:FORWARDED_ALLOW_IPS => "*" # https://docs.gunicorn.org/en/latest/settings.html#forwarded-allow-ips
end
+directory "/var/cache/nginx-cache" do
+ owner "www-data"
+ group "www-data"
+ mode "755"
+end
+
ssl_certificate "tiler.openstreetmap.org" do
domains "tiler.openstreetmap.org"
notifies :reload, "service[nginx]"
server_name <%= @name %> <% @aliases.each do |alias_name| %> <%= alias_name %><%- end -%>;
rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
- return 301 https://$host$request_uri;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ location /za-25cm {
+ root "/store/imagery/za";
+ expires max;
+ }
}
+upstream tiler_backend {
+ server 127.0.0.1:8080;
+
+ keepalive 32;
+}
+
+proxy_cache_path /var/cache/nginx-cache levels=1:2 keys_zone=ngi-aerial:64m;
+
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
gzip_comp_level 9;
gzip_vary on;
+ location /za-25cm {
+ root "/store/imagery/za";
+ expires max;
+ }
+
location /api/v1/titiler {
rewrite ^/api/v1/titiler(.*)$ $1 break;
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-SSL on;
+ proxy_http_version 1.1;
+ proxy_redirect off;
+ }
+
+ location /ngi-aerial {
+ set $args "";
+ rewrite ^/ngi-aerial/(\d+)/(\d+)/(\d+)\.jpg /mosaicjson/tiles/WebMercatorQuad/$1/$2/$3@1x?url=http%3A%2F%2Ftiler.openstreetmap.org%2Fza-25cm%2Fmosaic-tiler.json&pixel_selection=first&tile_format=jpeg break;
+ proxy_pass http://tiler_backend;
+ proxy_set_header Host $host;
+ proxy_set_header Referer $http_referer;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Forwarded-SSL on;
+ proxy_http_version 1.1;
proxy_redirect off;
+ proxy_cache_key "$scheme$proxy_host$uri";
+ proxy_cache ngi-aerial;
+ proxy_cache_valid any 90d;
+ expires max;
}
}
projects / chef.git / commitdiff