\r
- server 127.0.0.1:8022;\r
- server 127.0.0.1:8023;\r
- server 127.0.0.1:8024;\r
- server 127.0.0.1:8025;\r
- server 127.0.0.1:8026;\r
- server 127.0.0.1:8027;\r
- server 127.0.0.1:8028;\r
- server 127.0.0.1:8029;\r
- }\r
-\r
- upstream api_backend {\r
- server 127.0.0.1:8030;\r
- server 127.0.0.1:8031;\r
- server 127.0.0.1:8032;\r
- server 127.0.0.1:8033;\r
- server 127.0.0.1:8034;\r
- server 127.0.0.1:8035;\r
- server 127.0.0.1:8036;\r
- server 127.0.0.1:8037;\r
- server 127.0.0.1:8038;\r
- server 127.0.0.1:8039;\r
- server 127.0.0.1:8040;\r
- server 127.0.0.1:8041;\r
- server 127.0.0.1:8042;\r
- server 127.0.0.1:8043;\r
- server 127.0.0.1:8044;\r
- }\r
-\r
- upstream bulkapi_backend {\r
- server 10.0.0.10:8000;\r
- server 10.0.0.11:8000;\r
- server 10.0.0.12:8000;\r
- server 10.0.0.10:8001;\r
- server 10.0.0.11:8001;\r
- server 10.0.0.12:8001;\r
- server 10.0.0.10:8002;\r
- server 10.0.0.11:8002;\r
- server 10.0.0.12:8002;\r
- server 10.0.0.10:8003;\r
- server 10.0.0.11:8003;\r
- server 10.0.0.12:8003;\r
- }\r
- \r
- upstream tah_backend {\r
- server 10.0.0.10:8004;\r
- server 10.0.0.11:8004;\r
- server 10.0.0.12:8004;\r
- server 10.0.0.10:8005;\r
- server 10.0.0.11:8005;\r
- server 10.0.0.12:8005;\r
- }\r
-\r
-server {\r
- listen 80;\r
- server_name .openstreetmap.org api.openstreetmap.org;\r
- root /home/rails/public;\r
- index index.html;\r
- access_log /var/log/nginx/openstreetmap.org.access.log;\r
- \r
- include /etc/nginx/fastcgi_params;\r
-\r
- #Redirect Historical Links to correct servers\r
- location /trac/ {\r
- rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent;\r
- }\r
-\r
- location /wiki/ {\r
- rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent;\r
- }\r
-\r
- location / {\r
- deny 143.210.16.160;\r
- deny 69.89.21.73;\r
- deny 91.89.145.219;\r
- deny 195.190.169.111;\r
- deny 84.237.213.10;\r
- deny 70.22.219.249;\r
- deny 83.226.40.87;\r
- deny 82.178.145.87;\r
- deny 91.78.50.134;\r
- deny 91.77.7.139;\r
- deny 85.126.23.106;\r
- deny 213.171.196.166;\r
- deny 81.151.8.64;\r
- deny 130.226.235.215;\r
- deny 141.99.254.253;\r
- deny 61.228.43.32;\r
- allow all; \r
- }\r
- \r
- #Handle api.openstreetmap/ -> api.openstreetmap/api/\r
- if ($host ~* api\.(.*)) {\r
- rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2\r
- }\r
- \r
- location /api/ {\r
- include /etc/nginx/fastcgi_params;\r
- if ($http_user_agent ~ "^tilesAtHome") {\r
- #deny all;\r
- fastcgi_pass tah_backend;\r
- break;\r
- }\r
- }\r
-\r
- location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ {\r
- fastcgi_pass bulkapi_backend;\r
- break;\r
- }\r
- \r
- location ~ ^/api/0\.6/.*/search$ {\r
- fastcgi_pass bulkapi_backend;\r
- break;\r
- }\r
-\r
- location ~ ^/api/0\.6/.*/full$ {\r
- fastcgi_pass bulkapi_backend;\r
- break;\r
- }\r
-\r
- # fastcgi Web / Data Browser / Relations etc\r
- location ~ ^/api/0\.6/ {\r
- fastcgi_pass api_backend;\r
- break;\r
- }\r
-\r
- #Deny unknown API version\r
- location ~ ^/api/0\.[0-9]+/ {\r
- deny all;\r
- }\r
- \r
- #Handle Special Case Expiry\r
- location ~ ^/(export|openlayers)/ {\r
- expires 7d;\r
- }\r
- location ~ ^/(images|javascripts|stylesheets)/ {\r
