nominatim: complete rework of the setup

[chef.git] / cookbooks / nominatim / templates / default / nginx.erb

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index a44e9382c0bf69c9266f23bbe6c37aad707e64c3..998fcdfaa5f24606d0c81ad5174bc6279a417f3d 100644 (file)
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -24,6 +24,7 @@ map $uri/$format $forward_to_ui {
     ~/other$              0;
     ~/reverse.*/default   0;
     ~/lookup.*/default    0;
+    ~/status.*/default    0;
 }
 
 map $query_string $email_id {
@@ -56,7 +57,9 @@ geo $whitelisted {
     46.235.224.148 1;
     209.132.180.180 1;
     209.132.180.168 1;
-    8.43.85.23 1; # gnome
+    8.43.85.3 1; # gnome
+    8.43.85.4 1; # gnome
+    8.43.85.5 1; # gnome
 }
 
 map $missing_email$missing_referer$http_user_agent $blocked_user_agent {
@@ -127,9 +130,9 @@ server {
 
 server {
     # IPv4
-    listen       443 ssl deferred backlog=16384 reuseport http2 default_server;
+    listen       443 ssl http2 default_server;
     # IPv6
-    listen       [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
+    listen       [::]:443 ssl http2 default_server;
     server_name  localhost;
 
     ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
@@ -168,6 +171,10 @@ server {
         index search.html;
     }
 
+    location /qa-data/ {
+        add_header Access-Control-Allow-Origin "*" always;
+    }
+
     location @php {
         if ($blocked_user_agent ~ ^2$)
         { return 403; }
@@ -178,7 +185,7 @@ server {
         include <%= @confdir %>/nginx_blocked_generic.conf;
 
         limit_req zone=www burst=10;
-        limit_req zone=tarpit burst=2;
+        limit_req zone=tarpit burst=5;
         limit_req zone=reverse burst=5;
         limit_req_status 429;
         fastcgi_pass nominatim_service;