nginx work

scripts/http_host/http_host_lib/nginx.py

@@ -66,25 +66,24 @@ def create_version_location(area: str, version: str, subdir: Path) -> str:
         check=True,
     )
 
-    # TODO # target 10y
     return f"""
-    location /{area}/{version} {{    # no trailing hash
-        alias {tilejson_path};       # no trailing hash
+    location = /{area}/{version} {{     # no trailing hash
+        alias {tilejson_path};          # no trailing hash
         default_type application/json;
 
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header Cache-Control public;
-        expires 1d;
+        expires 1d;  # TODO target 1w
     }}
 
-    location /{area}/{version}/ {{    # trailing hash
-        alias {subdir}/tiles/;        # trailing hash
+    location /{area}/{version}/ {{      # trailing hash
+        alias {subdir}/tiles/;          # trailing hash
         try_files $uri @empty;
 
         add_header Content-Encoding gzip;
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header Cache-Control public;
-        expires 1d;  # target 10y
+        expires 1d;  # TODO target 10y
     }}
     """
 
@@ -104,7 +103,7 @@ def create_latest_locations() -> str:
         assert tilejson_path.exists()
 
         location_str += f"""
-        location /{area} {{          # no trailing hash
+        location = /{area} {{          # no trailing hash
             alias {tilejson_path};       # no trailing hash
             default_type application/json;
 

scripts/http_host/http_host_lib/set_tileset_versions.py

@@ -23,7 +23,7 @@ def set_tileset_versions():
                 local_version_start = fp.read()
 
         if not remote_version:
-            print('  remote version not specified')
+            print('    remote version not specified')
             if local_version_start is not None:
                 local_version_file.unlink()
                 need_nginx_sync = True
@@ -31,7 +31,7 @@ def set_tileset_versions():
 
         mnt_file = Path(f'/mnt/ofm/{area}-{remote_version}/metadata.json')
         if not mnt_file.exists():
-            print('  local version does not exist')
+            print('    local version does not exist')
             if local_version_start is not None:
                 local_version_file.unlink()
                 need_nginx_sync = True

scripts/http_host/http_host_lib/templates/nginx_cf.conf

@@ -12,12 +12,12 @@ server {
     ssl_certificate /data/nginx/certs/openfreemap.org.cert;
     ssl_certificate_key /data/nginx/certs/openfreemap.org.key;
     ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;
     ssl_protocols TLSv1.3;
     ssl_prefer_server_ciphers off;
 
-    # access log normally not enabled
+    # access log disabled by default
     #access_log /data/ofm/http_host/logs_nginx/tiles-org-access.log access_json buffer=32k;
     access_log off;
 
@@ -25,6 +25,17 @@ server {
 
     ___LOCATION_BLOCKS___
 
+    location /fonts/ {
+        # trailing hash
+        alias /data/ofm/http_host/assets/fonts/; # trailing hash
+        try_files $uri =404;
+        default_type application/x-protobuf;
+
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header Cache-Control public;
+        expires 1d; # target 1w
+    }
+
     # we need to handle missing tiles as valid request returning empty string
     location @empty {
         default_type application/vnd.mapbox-vector-tile;
@@ -34,4 +45,13 @@ server {
         add_header Cache-Control public;
         expires 10y;
     }
+
+    location = / {
+        return 302 https://openfreemap.org;
+    }
+
+    # catch-all block to deny all other requests
+    location / {
+        deny all;
+    }
 }