]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/imagery/templates/default/nginx_imagery.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Limit the number of threads used for low zoom renders
[chef.git] / cookbooks / imagery / templates / default / nginx_imagery.conf.erb
diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index 1c828d9b1be3f52272875ba7f250530361c6f453..e1d33c7b67e90cc1a899777de79c87c42100de04 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -1,5 +1,6 @@
 server {
     listen 80;
+    listen [::]:80;
     server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
 
     rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
@@ -7,14 +8,7 @@ server {
 }
 
 upstream <%= @name %>_fastcgi {
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-0.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-1.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-2.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-3.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-4.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-5.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-6.socket" max_fails=0;
-    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>-7.socket" max_fails=0;
+    server "unix:/var/run/mapserver-fastcgi/layer-<%= @name %>.socket" max_fails=0;
 
     # Use default round-robin to distribute requests, rather than pick "fast" but maybe faulty.
     # Do not use keepalive
@@ -22,6 +16,7 @@ upstream <%= @name %>_fastcgi {
 
 server {
     listen 443 ssl http2;
+    listen [::]:443 ssl http2;
     server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
 
     ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
@@ -31,12 +26,6 @@ server {
     add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
 <% end -%>
 
-    # CSP report only policy
-    add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://openstreetmap.report-uri.com/r/d/csp/wizard";
-    # Add NEL reporting
-    add_header Report-To "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://openstreetmap.report-uri.com/a/d/g\"}],\"include_subdomains\":true}";
-    add_header NEL "{\"report_to\":\"default\",\"max_age\":604800,\"include_subdomains\":true}";
-
     # Requests sent within early data are subject to replay attacks.
     # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
     ssl_early_data on;
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.