~^/([^/]+)(.*)$ $2;
}
+map $args $format {
+ default default;
+ ~(^|&)format=html(&|$) html;
+ ~(^|&)format= other;
+}
+
+map $uri/$format $forward_to_ui {
+ default 1;
+ ~^/ui 0;
+ ~/other$ 0;
+ ~/reverse.*/default 0;
+ ~/lookup.*/default 0;
+}
+
map $query_string $email_id {
~(^|&)email=([^&]+) $2;
}
server {
# IPv4
- listen 443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen 443 ssl deferred backlog=16384 reuseport http2 default_server;
# IPv6
- listen [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
server_name localhost;
ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
try_files $uri $uri/ @php;
}
+ location /ui/ {
+ alias <%= @ui_directory %>/dist/;
+ index search.html;
+ }
+
location @php {
if ($blocked_user_agent ~ ^2$)
{ return 403; }
{ return 403; }
if ($blocked_email)
{ return 403; }
+ include <%= @confdir %>/nginx_blocked_generic.conf;
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
fastcgi_param QUERY_STRING $args;
fastcgi_param PATH_INFO "$nominatim_path_info";
fastcgi_param SCRIPT_FILENAME "$document_root/$nominatim_script_name";
+ if ($forward_to_ui) {
+ rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
+ }
}
location ~* \.php$ {
{ return 403; }
if ($blocked_email)
{ return 403; }
+ include <%= @confdir %>/nginx_blocked_generic.conf;
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
fastcgi_pass nominatim_service;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+ if ($forward_to_ui) {
+ rewrite (.*).php https://$host/ui$1.html redirect;
+ }
}
}