X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/cfaf23fefee30983bd314e0fdc6b9c9db7a65102..1f399ffd8591835c0315bae25c5f48f6060e12c7:/config/nginx.conf diff --git a/config/nginx.conf b/config/nginx.conf index 1f94ee9d7..1da97a6d5 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -7,8 +7,7 @@ worker_processes 2; # Define PID files pid /var/run/nginx.pid; -# Define log files -access_log /var/log/nginx/access.log; +# Define error log error_log /var/log/nginx/error.log; events { @@ -26,6 +25,9 @@ http { keepalive_timeout 65; tcp_nodelay on; + # Define access log + access_log /var/log/nginx/access.log; + # Configure compression (text/html is compressed by default) gzip on; gzip_min_length 1100; @@ -122,9 +124,6 @@ http { # Use index.html as the index page index index.html; - - # Include fastcgi configuration - include /etc/nginx/fastcgi_params; # Redirect trac requests for historical reasons location /trac/ { @@ -137,15 +136,44 @@ http { } # Placeholder for blocking abuse - location / { - allow all; + include /etc/nginx/blocked_hosts; + allow all; + + # Block some bulk download agents + if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) { + return 403; } - + + # Block some robots + if ($http_user_agent ~* msnbot|twiceler) { + return 403; + } + # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/... - if ($host ~* api\.(.*)) { + if ($host ~* ^api\.) { rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2; + rewrite ^/capabilities$ /api/capabilities; } - + + # Strip asset tags + location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ { + rewrite ^/(.*)/[0-9]+$ /$1; + expires max; + + # Handle Special Case Expiry + if ($uri ~ ^/openlayers/) { + expires 7d; + } + } + # Handle Special Case Expiry + location ~ ^/export/embed.html$ { + expires 7d; + } + + # Include fastcgi configuration + include /etc/nginx/fastcgi_params; + fastcgi_param REQUEST_URI $uri; + # Handle tiles@home requests location /api/ { if ($http_user_agent ~ "^tilesAtHome") { @@ -157,18 +185,21 @@ http { # Handle bulk api requests location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } # Send search requests to the bulk api backend location ~ ^/api/0\.6/.*/search$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } # Send requests for full objects to the bulk api backend location ~ ^/api/0\.6/.*/full$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } @@ -181,17 +212,9 @@ http { # Deny old and unknown API versions location ~ ^/api/0\.[0-9]+/ { - deny all; + return 404; } - # Handle Special Case Expiry - location ~ ^/(export|openlayers)/ { - expires 7d; - } - location ~ ^/(images|javascripts|stylesheets)/ { - expires max; - } - # Send everything else to the web backend unless it exists # in the rails public tree location / { @@ -203,10 +226,25 @@ http { } } + location = /api/capabilities { + fastcgi_pass web_backend; + break; + } + # Set the MIME type for crossdomain.xml policy files # or flash will ignore it - location ~ /crossdomain.xml$ { - default_type text/x-cross-domain-policy; + location ~ /crossdomain\.xml$ { + types { + text/x-cross-domain-policy xml; + } + } + + # Give munin access to some statistics + location /server-status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; } } }