From 0aa9396088502731f7062ecbf065cb7468a59344 Mon Sep 17 00:00:00 2001
From: Zsolt Ero <zsolt.ero@gmail.com>
Date: Thu, 4 Jan 2024 02:44:49 +0100
Subject: [PATCH] nginx work

---
 scripts/http_host/http_host_lib/nginx.py      | 15 ++++++------
 .../http_host_lib/set_tileset_versions.py     |  4 ++--
 .../http_host_lib/templates/nginx_cf.conf     | 24 +++++++++++++++++--
 ssh_lib/assets/nginx/nginx.conf               |  4 +++-
 4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/scripts/http_host/http_host_lib/nginx.py b/scripts/http_host/http_host_lib/nginx.py
index 311574c..c7b5c3a 100644
--- a/scripts/http_host/http_host_lib/nginx.py
+++ b/scripts/http_host/http_host_lib/nginx.py
@@ -66,25 +66,24 @@ def create_version_location(area: str, version: str, subdir: Path) -> str:
         check=True,
     )
 
-    # TODO # target 10y
     return f"""
-    location /{area}/{version} {{    # no trailing hash
-        alias {tilejson_path};       # no trailing hash
+    location = /{area}/{version} {{     # no trailing hash
+        alias {tilejson_path};          # no trailing hash
         default_type application/json;
 
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header Cache-Control public;
-        expires 1d;
+        expires 1d;  # TODO target 1w
     }}
 
-    location /{area}/{version}/ {{    # trailing hash
-        alias {subdir}/tiles/;        # trailing hash
+    location /{area}/{version}/ {{      # trailing hash
+        alias {subdir}/tiles/;          # trailing hash
         try_files $uri @empty;
 
         add_header Content-Encoding gzip;
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header Cache-Control public;
-        expires 1d;  # target 10y
+        expires 1d;  # TODO target 10y
     }}
     """
 
@@ -104,7 +103,7 @@ def create_latest_locations() -> str:
         assert tilejson_path.exists()
 
         location_str += f"""
-        location /{area} {{          # no trailing hash
+        location = /{area} {{          # no trailing hash
             alias {tilejson_path};       # no trailing hash
             default_type application/json;
 
diff --git a/scripts/http_host/http_host_lib/set_tileset_versions.py b/scripts/http_host/http_host_lib/set_tileset_versions.py
index cbaf886..a9167b4 100644
--- a/scripts/http_host/http_host_lib/set_tileset_versions.py
+++ b/scripts/http_host/http_host_lib/set_tileset_versions.py
@@ -23,7 +23,7 @@ def set_tileset_versions():
                 local_version_start = fp.read()
 
         if not remote_version:
-            print('  remote version not specified')
+            print('    remote version not specified')
             if local_version_start is not None:
                 local_version_file.unlink()
                 need_nginx_sync = True
@@ -31,7 +31,7 @@ def set_tileset_versions():
 
         mnt_file = Path(f'/mnt/ofm/{area}-{remote_version}/metadata.json')
         if not mnt_file.exists():
-            print('  local version does not exist')
+            print('    local version does not exist')
             if local_version_start is not None:
                 local_version_file.unlink()
                 need_nginx_sync = True
diff --git a/scripts/http_host/http_host_lib/templates/nginx_cf.conf b/scripts/http_host/http_host_lib/templates/nginx_cf.conf
index 7091388..1791f52 100644
--- a/scripts/http_host/http_host_lib/templates/nginx_cf.conf
+++ b/scripts/http_host/http_host_lib/templates/nginx_cf.conf
@@ -12,12 +12,12 @@ server {
     ssl_certificate /data/nginx/certs/openfreemap.org.cert;
     ssl_certificate_key /data/nginx/certs/openfreemap.org.key;
     ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;
     ssl_protocols TLSv1.3;
     ssl_prefer_server_ciphers off;
 
-    # access log normally not enabled
+    # access log disabled by default
     #access_log /data/ofm/http_host/logs_nginx/tiles-org-access.log access_json buffer=32k;
     access_log off;
 
@@ -25,6 +25,17 @@ server {
 
     ___LOCATION_BLOCKS___
 
+    location /fonts/ {
+        # trailing hash
+        alias /data/ofm/http_host/assets/fonts/; # trailing hash
+        try_files $uri =404;
+        default_type application/x-protobuf;
+
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header Cache-Control public;
+        expires 1d; # target 1w
+    }
+
     # we need to handle missing tiles as valid request returning empty string
     location @empty {
         default_type application/vnd.mapbox-vector-tile;
@@ -34,4 +45,13 @@ server {
         add_header Cache-Control public;
         expires 10y;
     }
+
+    location = / {
+        return 302 https://openfreemap.org;
+    }
+
+    # catch-all block to deny all other requests
+    location / {
+        deny all;
+    }
 }
diff --git a/ssh_lib/assets/nginx/nginx.conf b/ssh_lib/assets/nginx/nginx.conf
index 078a412..38a9c58 100644
--- a/ssh_lib/assets/nginx/nginx.conf
+++ b/ssh_lib/assets/nginx/nginx.conf
@@ -62,7 +62,9 @@ http {
     '"http_cf_ipcountry": "$http_cf_ipcountry"'
     '}';
 
-    access_log /data/nginx/logs/nginx-access.log access_json buffer=32k;
+    # access log disabled by default
+    #access_log /data/nginx/logs/nginx-access.log access_json buffer=32k;
+    access_log off;
 
     include /data/nginx/config/*;
     include /data/nginx/sites/*;