X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/fa2c23431f7614ca937c8124644ab6457c892ed4..483936772db85ebcf438b47927f85262ea0d5723:/config/nginx.conf?ds=sidebyside diff --git a/config/nginx.conf b/config/nginx.conf index cd32fd650..ae349b746 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -1,213 +1,266 @@ +# Run as www-data user www-data www-data; + +# Use two worker processes worker_processes 2; -error_log /var/log/nginx/error.log; -pid /var/run/nginx.pid; +# Define PID files +pid /var/run/nginx.pid; + +# Define error log +error_log /var/log/nginx/error.log; events { - # max clients = worker_processes * worker_connections + # max clients = worker_processes * worker_connections worker_connections 1024; } http { - include /etc/nginx/mime.types; + # Configure MIME types + include /etc/nginx/mime.types; default_type application/octet-stream; - #access_log /var/log/nginx/access.log; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - tcp_nodelay on; - - gzip on; - gzip_min_length 1100; - gzip_buffers 4 8k; - # text/html is added gzip_types by default - gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css; - - #NO CGI SUPPORT IN NGINX fix stat .pl later - - upstream web_backend { - server 127.0.0.1:8000; - server 127.0.0.1:8001; - server 127.0.0.1:8002; - server 127.0.0.1:8003; - server 127.0.0.1:8004; - server 127.0.0.1:8005; - server 127.0.0.1:8006; - server 127.0.0.1:8007; - server 127.0.0.1:8008; - server 127.0.0.1:8009; - server 127.0.0.1:8010; - server 127.0.0.1:8011; - server 127.0.0.1:8012; - server 127.0.0.1:8013; - server 127.0.0.1:8014; - server 127.0.0.1:8015; - server 127.0.0.1:8016; - server 127.0.0.1:8017; - server 127.0.0.1:8018; - server 127.0.0.1:8019; - server 127.0.0.1:8020; - server 127.0.0.1:8021; - server 127.0.0.1:8022; - server 127.0.0.1:8023; - server 127.0.0.1:8024; - server 127.0.0.1:8025; - server 127.0.0.1:8026; - server 127.0.0.1:8027; - server 127.0.0.1:8028; - server 127.0.0.1:8029; - } - - upstream api_backend { - server 127.0.0.1:8030; - server 127.0.0.1:8031; - server 127.0.0.1:8032; - server 127.0.0.1:8033; - server 127.0.0.1:8034; - server 127.0.0.1:8035; - server 127.0.0.1:8036; - server 127.0.0.1:8037; - server 127.0.0.1:8038; - server 127.0.0.1:8039; - server 127.0.0.1:8040; - server 127.0.0.1:8041; - server 127.0.0.1:8042; - server 127.0.0.1:8043; - server 127.0.0.1:8044; - } - - upstream bulkapi_backend { - server 10.0.0.10:8000; - server 10.0.0.11:8000; - server 10.0.0.12:8000; - server 10.0.0.10:8001; - server 10.0.0.11:8001; - server 10.0.0.12:8001; - server 10.0.0.10:8002; - server 10.0.0.11:8002; - server 10.0.0.12:8002; - server 10.0.0.10:8003; - server 10.0.0.11:8003; - server 10.0.0.12:8003; - } - - upstream tah_backend { - server 10.0.0.10:8004; - server 10.0.0.11:8004; - server 10.0.0.12:8004; - server 10.0.0.10:8005; - server 10.0.0.11:8005; - server 10.0.0.12:8005; - } - -server { - listen 80; - server_name .openstreetmap.org api.openstreetmap.org; - root /home/rails/public; - index index.html; - access_log /var/log/nginx/openstreetmap.org.access.log; - - include /etc/nginx/fastcgi_params; - - #Redirect Historical Links to correct servers - location /trac/ { - rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent; - } - - location /wiki/ { - rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent; - } - - location / { - deny 143.210.16.160; - deny 69.89.21.73; - deny 91.89.145.219; - deny 195.190.169.111; - deny 84.237.213.10; - deny 70.22.219.249; - deny 83.226.40.87; - deny 82.178.145.87; - deny 91.78.50.134; - deny 91.77.7.139; - deny 85.126.23.106; - deny 213.171.196.166; - deny 81.151.8.64; - deny 130.226.235.215; - deny 141.99.254.253; - deny 61.228.43.32; - allow all; - } - - #Handle api.openstreetmap/ -> api.openstreetmap/api/ - if ($host ~* api\.(.*)) { - rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2 - } - - location /api/ { - include /etc/nginx/fastcgi_params; - if ($http_user_agent ~ "^tilesAtHome") { - #deny all; - fastcgi_pass tah_backend; - break; - } - } - - location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ { - fastcgi_pass bulkapi_backend; - break; - } - - location ~ ^/api/0\.6/.*/search$ { - fastcgi_pass bulkapi_backend; - break; - } - - location ~ ^/api/0\.6/.*/full$ { - fastcgi_pass bulkapi_backend; - break; - } - - # fastcgi Web / Data Browser / Relations etc - location ~ ^/api/0\.6/ { - fastcgi_pass api_backend; - break; - } - - #Deny unknown API version - location ~ ^/api/0\.[0-9]+/ { - deny all; - } - - #Handle Special Case Expiry - location ~ ^/(export|openlayers)/ { - expires 7d; - } - location ~ ^/(images|javascripts|stylesheets)/ { - expires max; - } - - location / { - fastcgi_index index.html; - if (!