nginx work

scripts/http_host/nginx_sync/nginx_sync.py

@@ -21,11 +21,11 @@ def cli():
     if not Path('/mnt/ofm').exists():
         sys.exit('mounter.py needs to be run first')
 
-    with open(Path(__file__).parent / 'nginx_template.conf') as fp:
+    with open(Path(__file__).parent / 'nginx_template_cf.conf') as fp:
         nginx_template = fp.read()
 
     location_block_str = ''
-    help_text = ''
+    curl_text = ''
 
     for subdir in Path('/mnt/ofm').iterdir():
         if not subdir.is_dir():
@@ -83,10 +83,11 @@ def cli():
 
         location_block_str += version_str
 
-        if not help_text:
-            help_text = (
+        if not curl_text:
+            curl_text = (
                 '\ntest with:\n'
-                f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf'
+                f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf\n'
+                f'curl -I https://tiles.openfreemap.com/{area}/{version}/14/8529/5975.pbf'
             )
 
     nginx_template = nginx_template.replace('___LOCATION_BLOCKS___', location_block_str)
@@ -98,7 +99,7 @@ def cli():
     subprocess.run(['nginx', '-t'], check=True)
     subprocess.run(['systemctl', 'reload', 'nginx'], check=True)
 
-    print(help_text)
+    print(curl_text)
 
 
 if __name__ == '__main__':

scripts/http_host/nginx_sync/nginx_template.conf

@@ -1,21 +0,0 @@
-server {
-    server_name ofm tiles.openfreemap.com;
-
-    # disabling access log by default
-    # access_log /data/ofm/http_host/logs_nginx/nginx-access.log access_json buffer=32k;
-    access_log off;
-
-    error_log /data/ofm/http_host/logs_nginx/nginx-error.log;
-
-    ___LOCATION_BLOCKS___
-
-    # we need to handle missing tiles as valid request returning empty string
-    location @empty {
-        default_type application/vnd.mapbox-vector-tile;
-        return 200 '';
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-        expires 10y;
-    }
-}

scripts/http_host/nginx_sync/nginx_template_cf.conf

@@ -0,0 +1,37 @@
+server {
+    server_name ofm tiles.openfreemap.com;
+
+    # ssl: https://ssl-config.mozilla.org / modern config
+    # to be used with the Cloudflare proxied endpoint
+
+    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /data/nginx/certs/openfreemap.com.pem;
+    ssl_certificate_key /data/nginx/certs/openfreemap.com.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    # access log normally not enabled
+    #access_log /data/ofm/http_host/logs_nginx/tiles-com-access.log access_json buffer=32k;
+    access_log off;
+
+    error_log /data/ofm/http_host/logs_nginx/tiles-com-error.log;
+
+    ___LOCATION_BLOCKS___
+
+    # we need to handle missing tiles as valid request returning empty string
+    location @empty {
+        default_type application/vnd.mapbox-vector-tile;
+        return 200 '';
+
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header Cache-Control public;
+        expires 10y;
+    }
+}