X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/9b3496d2e29006154afb29e549230f8e4f201612..94a807d0d0bfc9c9c90b077b6344c9af433ac190:/config/nginx.conf

diff --git a/config/nginx.conf b/config/nginx.conf
index 7cde7741b..5071a260b 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -136,17 +136,43 @@ http {
         }
 
         # Placeholder for blocking abuse
+        include /etc/nginx/blocked_hosts;
         allow all; 
-    
+
+        # Block some bulk download agents
+        if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) {
+            return 403;
+        }
+
+        # Block some robots
+        if ($http_user_agent ~* msnbot|twiceler) {
+            return 403;
+        }
+ 
         # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/...
         if ($host ~* ^api\.) {
             rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2;
             rewrite ^/capabilities$ /api/capabilities;
         }
-    
+ 
         # Strip asset tags
         location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ {
+            # Strip asset tags
             rewrite ^/(.*)/[0-9]+$ /$1;
+
+            # Set expiry to the maximum - the asset tag will change
+            # when there is a new version
+            expires max;
+
+            # Only cache OpenLayers for seven days though
+            if ($uri ~ ^/openlayers/) {
+                expires 7d;
+            }
+        }
+
+        # Cache the embedded map page for seven days
+        location ~ ^/export/embed.html$ {
+            expires 7d;
         }
 
         # Include fastcgi configuration
@@ -164,18 +190,21 @@ http {
 
         # Handle bulk api requests
         location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ {
+            fastcgi_read_timeout 300;
             fastcgi_pass bulkapi_backend;
             break;
         }
         
         # Send search requests to the bulk api backend
         location ~ ^/api/0\.6/.*/search$ {
+            fastcgi_read_timeout 300;
             fastcgi_pass bulkapi_backend;
             break;
         }
 
         # Send requests for full objects to the bulk api backend
         location ~ ^/api/0\.6/.*/full$ {
+            fastcgi_read_timeout 300;
             fastcgi_pass bulkapi_backend;
             break;
         }
@@ -191,17 +220,6 @@ http {
             return 404;
         }
             
-        # Handle Special Case Expiry
-        location ~ ^/openlayers/ {
-            expires 7d;
-        }
-        location ~ ^/export/embed.html$ {
-            expires 7d;
-        }
-        location ~ ^/(images|javascripts|stylesheets)/ {
-            expires max;
-        }
-
         # Send everything else to the web backend unless it exists
         # in the rails public tree    
         location / {
@@ -225,5 +243,13 @@ http {
                 text/x-cross-domain-policy xml;
             }
         }
+
+        # Give munin access to some statistics
+        location /server-status {
+            stub_status on;
+            access_log off;
+            allow 127.0.0.1;
+            deny all;
+        }
     }
 }