-f $request_filename) { - fastcgi_pass web_backend; - break; - } - } - - location /crossdomain.xml { - default_type text/x-cross-domain-policy; - } - - #error_page 404 /404.html; - # redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/www/nginx-default; - } - } + # Configure network details + sendfile on; + keepalive_timeout 65; + tcp_nodelay on; + + # Define access log + access_log /var/log/nginx/access.log; + + # Configure compression (text/html is compressed by default) + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css; + + #NO CGI SUPPORT IN NGINX fix stat .pl later + + # Define fastcgi backend for web pages + upstream web_backend { + server 127.0.0.1:8000; + server 127.0.0.1:8001; + server 127.0.0.1:8002; + server 127.0.0.1:8003; + server 127.0.0.1:8004; + server 127.0.0.1:8005; + server 127.0.0.1:8006; + server 127.0.0.1:8007; + server 127.0.0.1:8008; + server 127.0.0.1:8009; + server 127.0.0.1:8010; + server 127.0.0.1:8011; + server 127.0.0.1:8012; + server 127.0.0.1:8013; + server 127.0.0.1:8014; + server 127.0.0.1:8015; + server 127.0.0.1:8016; + server 127.0.0.1:8017; + server 127.0.0.1:8018; + server 127.0.0.1:8019; + server 127.0.0.1:8020; + server 127.0.0.1:8021; + server 127.0.0.1:8022; + server 127.0.0.1:8023; + server 127.0.0.1:8024; + server 127.0.0.1:8025; + } + + # Define fastcgi backend for geocoder searches + upstream geocoder_backend { + server 127.0.0.1:8026; + server 127.0.0.1:8027; + server 127.0.0.1:8028; + server 127.0.0.1:8029; + } + + # Define fastcgi backend for api requests + upstream api_backend { + server 127.0.0.1:8030; + server 127.0.0.1:8031; + server 127.0.0.1:8032; + server 127.0.0.1:8033; + server 127.0.0.1:8034; + server 127.0.0.1:8035; + server 127.0.0.1:8036; + server 127.0.0.1:8037; + server 127.0.0.1:8038; + server 127.0.0.1:8039; + server 127.0.0.1:8040; + server 127.0.0.1:8041; + server 127.0.0.1:8042; + server 127.0.0.1:8043; + server 127.0.0.1:8044; + } + + # Define fastcgi backend for bulk api requests + upstream bulkapi_backend { + server 10.0.0.10:8000; + server 10.0.0.11:8000; + server 10.0.0.12:8000; + server 10.0.0.10:8001; + server 10.0.0.11:8001; + server 10.0.0.12:8001; + server 10.0.0.10:8002; + server 10.0.0.11:8002; + server 10.0.0.12:8002; + server 10.0.0.10:8003; + server 10.0.0.11:8003; + server 10.0.0.12:8003; + server 10.0.0.10:8004; + server 10.0.0.11:8004; + server 10.0.0.12:8004; + } + + # Define fastcgi backend for tiles@home requests + upstream tah_backend { + server 10.0.0.10:8005; + server 10.0.0.11:8005; + server 10.0.0.12:8005; + } + + server { + # Listen on port 80 + listen 80; + + # Serve rails public files + root /home/rails/public; + + # Use index.html as the index page + index index.html; + + # Redirect trac requests for historical reasons + location /trac/ { + rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent; + } + + # Redirect wiki requests for historical reasons + location /wiki/ { + rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent; + } + + # Placeholder for blocking abuse + include /etc/nginx/blocked_hosts; + allow all; + + # Block some bulk download agents + if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) { + return 403; + } + + # Block some robots + if ($http_user_agent ~* msnbot|twiceler) { + return 403; + } + + # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/... + if ($host ~* ^api\.) { + rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2; + rewrite ^/capabilities$ /api/capabilities; + } + + # Strip asset tags + location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ { + # Strip asset tags + rewrite ^/(.*)/[0-9]+$ /$1; + + # Set expiry to the maximum - the asset tag will change + # when there is a new version + expires max; + + # Only cache OpenLayers for seven days though + if ($uri ~ ^/openlayers/) { + expires 7d; + } + } + + # Cache the embedded map page for seven days + location ~ ^/export/embed.html$ { + expires 7d; + } + + # Include fastcgi configuration + include /etc/nginx/fastcgi_params; + fastcgi_param REQUEST_URI $uri; + + # Handle tiles@home requests + location /api/ { + if ($http_user_agent ~ "^tilesAtHome") { + #deny all; + fastcgi_pass tah_backend; + break; + } + } + + # Handle bulk api requests + location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ { + fastcgi_read_timeout 300; + fastcgi_pass bulkapi_backend; + break; + } + + # Send search requests to the bulk api backend + location ~ ^/api/0\.6/.*/search$ { + fastcgi_read_timeout 300; + fastcgi_pass bulkapi_backend; + break; + } + + # Send requests for full objects to the bulk api backend + location ~ ^/api/0\.6/.*/full$ { + fastcgi_read_timeout 300; + fastcgi_pass bulkapi_backend; + break; + } + + # Handle the remaining api requests + location ~ ^/api/0\.6/ { + fastcgi_pass api_backend; + break; + } + + # Deny old and unknown API versions + location ~ ^/api/0\.[0-9]+/ { + return 404; + } + + # Send unversioned capabilities requests to the api backend + location = /api/capabilities { + fastcgi_pass api_backend; + break; + } + + # Send geocoder searches to the geocoder backend + location /geocoder/ { + fastcgi_pass geocoder_backend; + break; + } + + # Send everything else to the web backend unless it exists + # in the rails public tree + location / { + fastcgi_index index.html; + + if (!-f $request_filename) { + fastcgi_pass web_backend; + break; + } + } + + # Set the MIME type for crossdomain.xml policy files + # or flash will ignore it + location ~ /crossdomain\.xml$ { + types { + text/x-cross-domain-policy xml; + } + } + + # Give munin access to some statistics + location /server-status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } }