sysadmin/openfreemap
1
0
Fork 0
mirror of https://github.com/hyperknot/openfreemap.git synced 2026-05-21 14:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx work

Browse Source
This commit is contained in:
Zsolt Ero
2023-12-31 02:25:48 +01:00
parent 82bac4197d
commit ae91fe58dc
6 changed files with 82 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
init-server.py
View File

@@ -89,13 +89,21 @@ def prepare_tile_gen(c):
def prepare_http_host(c): def prepare_http_host(c):
c.sudo('rm -rf /data/ofm/http_host/logs_nginx')
c.sudo('mkdir -p /data/ofm/http_host/logs_nginx')
c.sudo('chown nginx:nginx /data/ofm/http_host/logs_nginx')
nginx(c) nginx(c)
certbot(c) certbot(c)
c1000k(c) c1000k(c)
prepare_venv(c) prepare_venv(c)
c.sudo('mkdir -p /data/ofm/http_host/logs_nginx') upload_https_host_files(c)
upload_certificates(c)
def upload_https_host_files(c):
c.sudo(f'mkdir -p {HTTP_HOST_BIN}') c.sudo(f'mkdir -p {HTTP_HOST_BIN}')
for file in [ for file in [
@@ -110,32 +118,10 @@ def prepare_http_host(c):
permissions='755', permissions='755',
) )
for file in ['nginx_template.conf', 'nginx_sync.py']:
put(
c,
SCRIPTS_DIR / 'http_host' / 'nginx_sync' / file,
f'{HTTP_HOST_BIN}/nginx_sync/{file}',
create_parent_dir=True,
)
c.sudo('chown -R ofm:ofm /data/ofm/http_host')
c.sudo('chown -R nginx:nginx /data/ofm/http_host/logs_nginx')
def debug_tmp(c):
for file in [ for file in [
'downloader.py', 'nginx_sync.py',
'mounter.py', 'nginx_template_cf.conf',
'metadata_to_tilejson.py',
]: ]:
put(
c,
SCRIPTS_DIR / 'http_host' / file,
HTTP_HOST_BIN,
permissions='755',
)
for file in ['nginx_template.conf', 'nginx_sync.py']:
put( put(
c, c,
SCRIPTS_DIR / 'http_host' / 'nginx_sync' / file, SCRIPTS_DIR / 'http_host' / 'nginx_sync' / file,
@@ -144,7 +130,24 @@ def debug_tmp(c):
) )
c.sudo('chown -R ofm:ofm /data/ofm/http_host') c.sudo('chown -R ofm:ofm /data/ofm/http_host')
c.sudo('chown -R nginx:nginx /data/ofm/http_host/logs_nginx')
def upload_certificates(c):
for file in (CONFIG_DIR / 'certs').iterdir():
if file.name == '.gitignore':
continue
put(
c,
file,
f'/data/nginx/certs/{file.name}',
create_parent_dir=True,
permissions='400',
)
c.sudo('chown -R nginx:nginx /data/nginx')
def debug_tmp(c):
upload_https_host_files(c)
@click.command() @click.command()

13
scripts/http_host/nginx_sync/nginx_sync.py
View File

@@ -21,11 +21,11 @@ def cli():
if not Path('/mnt/ofm').exists(): if not Path('/mnt/ofm').exists():
sys.exit('mounter.py needs to be run first') sys.exit('mounter.py needs to be run first')
with open(Path(__file__).parent / 'nginx_template.conf') as fp: with open(Path(__file__).parent / 'nginx_template_cf.conf') as fp:
nginx_template = fp.read() nginx_template = fp.read()
location_block_str = '' location_block_str = ''
help_text = '' curl_text = ''
for subdir in Path('/mnt/ofm').iterdir(): for subdir in Path('/mnt/ofm').iterdir():
if not subdir.is_dir(): if not subdir.is_dir():
@@ -83,10 +83,11 @@ def cli():
location_block_str += version_str location_block_str += version_str
if not help_text: if not curl_text:
help_text = ( curl_text = (
'\ntest with:\n' '\ntest with:\n'
f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf' f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf\n'
f'curl -I https://tiles.openfreemap.com/{area}/{version}/14/8529/5975.pbf'
) )
nginx_template = nginx_template.replace('___LOCATION_BLOCKS___', location_block_str) nginx_template = nginx_template.replace('___LOCATION_BLOCKS___', location_block_str)
@@ -98,7 +99,7 @@ def cli():
subprocess.run(['nginx', '-t'], check=True) subprocess.run(['nginx', '-t'], check=True)
subprocess.run(['systemctl', 'reload', 'nginx'], check=True) subprocess.run(['systemctl', 'reload', 'nginx'], check=True)
print(help_text) print(curl_text)
if __name__ == '__main__': if __name__ == '__main__':

