]> git.openstreetmap.org Git - rails.git/blobdiff - config/nginx.conf
Restriction note deletion to moderators
[rails.git] / config / nginx.conf
index 745fa555ed9f71a7ca99215248af04789a23be3a..ae349b7466c17409059fcc95209753ef656c3ef7 100644 (file)
-user www-data;\r
-worker_processes  1;\r
-\r
-error_log  /var/log/nginx/error.log;\r
-pid        /var/run/nginx.pid;\r
-\r
-events {\r
-    worker_connections  1024;\r
-}\r
-\r
-http {\r
-    include       /etc/nginx/mime.types;\r
-    default_type  application/octet-stream;\r
-\r
-    #access_log  /var/log/nginx/access.log;\r
-\r
-    sendfile        on;\r
-    #tcp_nopush     on;\r
-\r
-    #keepalive_timeout  0;\r
-    keepalive_timeout  65;\r
-    tcp_nodelay        on;\r
-\r
-    gzip  on;\r
-       gzip_min_length 1100;\r
-       gzip_buffers 4 8k;\r
-       # text/html is added gzip_types by default\r
-       gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css;\r
-       #NO CGI SUPPORT IN NGINX fix stat .pl later\r
-\r
-       upstream web_backend {\r
-               server 127.0.0.1:8000;\r
-               server 127.0.0.1:8001;\r
-               server 127.0.0.1:8002;\r
-               server 127.0.0.1:8003;\r
-               server 127.0.0.1:8004;\r
-               server 127.0.0.1:8005;\r
-               server 127.0.0.1:8006;\r
-               server 127.0.0.1:8007;\r
-               server 127.0.0.1:8008;\r
-               server 127.0.0.1:8009;\r
-               server 127.0.0.1:8010;\r
-               server 127.0.0.1:8011;\r
-               server 127.0.0.1:8012;\r
-               server 127.0.0.1:8013;\r
-               server 127.0.0.1:8014;\r
-               server 127.0.0.1:8015;\r
-               server 127.0.0.1:8016;\r
-               server 127.0.0.1:8017;\r
-               server 127.0.0.1:8018;\r
-               server 127.0.0.1:8019;\r
-               server 127.0.0.1:8020;\r
-               server 127.0.0.1:8021;\r
-               server 127.0.0.1:8022;\r
-               server 127.0.0.1:8023;\r
-               server 127.0.0.1:8024;\r
-               server 127.0.0.1:8025;\r
-               server 127.0.0.1:8026;\r
-               server 127.0.0.1:8027;\r
-               server 127.0.0.1:8028;\r
-               server 127.0.0.1:8029;\r
-       }\r
-\r
-       upstream api_backend {\r
-               server 127.0.0.1:8030;\r
-               server 127.0.0.1:8031;\r
-               server 127.0.0.1:8032;\r
-               server 127.0.0.1:8033;\r
-               server 127.0.0.1:8034;\r
-               server 127.0.0.1:8035;\r
-               server 127.0.0.1:8036;\r
-               server 127.0.0.1:8037;\r
-               server 127.0.0.1:8038;\r
-               server 127.0.0.1:8039;\r
-               server 127.0.0.1:8040;\r
-               server 127.0.0.1:8041;\r
-               server 127.0.0.1:8042;\r
-               server 127.0.0.1:8043;\r
-               server 127.0.0.1:8044;\r
-       }\r
-\r
-       upstream bulkapi_backend {\r
-               server 10.0.0.10:8000;\r
-               server 10.0.0.11:8000;\r
-               server 10.0.0.12:8000;\r
-               server 10.0.0.10:8001;\r
-               server 10.0.0.11:8001;\r
-               server 10.0.0.12:8001;\r
-               server 10.0.0.10:8002;\r
-               server 10.0.0.11:8002;\r
-               server 10.0.0.12:8002;\r
-               server 10.0.0.10:8003;\r
-               server 10.0.0.11:8003;\r
-               server 10.0.0.12:8003;\r
-       }\r
-       \r
-       upstream tah_backend {\r
-               server 10.0.0.10:8004;\r
-               server 10.0.0.11:8004;\r
-               server 10.0.0.12:8004;\r
-               server 10.0.0.10:8005;\r
-               server 10.0.0.11:8005;\r
-               server 10.0.0.12:8005;\r
-       }\r
-\r
-       server {\r
-               listen   80;\r
-               server_name  .openstreetmap.org api.openstreetmap.org;\r
-               root /home/rails/public;\r
-               index index.html;\r
-               access_log  /var/log/nginx/openstreetmap.org.access.log;\r
-\r
-               if ($host ~* api\.(.*)) {\r
-                       rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2\r
-               }\r
-\r
-               location / {\r
-                       deny 143.210.16.160;\r
-                       allow all; \r
-               }\r
-\r
-               location /trac/ {\r
-                       rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent;\r
-               }\r
-\r
-               location /wiki/ {\r
-                       rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent;\r
-               }\r
-               \r
-               location /api/ {\r
