Permalink
Browse files

tilecache: Add first pass nginx QoS

  • Loading branch information...
Firefishy committed Dec 30, 2016
1 parent c373f95 commit faf7f77d947a16e3ef2afa84c1f89b54f5035b3e
Showing with 53 additions and 8 deletions.
  1. +53 −8 cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -12,6 +12,38 @@ upstream tile_cache_backend {
keepalive 32;
}
# Rates table based on cookie value
map $cookie_qos_token $limit_rate_qos {
default 8192; # Default Rate
"test" 32768; # FIXME - Future TOTP Token
}
map $cookie_qos_token $cookie_qos_token_set {
# Cookie Domain per RFC 6265
default 'qos_token=test; Secure; httponly; Max-Age=3600; Domain=tile.openstreetmap.org; Path=/'; # FIXME - Future TOTP Token
"test" ''; # Do not Set-Cookie if current is valid
}
map $http_user_agent $approved_scraper {
default ''; # Not approved
'~^JOSM\/' 'JOSM';
'~^Mozilla\/5\.0\ QGIS\/' 'QGIS';
}
# Limit Cache-Control header to only approved User-Agents
map $http_user_agent $limit_http_cache_control {
default ''; # Unset Header
'~^Mozilla\/5\.0\ QGIS\/' ''; # Unset Header
'~^Mozilla\/5\.0\ ' $http_cache_control; # Pass Header
}
# Limit Pragma header to only approved User-Agents
map $http_user_agent $limit_http_pragma {
default ''; # Unset Header
'~^Mozilla\/5\.0\ QGIS\/' ''; # Unset Header
'~^Mozilla\/5\.0\ ' $http_pragma; # Pass Header
}
server {
listen 443 ssl fastopen=2048 http2 default_server;
server_name localhost;
@@ -29,25 +61,38 @@ server {
ssl_stapling on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver <%= @resolvers.join(" ") %>;
resolver_timeout 5s;
location / {
proxy_pass http://tile_cache_backend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Connection '';
proxy_connect_timeout 5s;
# Do not pass cookies to backend.
proxy_set_header Cookie "";
# Do not pass Accept-Encoding to backend.
proxy_set_header Accept-Encoding "";
# Do not pass cookies to backends.
proxy_set_header Cookie '';
# Do not pass Accept-Encoding to backends.
proxy_set_header Accept-Encoding '';
# Do not allow setting cookies from cached pages.
# Do not allow setting cookies from backends due to caching.
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
# Slow traffic slightly
limit_rate 24576;
# Set a QoS cookie if none presented (uses nginx Map)
add_header Set-Cookie $cookie_qos_token_set;
# QoS Traffic Rate see $limit_rate on http://nginx.org/en/docs/http/ngx_http_core_module.html
set $limit_rate $limit_rate_qos;
# Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
if ($approved_scraper) {
set $limit_rate 16384;
}
# Allow cache purging headers only from select User-Agents (uses nginx Map)
proxy_set_header Cache-Control $limit_http_cache_control;
proxy_set_header Pragma $limit_http_pragma;
}
}

0 comments on commit faf7f77

Please sign in to comment.