X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/7f9be6dad4ab03828bc242cc1d7d9b9a75ea4518..e613260d8e47f845ca4d2b48d71d92b42b4aac65:/cookbooks/nominatim/templates/default/nginx.erb

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index fd4ed93fa..d56d99c8a 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -12,6 +12,20 @@ map $uri $nominatim_path_info {
     ~^/([^/]+)(.*)$      $2;
 }
 
+map $args $format {
+    default                  default;
+    ~(^|&)format=html(&|$)   html;
+    ~(^|&)format=            other;
+}
+
+map $uri/$format $forward_to_ui {
+    default               1;
+    ~^/ui                 0;
+    ~/other$              0;
+    ~/reverse.*/default   0;
+    ~/lookup.*/default    0;
+}
+
 map $query_string $email_id {
     ~(^|&)email=([^&]+)  $2;
 }
@@ -100,9 +114,9 @@ server {
 
 server {
     # IPv4
-    listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       443 ssl deferred backlog=16384 reuseport http2 default_server;
     # IPv6
-    listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
     server_name  localhost;
 
     ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
@@ -133,17 +147,23 @@ server {
     }
 
     location / {
+        try_files $uri $uri/ @php;
+    }
+
+    location /ui/ {
+        alias <%= @ui_directory %>/dist/;
+        index search.html;
+    }
+
+    location @php {
         if ($blocked_user_agent ~ ^2$)
         { return 403; }
         if ($blocked_referrer)
         { return 403; }
         if ($blocked_email)
         { return 403; }
+        include <%= @confdir %>/nginx_blocked_generic.conf;
 
-        try_files $uri $uri/ @php;
-    }
-
-    location @php {
         limit_req zone=www burst=10;
         limit_req zone=tarpit burst=2;
         limit_req_status 429;
@@ -152,14 +172,29 @@ server {
         fastcgi_param QUERY_STRING    $args;
         fastcgi_param PATH_INFO       "$nominatim_path_info";
         fastcgi_param SCRIPT_FILENAME  "$document_root/$nominatim_script_name";
+        if ($forward_to_ui) {
+            rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
+        }
     }
 
     location ~* \.php$ {
+        if ($blocked_user_agent ~ ^2$)
+        { return 403; }
+        if ($blocked_referrer)
+        { return 403; }
+        if ($blocked_email)
+        { return 403; }
+        include <%= @confdir %>/nginx_blocked_generic.conf;
+
         limit_req zone=www burst=10;
         limit_req zone=tarpit burst=2;
         limit_req_status 429;
         fastcgi_pass    nominatim_service;
         include         fastcgi_params;
         fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+
+        if ($forward_to_ui) {
+            rewrite (.*).php https://$host/ui$1.html redirect;
+        }
     }
 }