-                       include /etc/nginx/fastcgi_params;\r
-                       if ($http_user_agent = "tilesAtHome") {\r
-                               fastcgi_pass tah_backend;\r
-                               break;\r
-                       }\r
-               }\r
-\r
-               location ~ ^/api/0\.6/(map|trackpoints|amf|amf/read|swf/trackpoints)$ {\r
-                       include /etc/nginx/fastcgi_params;\r
-                       fastcgi_pass bulkapi_backend;\r
-                       break;\r
-               }\r
-               \r
-               location ~ ^/api/0\.6/.*/search$ {\r
-                       include /etc/nginx/fastcgi_params;\r
-                       fastcgi_pass bulkapi_backend;\r
-                       break;\r
-               }\r
-\r
-               location ~ ^/api/0\.6/ {\r
-                       include /etc/nginx/fastcgi_params;\r
-                       fastcgi_pass api_backend;\r
-                       break;\r
-               }\r
-\r
-               location ~ ^/api/0\.[0-9]+/ {\r
-                       deny all;\r
-               }\r
-       \r
-               location / {\r
-                       include /etc/nginx/fastcgi_params;\r
-                       if (!-f $request_filename) {\r
-                               fastcgi_pass web_backend;\r
-                               break;\r
-                       }\r
-               }\r
-\r
-               location /crossdomain.xml {\r
-                       default_type text/x-cross-domain-policy;\r
-               }\r
-\r
-               #error_page  404  /404.html;\r
-               # redirect server error pages to the static page /50x.html\r
-               error_page   500 502 503 504  /50x.html;\r
-               location = /50x.html {\r
-                       root   /var/www/nginx-default;\r
-               }\r
-       }\r
-}\r
-\r
+# Run as www-data
+user www-data www-data;
+
+# Use two worker processes
+worker_processes  2;
+
+# Define PID files
+pid /var/run/nginx.pid;
+
+# Define error log
+error_log /var/log/nginx/error.log;
+
+events {
+    # max clients = worker_processes * worker_connections
+    worker_connections  1024;
+}
+
+http {
+    # Configure MIME types 
+    include /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # Configure network details
+    sendfile on;
+    keepalive_timeout 65;
+    tcp_nodelay on;
+
+    # Define access log
+    access_log /var/log/nginx/access.log;
+
+    # Configure compression (text/html is compressed by default)
+    gzip on;
+    gzip_min_length 1100;
+    gzip_buffers 4 8k;
+    gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css;
+    
+    #NO CGI SUPPORT IN NGINX fix stat .pl later
+
+    # Define fastcgi backend for web pages
+    upstream web_backend {
+        server 127.0.0.1:8000;
+        server 127.0.0.1:8001;
+        server 127.0.0.1:8002;
+        server 127.0.0.1:8003;
+        server 127.0.0.1:8004;
+        server 127.0.0.1:8005;
+        server 127.0.0.1:8006;
+        server 127.0.0.1:8007;
+        server 127.0.0.1:8008;
+        server 127.0.0.1:8009;
+        server 127.0.0.1:8010;
+        server 127.0.0.1:8011;
+        server 127.0.0.1:8012;
+        server 127.0.0.1:8013;
+        server 127.0.0.1:8014;
+        server 127.0.0.1:8015;
+        server 127.0.0.1:8016;
+        server 127.0.0.1:8017;
+        server 127.0.0.1:8018;
+        server 127.0.0.1:8019;
+        server 127.0.0.1:8020;
+        server 127.0.0.1:8021;
+        server 127.0.0.1:8022;
+        server 127.0.0.1:8023;
+        server 127.0.0.1:8024;
+        server 127.0.0.1:8025;
+    }
+
+    # Define fastcgi backend for geocoder searches
+    upstream geocoder_backend {
+        server 127.0.0.1:8026;
+        server 127.0.0.1:8027;
+        server 127.0.0.1:8028;
+        server 127.0.0.1:8029;
+    }
+
+    # Define fastcgi backend for api requests
+    upstream api_backend {
+        server 127.0.0.1:8030;
+        server 127.0.0.1:8031;
+        server 127.0.0.1:8032;
+        server 127.0.0.1:8033;
+        server 127.0.0.1:8034;
+        server 127.0.0.1:8035;
+        server 127.0.0.1:8036;
+        server 127.0.0.1:8037;
+        server 127.0.0.1:8038;
+        server 127.0.0.1:8039;
+        server 127.0.0.1:8040;
+        server 127.0.0.1:8041;
+        server 127.0.0.1:8042;
+        server 127.0.0.1:8043;
+        server 127.0.0.1:8044;
+    }
+
+    # Define fastcgi backend for bulk api requests
+    upstream bulkapi_backend {
+        server 10.0.0.10:8000;
+        server 10.0.0.11:8000;
+        server 10.0.0.12:8000;
+        server 10.0.0.10:8001;
+        server 10.0.0.11:8001;
+        server 10.0.0.12:8001;
