]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
Disable gpximport, statistics and cleanup roles on spike-04
[chef.git] / cookbooks / tilecache / templates / default / nginx_tile_ssl.conf.erb
index f450322639d9bd13d2d75476c8d27a01a7a6f001..7f01c3fc8116ed5ee97cfa912ca0611f80b75eeb 100644 (file)
@@ -1,16 +1,39 @@
+upstream tile_cache_backend {
+    server 127.0.0.1;
+    <% @caches.each do |cache| -%>
+    <% if cache[:hostname] != node[:hostname] -%>
+    #Server <%= cache[:hostname] %>
+    <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+    server <%= address %> backup;
+    <% end -%>
+    <% end -%>
+    <% end -%>
+
+    keepalive 32;
+}
+
 server {
 server {
-    listen       443 ssl;
+    listen       443 ssl default_server;
     server_name  localhost;
 
     server_name  localhost;
 
-    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.pem;
-    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.key;
+    proxy_buffers 8 64k;
+
+    ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
+    ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
+    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
     ssl_prefer_server_ciphers on;
     ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-
-    location / { proxy_pass http://127.0.0.1; proxy_set_header X-Forwarded-For $remote_addr; }
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 30m;
+    ssl_stapling on;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    resolver <%= @resolvers.join(" ") %>;
 
 
+    location / {
+      proxy_pass http://tile_cache_backend;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
+    }
 }
 }