X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dd663122d8f66274478858e32cedac3d39a70d7e..18c7c4f5d7995a56bf76bf81b86ff607bd27ef21:/config/nginx.conf diff --git a/config/nginx.conf b/config/nginx.conf index 3de9275fc..ae349b746 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -1,8 +1,14 @@ +# Run as www-data user www-data www-data; + +# Use two worker processes worker_processes 2; -error_log /var/log/nginx/error.log; -pid /var/run/nginx.pid; +# Define PID files +pid /var/run/nginx.pid; + +# Define error log +error_log /var/log/nginx/error.log; events { # max clients = worker_processes * worker_connections @@ -10,26 +16,27 @@ events { } http { - include /etc/nginx/mime.types; + # Configure MIME types + include /etc/nginx/mime.types; default_type application/octet-stream; - #access_log /var/log/nginx/access.log; - - sendfile on; - #tcp_nopush on; + # Configure network details + sendfile on; + keepalive_timeout 65; + tcp_nodelay on; - #keepalive_timeout 0; - keepalive_timeout 65; - tcp_nodelay on; + # Define access log + access_log /var/log/nginx/access.log; - gzip on; + # Configure compression (text/html is compressed by default) + gzip on; gzip_min_length 1100; gzip_buffers 4 8k; - # text/html is added gzip_types by default gzip_types text/plain application/x-javascript application/x-shockwave-flash text/css; #NO CGI SUPPORT IN NGINX fix stat .pl later + # Define fastcgi backend for web pages upstream web_backend { server 127.0.0.1:8000; server 127.0.0.1:8001; @@ -57,12 +64,17 @@ http { server 127.0.0.1:8023; server 127.0.0.1:8024; server 127.0.0.1:8025; + } + + # Define fastcgi backend for geocoder searches + upstream geocoder_backend { server 127.0.0.1:8026; server 127.0.0.1:8027; server 127.0.0.1:8028; server 127.0.0.1:8029; } + # Define fastcgi backend for api requests upstream api_backend { server 127.0.0.1:8030; server 127.0.0.1:8031; @@ -81,6 +93,7 @@ http { server 127.0.0.1:8044; } + # Define fastcgi backend for bulk api requests upstream bulkapi_backend { server 10.0.0.10:8000; server 10.0.0.11:8000; @@ -94,46 +107,84 @@ http { server 10.0.0.10:8003; server 10.0.0.11:8003; server 10.0.0.12:8003; - } - - upstream tah_backend { server 10.0.0.10:8004; server 10.0.0.11:8004; server 10.0.0.12:8004; + } + + # Define fastcgi backend for tiles@home requests + upstream tah_backend { server 10.0.0.10:8005; server 10.0.0.11:8005; server 10.0.0.12:8005; } -server { - listen 80; - server_name .openstreetmap.org api.openstreetmap.org; + server { + # Listen on port 80 + listen 80; + + # Serve rails public files root /home/rails/public; + + # Use index.html as the index page index index.html; - access_log /var/log/nginx/openstreetmap.org.access.log; - - include /etc/nginx/fastcgi_params; - #Redirect Historical Links to correct servers + # Redirect trac requests for historical reasons location /trac/ { rewrite ^/trac/(.*)$ http://trac.openstreetmap.org/$1 permanent; } + # Redirect wiki requests for historical reasons location /wiki/ { rewrite ^/wiki/(.*)$ http://wiki.openstreetmap.org/$1 permanent; } - location / { - allow all; + # Placeholder for blocking abuse + include /etc/nginx/blocked_hosts; + allow all; + + # Block some bulk download agents + if ($http_user_agent ~* LWP::Simple|downloadosm|BBBike) { + return 403; } - - #Handle api.openstreetmap/ -> api.openstreetmap/api/ - if ($host ~* api\.(.*)) { + + # Block some robots + if ($http_user_agent ~* msnbot|twiceler) { + return 403; + } + + # Map api.openstreetmap/0.n/... to api.openstreetmap/api/0.n/... + if ($host ~* ^api\.) { rewrite ^/(0\.[0-9]+)/(.*)$ /api/$1/$2; + rewrite ^/capabilities$ /api/capabilities; } - + + # Strip asset tags + location ~ ^/(images|javascripts|openlayers|stylesheets|user/image)/ { + # Strip asset tags + rewrite ^/(.*)/[0-9]+$ /$1; + + # Set expiry to the maximum - the asset tag will change + # when there is a new version + expires max; + + # Only cache OpenLayers for seven days though + if ($uri ~ ^/openlayers/) { + expires 7d; + } + } + + # Cache the embedded map page for seven days + location ~ ^/export/embed.html$ { + expires 7d; + } + + # Include fastcgi configuration + include /etc/nginx/fastcgi_params; + fastcgi_param REQUEST_URI $uri; + + # Handle tiles@home requests location /api/ { - include /etc/nginx/fastcgi_params; if ($http_user_agent ~ "^tilesAtHome") { #deny all; fastcgi_pass tah_backend; @@ -141,57 +192,75 @@ server { } } + # Handle bulk api requests location ~ ^/api/0\.6/(map|relation|trackpoints|amf|amf/read|swf/trackpoints|trace/[0-9]+/data)$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } + # Send search requests to the bulk api backend location ~ ^/api/0\.6/.*/search$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } + # Send requests for full objects to the bulk api backend location ~ ^/api/0\.6/.*/full$ { + fastcgi_read_timeout 300; fastcgi_pass bulkapi_backend; break; } - # fastcgi Web / Data Browser / Relations etc + # Handle the remaining api requests location ~ ^/api/0\.6/ { fastcgi_pass api_backend; break; } - #Deny unknown API version + # Deny old and unknown API versions location ~ ^/api/0\.[0-9]+/ { - deny all; + return 404; } - #Handle Special Case Expiry - location ~ ^/(export|openlayers)/ { - expires 7d; + # Send unversioned capabilities requests to the api backend + location = /api/capabilities { + fastcgi_pass api_backend; + break; } - location ~ ^/(images|javascripts|stylesheets)/ { - expires max; + + # Send geocoder searches to the geocoder backend + location /geocoder/ { + fastcgi_pass geocoder_backend; + break; } - + + # Send everything else to the web backend unless it exists + # in the rails public tree location / { fastcgi_index index.html; + if (!-f $request_filename) { fastcgi_pass web_backend; break; } } - location /crossdomain.xml { - default_type text/x-cross-domain-policy; + # Set the MIME type for crossdomain.xml policy files + # or flash will ignore it + location ~ /crossdomain\.xml$ { + types { + text/x-cross-domain-policy xml; + } } - #error_page 404 /404.html; - # redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/www/nginx-default; + # Give munin access to some statistics + location /server-status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; } } }