+        server 10.0.0.10:8002;
+        server 10.0.0.11:8002;
+        server 10.0.0.12:8002;
+        server 10.0.0.10:8003;
+        server 10.0.0.11:8003;
+        server 10.0.0.12:8003;
+        server 10.0.0.10:8004;
+        server 10.0.0.11:8004;
+        server 10.0.0.12:8004;
+    }
+    
+    # Define fastcgi backend for tiles@home requests
+    upstream tah_backend {
+        server 10.0.0.10:8005;
+        server 10.0.0.11:8005;
+        server 10.0.0.12:8005;
+    }
+
+    server {
+        # Listen on port 80
+        listen 80;
+
+        # Serve rails public files
+        root /home/rails/public;
+
+        # Use index.html as the index page
+        index index.html;
+
+        # Redirect trac requests for historical reasons
+        location /trac/ {
+            rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent;
+        }
+
+        # Redirect wiki requests for historical reasons
+        location /wiki/ {
+            rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent;
+        }
+
+        # Placeholder for blocking abuse
+        include /etc/nginx/blocked_hosts;
+        allow all; 
+
+        # Block some bulk download agents
+        if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) {
+            return 403;
+        }
+
+        # Block some robots
+        if ($http_user_agent ~* msnbot|twiceler) {
+            return 403;
+        }
+        # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/...
+        if ($host ~* ^api\.) {
+            rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2;
+            rewrite ^/capabilities$ /api/capabilities;
+        }
+        # Strip asset tags
+        location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ {
+            # Strip asset tags
+            rewrite ^/(.*)/[0-9]+$ /$1;
+
+            # Set expiry to the maximum - the asset tag will change
+            # when there is a new version
+            expires max;
+
+            # Only cache OpenLayers for seven days though
+            if ($uri ~ ^/openlayers/) {
+                expires 7d;
+            }
+        }
+
+        # Cache the embedded map page for seven days
+        location ~ ^/export/embed.html$ {
+            expires 7d;
+        }
+
+        # Include fastcgi configuration
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param REQUEST_URI $uri;
+
+        # Handle tiles@home requests
+        location /api/ {
+            if ($http_user_agent ~ "^tilesAtHome") {
+                #deny all;
+                fastcgi_pass tah_backend;
+                break;
+            }
+        }
+
+        # Handle bulk api requests
+        location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ {
+            fastcgi_read_timeout 300;
+            fastcgi_pass bulkapi_backend;
+            break;
+        }
+        
+        # Send search requests to the bulk api backend
+        location ~ ^/api/0\.6/.*/search$ {
+            fastcgi_read_timeout 300;
+            fastcgi_pass bulkapi_backend;
+            break;
+        }
+
+        # Send requests for full objects to the bulk api backend
+        location ~ ^/api/0\.6/.*/full$ {
+            fastcgi_read_timeout 300;
+            fastcgi_pass bulkapi_backend;
+            break;
+        }
+
+        # Handle the remaining api requests
+        location ~ ^/api/0\.6/ {
+            fastcgi_pass api_backend;
+            break;
+        }
+
+        # Deny old and unknown API versions
+        location ~ ^/api/0\.[0-9]+/ {
+            return 404;
+        }
+            
+        # Send unversioned capabilities requests to the api backend
+        location = /api/capabilities {
+            fastcgi_pass api_backend;
+            break;
+        }
+
+        # Send geocoder searches to the geocoder backend
+        location /geocoder/ { 
+            fastcgi_pass geocoder_backend;
+            break;
+        }
+
+        # Send everything else to the web backend unless it exists
+        # in the rails public tree    
+        location / {
+            fastcgi_index index.html;
+
+            if (!-f $request_filename) {
+                fastcgi_pass web_backend;
+                break;
+            }
+        }
+
+        # Set the MIME type for crossdomain.xml policy files
+        # or flash will ignore it
+        location ~ /crossdomain\.xml$ {
+            types {
+                text/x-cross-domain-policy xml;
+            }
+        }
+
+        # Give munin access to some statistics
+        location /server-status {
+            stub_status on;
+            access_log off;
+            allow 127.0.0.1;
+            deny all;
+        }
+    }
+}