21
scripts/http_host/nginx_sync/nginx_template.conf
View File

@@ -1,21 +0,0 @@
server {
server_name ofm tiles.openfreemap.com;
# disabling access log by default
# access_log /data/ofm/http_host/logs_nginx/nginx-access.log access_json buffer=32k;
access_log off;
error_log /data/ofm/http_host/logs_nginx/nginx-error.log;
___LOCATION_BLOCKS___
# we need to handle missing tiles as valid request returning empty string
location @empty {
default_type application/vnd.mapbox-vector-tile;
return 200 '';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header Cache-Control public;
expires 10y;
}
}

37
scripts/http_host/nginx_sync/nginx_template_cf.conf Normal file
View File

@@ -0,0 +1,37 @@
server {
server_name ofm tiles.openfreemap.com;
# ssl: https://ssl-config.mozilla.org / modern config
# to be used with the Cloudflare proxied endpoint
listen 80;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_certificate /data/nginx/certs/openfreemap.com.pem;
ssl_certificate_key /data/nginx/certs/openfreemap.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# access log normally not enabled
#access_log /data/ofm/http_host/logs_nginx/tiles-com-access.log access_json buffer=32k;
access_log off;
error_log /data/ofm/http_host/logs_nginx/tiles-com-error.log;
___LOCATION_BLOCKS___
# we need to handle missing tiles as valid request returning empty string
location @empty {
default_type application/vnd.mapbox-vector-tile;
return 200 '';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header Cache-Control public;
expires 10y;
}
}

18
ssh_lib/assets/nginx/nginx.conf
View File

@@ -44,24 +44,22 @@ http {
log_format access_json '{' log_format access_json '{'
'"time": "$time_iso8601", ' '"time": "$time_iso8601", '
'"msec": "$msec", '
'"status": $status, ' '"status": $status, '
'"request": "$request", '
'"request_method": "$request_method", ' '"request_method": "$request_method", '
'"uri": "$uri", '
'"request": "$request", '
'"request_time": $request_time, ' '"request_time": $request_time, '
'"body_bytes_sent": $body_bytes_sent, ' '"body_bytes_sent": $body_bytes_sent, '
'"remote_addr": "$remote_addr", ' '"remote_addr": "$remote_addr", '
'"remote_user": "$remote_user", '
'"http_referrer": "$http_referer", '
'"http_x_forwarded_for": "$http_x_forwarded_for", ' '"http_x_forwarded_for": "$http_x_forwarded_for", '
'"http_user_agent": "$http_user_agent", '
'"host": "$host", '
'"uri": "$uri", '
'"http_cf_connecting_ip": "$http_cf_connecting_ip", ' '"http_cf_connecting_ip": "$http_cf_connecting_ip", '
'"http_cf_ray": "$http_cf_ray", ' '"http_referrer": "$http_referer", '
'"http_cf_ipcountry": "$http_cf_ipcountry", ' '"http_user_agent": "$http_user_agent", '
'"scheme": "$scheme", ' '"scheme": "$scheme", '
'"http_host": "$http_host"' '"host": "$host", '
'"http_host": "$http_host", '
'"http_cf_ray": "$http_cf_ray", '
'"http_cf_ipcountry": "$http_cf_ipcountry"'
'}'; '}';
access_log /data/nginx/logs/nginx-access.log access_json buffer=32k; access_log /data/nginx/logs/nginx-access.log access_json buffer=32k;

1
ssh_lib/nginx.py
View File

@@ -49,6 +49,7 @@ def nginx(c):
put(c, f'{ASSETS_DIR}/nginx/default_disable.conf', '/data/nginx/sites') put(c, f'{ASSETS_DIR}/nginx/default_disable.conf', '/data/nginx/sites')
put(c, f'{ASSETS_DIR}/nginx/cloudflare.conf', '/data/nginx/config') put(c, f'{ASSETS_DIR}/nginx/cloudflare.conf', '/data/nginx/config')
c.sudo('nginx -t')
c.sudo('service nginx restart') c.sudo('service nginx restart')