nginx sync

2026-05-22 06:22:16 +00:00 · 2024-01-03 16:51:50 +01:00
parent 395447bbbd
commit 67587076fd
6 changed files with 35 additions and 39 deletions
--- a/scripts/http_host/http_host_lib/init.py
+++ b/scripts/http_host/http_host_lib/init.py
@@ -1,6 +1,8 @@
 from pathlib import Path


+TEMPLATES_DIR = Path(__file__).parent / 'templates'
+
 DEFAULT_RUNS_DIR = Path('/data/ofm/http_host/runs')
 DEFAULT_ASSETS_DIR = Path('/data/ofm/http_host/assets')

--- a/scripts/http_host/http_host_lib/deploy_tileset.py
+++ b/scripts/http_host/http_host_lib/deploy_tileset.py
@@ -7,7 +7,7 @@ def deploy_tileset():
    need_nginx_sync = False

    for area in ['planet', 'monaco']:
-        r = requests.get(f'https://assets.openfreemap.com/versions/deployed_tiles_{area}.txt')
+        r = requests.get(f'https://assets.openfreemap.com/versions/deployed_{area}.txt')
        r.raise_for_status()
        remote_version = r.text.strip()
        print(f'  remote version for {area}: {remote_version}')
--- a/scripts/http_host/http_host_lib/nginx.py
+++ b/scripts/http_host/http_host_lib/nginx.py
@@ -0,0 +1,87 @@
+import subprocess
+import sys
+from pathlib import Path
+
+from http_host_lib import DEFAULT_RUNS_DIR, MNT_DIR, TEMPLATES_DIR
+
+
+def write_nginx_config():
+    with open(TEMPLATES_DIR / 'nginx_cf.conf') as fp:
+        nginx_template = fp.read()
+
+    location_block_str = ''
+    curl_text = ''
+
+    for subdir in MNT_DIR.iterdir():
+        if not subdir.is_dir():
+            continue
+
+        area, version = subdir.name.split('-')
+
+        run_dir = DEFAULT_RUNS_DIR / area / version
+        if not run_dir.is_dir():
+            print(f"{run_dir} doesn't exists, skipping")
+            continue
+
+        tilejson_path = run_dir / 'tilejson-tiles-org.json'
+
+        metadata_path = subdir / 'metadata.json'
+        if not metadata_path.is_file():
+            print(f"{metadata_path} doesn't exists, skipping")
+            continue
+
+        url_prefix = f'https://tiles.openfreemap.org/{area}/{version}'
+
+        subprocess.run(
+            [
+                sys.executable,
+                Path(__file__).parent.parent / 'metadata_to_tilejson.py',
+                '--minify',
+                metadata_path,
+                tilejson_path,
+                url_prefix,
+            ],
+            check=True,
+        )
+
+        # TODO raise the expires times once things are stable
+        version_str = f"""
+            location /{area}/{version} {{    # no trailing hash
+                alias {tilejson_path};       # no trailing hash
+                default_type application/json;
+
+                add_header 'Access-Control-Allow-Origin' '*' always;
+                add_header Cache-Control public;
+                expires 1d;
+            }}
+
+            location /{area}/{version}/ {{    # trailing hash
+                alias {subdir}/tiles/;        # trailing hash
+                try_files $uri @empty;
+
+                add_header Content-Encoding gzip;
+                add_header 'Access-Control-Allow-Origin' '*' always;
+                add_header Cache-Control public;
+                expires 1d;  # target 10y
+            }}
+            """
+
+        location_block_str += version_str
+
+        if not curl_text:
+            curl_text = (
+                '\ntest with:\n'
+                f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf\n'
+                f'curl -I https://tiles.openfreemap.org/{area}/{version}/14/8529/5975.pbf'
+            )
+
+    nginx_template = nginx_template.replace('___LOCATION_BLOCKS___', location_block_str)
+
+    with open('/data/nginx/sites/ofm-tiles-org.conf', 'w') as fp:
+        fp.write(nginx_template)
+        print('  nginx config written')
+
+    subprocess.run(['nginx', '-t'], check=True)
+    subprocess.run(['systemctl', 'reload', 'nginx'], check=True)
+
+    print(curl_text)
--- a/scripts/http_host/http_host_lib/templates/nginx_cf.conf
+++ b/scripts/http_host/http_host_lib/templates/nginx_cf.conf
@@ -0,0 +1,37 @@
+server {
+    server_name ofm tiles.openfreemap.org;
+
+    # ssl: https://ssl-config.mozilla.org / modern config
+    # to be used with the Cloudflare proxied endpoint
+
+    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /data/nginx/certs/openfreemap.org.cert;
+    ssl_certificate_key /data/nginx/certs/openfreemap.org.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    # access log normally not enabled
+    #access_log /data/ofm/http_host/logs_nginx/tiles-org-access.log access_json buffer=32k;
+    access_log off;
+
+    error_log /data/ofm/http_host/logs_nginx/tiles-org-error.log;
+
+    ___LOCATION_BLOCKS___
+
+    # we need to handle missing tiles as valid request returning empty string
+    location @empty {
+        default_type application/vnd.mapbox-vector-tile;
+        return 200 '';
+
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header Cache-Control public;
+        expires 10y;
+    }
+}