- expires max;\r
- }\r
- \r
- location / {\r
- fastcgi_index index.html;\r
- if (!-f $request_filename) {\r
- fastcgi_pass web_backend;\r
- break;\r
- }\r
- }\r
-\r
- location /crossdomain.xml {\r
- default_type text/x-cross-domain-policy;\r
- }\r
-\r
- #error_page 404 /404.html;\r
- # redirect server error pages to the static page /50x.html\r
- error_page 500 502 503 504 /50x.html;\r
- location = /50x.html {\r
- root /var/www/nginx-default;\r
- }\r
- }\r
-}\r
+# Run as www-data
+user www-data www-data;
+
+# Use two worker processes
+worker_processes 2;
+
+# Define PID files
+pid /var/run/nginx.pid;
+
+# Define error log
+error_log /var/log/nginx/error.log;
+
+events {
+ # max clients = worker_processes * worker_connections
+ worker_connections 1024;
+}
+
+http {
+ # Configure MIME types
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Configure network details
+ sendfile on;
+ keepalive_timeout 65;
+ tcp_nodelay on;
+
+ # Define access log
+ access_log /var/log/nginx/access.log;
+
+ # Configure compression (text/html is compressed by default)
+ gzip on;
+ gzip_min_length 1100;
+ gzip_buffers 4 8k;
+ gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css;
+
+ #NO CGI SUPPORT IN NGINX fix stat .pl later
+
+ # Define fastcgi backend for web pages
+ upstream web_backend {
+ server 127.0.0.1:8000;
+ server 127.0.0.1:8001;
+ server 127.0.0.1:8002;
+ server 127.0.0.1:8003;
+ server 127.0.0.1:8004;
+ server 127.0.0.1:8005;
+ server 127.0.0.1:8006;
+ server 127.0.0.1:8007;
+ server 127.0.0.1:8008;
+ server 127.0.0.1:8009;
+ server 127.0.0.1:8010;
+ server 127.0.0.1:8011;
+ server 127.0.0.1:8012;
+ server 127.0.0.1:8013;
+ server 127.0.0.1:8014;
+ server 127.0.0.1:8015;
+ server 127.0.0.1:8016;
+ server 127.0.0.1:8017;
+ server 127.0.0.1:8018;
+ server 127.0.0.1:8019;
+ server 127.0.0.1:8020;
+ server 127.0.0.1:8021;
+ server 127.0.0.1:8022;
+ server 127.0.0.1:8023;
+ server 127.0.0.1:8024;
+ server 127.0.0.1:8025;
+ }
+
+ # Define fastcgi backend for geocoder searches
+ upstream geocoder_backend {
+ server 127.0.0.1:8026;
+ server 127.0.0.1:8027;
+ server 127.0.0.1:8028;
+ server 127.0.0.1:8029;
+ }
+
+ # Define fastcgi backend for api requests
+ upstream api_backend {
+ server 127.0.0.1:8030;
+ server 127.0.0.1:8031;
+ server 127.0.0.1:8032;
+ server 127.0.0.1:8033;
+ server 127.0.0.1:8034;
+ server 127.0.0.1:8035;
+ server 127.0.0.1:8036;
+ server 127.0.0.1:8037;
+ server 127.0.0.1:8038;
+ server 127.0.0.1:8039;
+ server 127.0.0.1:8040;
+ server 127.0.0.1:8041;
+ server 127.0.0.1:8042;
+ server 127.0.0.1:8043;
+ server 127.0.0.1:8044;
+ }
+
+ # Define fastcgi backend for bulk api requests
+ upstream bulkapi_backend {
+ server 10.0.0.10:8000;
+ server 10.0.0.11:8000;
+ server 10.0.0.12:8000;
+ server 10.0.0.10:8001;
+ server 10.0.0.11:8001;
+ server 10.0.0.12:8001;
+ server 10.0.0.10:8002;
+ server 10.0.0.11:8002;
+ server 10.0.0.12:8002;
+ server 10.0.0.10:8003;
+ server 10.0.0.11:8003;
+ server 10.0.0.12:8003;
+ server 10.0.0.10:8004;
+ server 10.0.0.11:8004;
+ server 10.0.0.12:8004;
+ }
+
+ # Define fastcgi backend for tiles@home requests
+ upstream tah_backend {
+ server 10.0.0.10:8005;
