nginx rework

2026-05-21 14:02:15 +00:00 · 2024-02-24 01:59:13 +01:00
parent 637a81d6a5
commit b41ced91de
12 changed files with 158 additions and 182 deletions
--- a/scripts/http_host/host_manager.py
+++ b/scripts/http_host/host_manager.py
@@ -1,13 +1,12 @@
 #!/usr/bin/env python3
 import datetime
-import json
 import subprocess
 import sys
 from pathlib import Path

 import click
 import requests
-from http_host_lib import DEFAULT_ASSETS_DIR, DEFAULT_RUNS_DIR, MNT_DIR
+from http_host_lib import DEFAULT_ASSETS_DIR, DEFAULT_RUNS_DIR, HOST_CONFIG, MNT_DIR
 from http_host_lib.download_assets import (
    download_and_extract_asset_tar_gz,
    download_sprites,
@@ -184,7 +183,7 @@ def sync(ctx):
    download_done = False
    download_done += ctx.invoke(download_tileset, area='monaco')

-    if not host_config.get('skip_planet'):
+    if not HOST_CONFIG.get('skip_planet'):
        download_done += ctx.invoke(download_tileset, area='planet')

    if download_done:
@@ -199,11 +198,5 @@ def sync(ctx):


 if __name__ == '__main__':
-    try:
-        with open('/data/ofm/config/http_host.json') as fp:
-            host_config = json.load(fp)
-    except Exception:
-        host_config = {}
-
-    print(host_config)
+    print(HOST_CONFIG)
    cli()
--- a/scripts/http_host/http_host_lib/init.py
+++ b/scripts/http_host/http_host_lib/init.py
@@ -1,10 +1,17 @@
+import json
 from pathlib import Path


-TEMPLATES_DIR = Path(__file__).parent / 'templates'
+NGINX_DIR = Path(__file__).parent / 'nginx'

 DEFAULT_RUNS_DIR = Path('/data/ofm/http_host/runs')
 DEFAULT_ASSETS_DIR = Path('/data/ofm/http_host/assets')

 MNT_DIR = Path('/mnt/ofm')
 OFM_CONFIG_DIR = Path('/data/ofm/config')
+
+try:
+    with open('/data/ofm/config/http_host.json') as fp:
+        HOST_CONFIG = json.load(fp)
+except Exception:
+    HOST_CONFIG = {}
--- a/scripts/http_host/http_host_lib/nginx.py
+++ b/scripts/http_host/http_host_lib/nginx.py
@@ -2,13 +2,33 @@ import subprocess
 import sys
 from pathlib import Path

-from http_host_lib import DEFAULT_RUNS_DIR, MNT_DIR, OFM_CONFIG_DIR, TEMPLATES_DIR
+from http_host_lib import DEFAULT_RUNS_DIR, HOST_CONFIG, MNT_DIR, NGINX_DIR, OFM_CONFIG_DIR


 def write_nginx_config():
-    with open(TEMPLATES_DIR / 'nginx_cf.conf') as fp:
-        nginx_template = fp.read()
+    location_str, curl_text = create_location_blocks()
+    curl_text_mix = ''

+    if HOST_CONFIG['domain_cf']:
+        with open(NGINX_DIR / 'cf.conf') as fp:
+            cf_template = fp.read()
+
+        cf_template = cf_template.replace('__LOCATION_BLOCKS__', location_str)
+        cf_template = cf_template.replace('__DOMAIN__', HOST_CONFIG['domain_cf'])
+
+        curl_text_mix += curl_text.replace('__DOMAIN__', HOST_CONFIG['domain_cf'])
+
+        with open('/data/nginx/sites/cf.conf', 'w') as fp:
+            fp.write(cf_template)
+            print('  nginx config written')
+
+    subprocess.run(['nginx', '-t'], check=True)
+    subprocess.run(['systemctl', 'reload', 'nginx'], check=True)
+
+    print(curl_text_mix)
+
+
+def create_location_blocks():
    location_str = ''
    curl_text = ''

@@ -22,21 +42,15 @@ def write_nginx_config():
            curl_text = (
                '\ntest with:\n'
                f'curl -H "Host: ofm" -I http://localhost/{area}/{version}/14/8529/5975.pbf\n'
-                f'curl -I https://tiles.openfreemap.org/{area}/{version}/14/8529/5975.pbf'
+                f'curl -I https://__DOMAIN__/{area}/{version}/14/8529/5975.pbf'
            )

    location_str += create_latest_locations()

-    nginx_template = nginx_template.replace('___LOCATION_BLOCKS___', location_str)
+    with open(NGINX_DIR / 'location_static.conf') as fp:
+        location_str += '\n' + fp.read()

