add site for qa-tile.nominatim

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 7fa5a4488987cf4e80a1be162e724a56a036d8d8..90539f73f207da066f77a3601be1d2bd4e709434 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -522,9 +522,17 @@ if node[:nominatim][:enable_qa_tiles]
     variables :outputdir => "#{qa_data_directory}/new"
   end
 
-  link "#{build_directory}/website/qa-data" do
-    to "#{qa_data_directory}/current"
-    owner "nominatim"
-    group "nominatim"
+  ssl_certificate qa-tile.nominatim.openstreetmap.org do
+    domains ["qa-tile.nominatim.openstreetmap.org"]
+    notifies :reload, "service[nginx]"
+  end
+
+  nginx_site "qa-tiles.nominatim" do
+    template "nginx-qa-tiles.erb"
+    directory build_directory
+    variables :qa_data_directory => qa_data_directory
   end
+
+end
+
 end

diff --git a/cookbooks/nominatim/templates/default/nginx-qa-tiles.erb b/cookbooks/nominatim/templates/default/nginx-qa-tiles.erb
new file mode 100644 (file)
index 0000000..2703f4f
--- /dev/null
+++ b/cookbooks/nominatim/templates/default/nginx-qa-tiles.erb
@@ -0,0 +1,23 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    listen 443 ssl deferred backlog=16384 reuseport http2;
+    listen [::]:443 ssl deferred backlog=16384 reuseport http2;
+
+    ssl_certificate /etc/ssl/certs/qa-tile.nominatim.openstreetmap.org.pem;
+    ssl_certificate_key /etc/ssl/private/qa-tile.nominatim.openstreetmap.org.key;
+
+    server_name qa-tile.nominatim.openstreetmap.org;
+
+    root <%= qa_data_directory %>/current;
+
+    access_log <%= node[:nominatim][:logdir] %>/qa-tile.nominatim.openstreetmap.org-access.log combined;
+    error_log <%= node[:nominatim][:logdir] %>/qa-tile.nominatim.openstreetmap.org-error.log;
+
+    rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+
+    location / {
+        add_header Access-Control-Allow-Origin "*" always;
+    }
+}