+ server 10.0.0.11:8005;
+ server 10.0.0.12:8005;
+ }
+
+ server {
+ # Listen on port 80
+ listen 80;
+
+ # Serve rails public files
+ root /home/rails/public;
+
+ # Use index.html as the index page
+ index index.html;
+
+ # Redirect trac requests for historical reasons
+ location /trac/ {
+ rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent;
+ }
+
+ # Redirect wiki requests for historical reasons
+ location /wiki/ {
+ rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent;
+ }
+
+ # Placeholder for blocking abuse
+ include /etc/nginx/blocked_hosts;
+ allow all;
+
+ # Block some bulk download agents
+ if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) {
+ return 403;
+ }
+
+ # Block some robots
+ if ($http_user_agent ~* msnbot|twiceler) {
+ return 403;
+ }
+
+ # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/...
+ if ($host ~* ^api\.) {
+ rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2;
+ rewrite ^/capabilities$ /api/capabilities;
+ }
+
+ # Strip asset tags
+ location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ {
+ # Strip asset tags
+ rewrite ^/(.*)/[0-9]+$ /$1;
+
+ # Set expiry to the maximum - the asset tag will change
+ # when there is a new version
+ expires max;
+
+ # Only cache OpenLayers for seven days though
+ if ($uri ~ ^/openlayers/) {
+ expires 7d;
+ }
+ }
+
+ # Cache the embedded map page for seven days
+ location ~ ^/export/embed.html$ {
+ expires 7d;
+ }
+
+ # Include fastcgi configuration
+ include /etc/nginx/fastcgi_params;
+ fastcgi_param REQUEST_URI $uri;
+
+ # Handle tiles@home requests
+ location /api/ {
+ if ($http_user_agent ~ "^tilesAtHome") {
+ #deny all;
+ fastcgi_pass tah_backend;
+ break;
+ }
+ }
+
+ # Handle bulk api requests
+ location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ {
+ fastcgi_read_timeout 300;
+ fastcgi_pass bulkapi_backend;
+ break;
+ }
+
+ # Send search requests to the bulk api backend
+ location ~ ^/api/0\.6/.*/search$ {
+ fastcgi_read_timeout 300;
+ fastcgi_pass bulkapi_backend;
+ break;
+ }
+
+ # Send requests for full objects to the bulk api backend
+ location ~ ^/api/0\.6/.*/full$ {
+ fastcgi_read_timeout 300;
+ fastcgi_pass bulkapi_backend;
+ break;
+ }
+
+ # Handle the remaining api requests
+ location ~ ^/api/0\.6/ {
+ fastcgi_pass api_backend;
+ break;
+ }
+
+ # Deny old and unknown API versions
+ location ~ ^/api/0\.[0-9]+/ {
+ return 404;
+ }
+
+ # Send unversioned capabilities requests to the api backend
+ location = /api/capabilities {
+ fastcgi_pass api_backend;
+ break;
+ }
+
+ # Send geocoder searches to the geocoder backend
+ location /geocoder/ {
+ fastcgi_pass geocoder_backend;
+ break;
+ }
+
+ # Send everything else to the web backend unless it exists
+ # in the rails public tree
+ location / {
+ fastcgi_index index.html;
+
+ if (!-f $request_filename) {
+ fastcgi_pass web_backend;
+ break;
+ }
+ }
+
+ # Set the MIME type for crossdomain.xml policy files
+ # or flash will ignore it
+ location ~ /crossdomain\.xml$ {
+ types {
+ text/x-cross-domain-policy xml;
+ }
+ }
+
+ # Give munin access to some statistics
+ location /server-status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+ }
+}