-    with open('/data/nginx/sites/ofm-tiles-org.conf', 'w') as fp:
-        fp.write(nginx_template)
-        print('  nginx config written')
-
-    subprocess.run(['nginx', '-t'], check=True)
-    subprocess.run(['systemctl', 'reload', 'nginx'], check=True)
-
-    print(curl_text)
+    return location_str, curl_text


 def create_version_location(area: str, version: str, subdir: Path) -> str:
--- a/scripts/http_host/http_host_lib/nginx/cf.conf
+++ b/scripts/http_host/http_host_lib/nginx/cf.conf
@@ -0,0 +1,27 @@
+server {
+    server_name ofm __DOMAIN__;
+
+    # ssl: https://ssl-config.mozilla.org / modern config
+    # to be used with the Cloudflare proxied endpoint
+
+    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /data/nginx/certs/cf.cert;
+    ssl_certificate_key /data/nginx/certs/cf.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    # access log disabled by default
+    #access_log /data/ofm/http_host/logs_nginx/cf-access.log access_json buffer=32k;
+    access_log off;
+
+    error_log /data/ofm/http_host/logs_nginx/cf-error.log;
+
+    __LOCATION_BLOCKS__
+}
--- a/scripts/http_host/http_host_lib/nginx/location_static.conf
+++ b/scripts/http_host/http_host_lib/nginx/location_static.conf
@@ -0,0 +1,71 @@
+location /fonts/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/fonts/ofm/; # trailing slash
+    try_files $uri =404;
+
+    expires 1w;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /styles/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/styles/ofm/; # trailing slash
+    try_files $uri.json =404;
+
+    expires 1d;
+    default_type application/json;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /natural_earth/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/natural_earth/ofm/; # trailing slash
+    try_files $uri =404;
+
+    expires 10y;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /sprites/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/sprites/; # trailing slash
+    try_files $uri =404;
+
+    expires 10y;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+
+# we need to handle missing tiles as valid request returning empty string
+location @empty_tile {
+    return 200 '';
+
+    expires 10y;
+    default_type application/vnd.mapbox-vector-tile;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location = / {
+    return 302 https://openfreemap.org;
+}
+
+# catch-all block to deny all other requests
+location / {
+    deny all;
+
+    error_log /data/ofm/http_host/logs_nginx/tiles-org-error.log error;
+}
--- a/scripts/http_host/http_host_lib/templates/nginx_cf.conf
+++ b/scripts/http_host/http_host_lib/templates/nginx_cf.conf
@@ -1,100 +0,0 @@
-server {
-    server_name ofm tiles.openfreemap.org;
-
-    # ssl: https://ssl-config.mozilla.org / modern config
-    # to be used with the Cloudflare proxied endpoint
-
-    listen 80;
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    http2 on;
-
-    ssl_certificate /data/nginx/certs/cf.cert;
-    ssl_certificate_key /data/nginx/certs/cf.key;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
-    ssl_session_tickets off;
-    ssl_protocols TLSv1.3;
-    ssl_prefer_server_ciphers off;
-
-    # access log disabled by default
-    #access_log /data/ofm/http_host/logs_nginx/tiles-org-access.log access_json buffer=32k;
-    access_log off;
-
-    error_log /data/ofm/http_host/logs_nginx/tiles-org-error.log;
-
-    ___LOCATION_BLOCKS___
-
-    location /fonts/ {
-        # trailing slash
-
-        alias /data/ofm/http_host/assets/fonts/ofm/; # trailing slash
-        try_files $uri =404;
-
-        expires 1w;
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-    }
-
-    location /styles/ {
-        # trailing slash
-
-        alias /data/ofm/http_host/assets/styles/ofm/; # trailing slash
-        try_files $uri.json =404;
-
-        expires 1d;
-        default_type application/json;
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-    }
-
-    location /natural_earth/ {
-        # trailing slash
-
-        alias /data/ofm/http_host/assets/natural_earth/ofm/; # trailing slash
-        try_files $uri =404;
-
-        expires 10y;
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-    }
-
-    location /sprites/ {
-        # trailing slash
-
-        alias /data/ofm/http_host/assets/sprites/; # trailing slash
-        try_files $uri =404;
-
-        expires 10y;
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-    }
-
-
-
-    # we need to handle missing tiles as valid request returning empty string
-    location @empty_tile {
-        return 200 '';
-
-        expires 10y;
-        default_type application/vnd.mapbox-vector-tile;
-
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Cache-Control public;
-    }
-
-    location = / {
-        return 302 https://openfreemap.org;
-    }
-
-    # catch-all block to deny all other requests
-    location / {
-        deny all;
-
-        error_log /data/ofm/http_host/logs_nginx/tiles-org-error.log error;
-    }
-}