user nginx; pid /var/run/nginx.pid; worker_processes auto; worker_rlimit_nofile 300000; # needs to be < ulimit -n error_log /data/nginx/logs/nginx-error.log warn; events { worker_connections 40000; multi_accept off; # very important, otherwise one worker might get all the connections } http { # aggressive caching for read-only sources open_file_cache max=1000000 inactive=60m; open_file_cache_valid 60m; open_file_cache_min_uses 1; open_file_cache_errors on; server_tokens off; include /etc/nginx/mime.types; types { application/x-protobuf pbf; } default_type application/octet-stream; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; reset_timedout_connection on; send_timeout 20; max_ranges 0; gzip on; gzip_comp_level 1; gzip_types application/json application/x-protobuf; log_format access_json '{' # general '"time": "$time_iso8601", ' '"status": $status, ' #'"request_method": "$request_method", ' #'"uri": "$uri", ' #'"request": "$request", ' #'"request_time": $request_time, ' '"body_bytes_sent": $body_bytes_sent, ' '"http_referrer": "$http_referer", ' '"http_user_agent": "$http_user_agent", ' #'"scheme": "$scheme", ' #'"host": "$host", ' #'"http_host": "$http_host", ' # IP address related # IP address logging is disabled #'"remote_addr": "$remote_addr", ' #'"http_x_forwarded_for": "$http_x_forwarded_for", ' # CF related #'"http_cf_ray": "$http_cf_ray", ' #'"http_cf_ipcountry": "$http_cf_ipcountry", ' #'"http_cf_connecting_ip": "$http_cf_connecting_ip", ' '"_": "_"' # helper for no trailing comma '}'; access_log off; #access_log /data/nginx/logs/nginx-access.log access_json buffer=128k; include /data/nginx/config/*; include /data/nginx/sites/*; } # configuration file /etc/nginx/mime.types: types { # Data interchange application/atom+xml atom; application/json json map topojson; application/ld+json jsonld; application/rss+xml rss; # Normalize to standard type. # https://tools.ietf.org/html/rfc7946#section-12 application/geo+json geojson; application/xml xml; # Normalize to standard type. # https://tools.ietf.org/html/rfc3870#section-2 application/rdf+xml rdf; # JavaScript # Servers should use text/javascript for JavaScript resources. # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages text/javascript js mjs; application/wasm wasm; # Manifest files application/manifest+json webmanifest; application/x-web-app-manifest+json webapp; text/cache-manifest appcache; # Media files audio/midi mid midi kar; audio/mp4 aac f4a f4b m4a; audio/mpeg mp3; audio/ogg oga ogg opus; audio/x-realaudio ra; audio/x-wav wav; image/apng apng; image/avif avif avifs; image/bmp bmp; image/gif gif; image/jpeg jpeg jpg; image/jxl jxl; image/jxr jxr hdp wdp; image/png png; image/svg+xml svg svgz; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/webp webp; image/x-jng jng; video/3gpp 3gp 3gpp; video/mp4 f4p f4v m4v mp4; video/mpeg mpeg mpg; video/ogg ogv; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-mng mng; video/x-ms-asf asf asx; video/x-msvideo avi; # Serving `.ico` image files with a different media type # prevents Internet Explorer from displaying then as images: # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee image/x-icon cur ico; # Microsoft Office application/msword doc; application/vnd.ms-excel xls; application/vnd.ms-powerpoint ppt; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; # Web fonts font/woff woff; font/woff2 woff2; application/vnd.ms-fontobject eot; font/ttf ttf; font/collection ttc; font/otf otf; # Other application/java-archive ear jar war; application/mac-binhex40 hqx; application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz; application/pdf pdf; application/postscript ai eps ps; application/rtf rtf; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/vnd.wap.wmlc wmlc; application/x-7z-compressed 7z; application/x-bb-appworld bbaw; application/x-bittorrent torrent; application/x-chrome-extension crx; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-opera-extension oex; application/x-perl pl pm; application/x-pilot pdb prc; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert crt der pem; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xslt+xml xsl; application/zip zip; text/calendar ics; text/css css; text/csv csv; text/html htm html shtml; text/markdown md markdown; text/mathml mml; text/plain txt; text/vcard vcard vcf; text/vnd.rim.location.xloc xloc; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/vtt vtt; text/x-component htc; } # configuration file /data/nginx/sites/default_disable.conf: map "" $empty { default ""; } server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl default_server; listen [::]:443 ssl default_server; http2 on; server_name _; ssl_ciphers aNULL; ssl_certificate /etc/nginx/ssl/dummy.crt; ssl_certificate_key /etc/nginx/ssl/dummy.key; return 444; } # configuration file /data/nginx/sites/ofm_roundrobin.conf: server { server_name ofm_roundrobin tiles.openfreemap.org; # ssl: https://ssl-config.mozilla.org / intermediate config listen 80; listen 443 ssl; listen [::]:443 ssl; http2 on; ssl_certificate /data/nginx/certs/ofm_roundrobin.cert; ssl_certificate_key /data/nginx/certs/ofm_roundrobin.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_dhparam /etc/nginx/ffdhe2048.txt; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; # access log doesn't contain IP address access_log off; #access_log /data/ofm/http_host/logs_nginx/roundrobin-access.jsonl access_json buffer=128k; error_log /data/ofm/http_host/logs_nginx/roundrobin-error.log; add_header X-Robots-Tag "noindex, nofollow" always; # specific JSON monaco 20250806_231001_pt location = /monaco/20250806_231001_pt { # no trailing slash alias /data/ofm/http_host/runs/monaco/20250806_231001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific JSON monaco 20250806_231001_pt'; } # specific PBF monaco 20250806_231001_pt location ^~ /monaco/20250806_231001_pt/ { # trailing slash alias /mnt/ofm/monaco-20250806_231001_pt/tiles/; # trailing slash try_files $uri @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific PBF monaco 20250806_231001_pt'; } # specific JSON planet 20250806_001001_pt location = /planet/20250806_001001_pt { # no trailing slash alias /data/ofm/http_host/runs/planet/20250806_001001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific JSON planet 20250806_001001_pt'; } # specific PBF planet 20250806_001001_pt location ^~ /planet/20250806_001001_pt/ { # trailing slash alias /mnt/ofm/planet-20250806_001001_pt/tiles/; # trailing slash try_files $uri @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific PBF planet 20250806_001001_pt'; } # specific JSON monaco 20250805_231001_pt location = /monaco/20250805_231001_pt { # no trailing slash alias /data/ofm/http_host/runs/monaco/20250805_231001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific JSON monaco 20250805_231001_pt'; } # specific PBF monaco 20250805_231001_pt location ^~ /monaco/20250805_231001_pt/ { # trailing slash alias /mnt/ofm/monaco-20250805_231001_pt/tiles/; # trailing slash try_files $uri @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific PBF monaco 20250805_231001_pt'; } # specific JSON planet 20250730_001001_pt location = /planet/20250730_001001_pt { # no trailing slash alias /data/ofm/http_host/runs/planet/20250730_001001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific JSON planet 20250730_001001_pt'; } # specific PBF planet 20250730_001001_pt location ^~ /planet/20250730_001001_pt/ { # trailing slash alias /mnt/ofm/planet-20250730_001001_pt/tiles/; # trailing slash try_files $uri @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'specific PBF planet 20250730_001001_pt'; } # latest JSON monaco location = /monaco { # no trailing slash alias /data/ofm/http_host/runs/monaco/20250806_231001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1d; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'latest JSON monaco'; } # wildcard JSON monaco location ~ ^/monaco/([^/]+)$ { # regex location is unreliable with alias, only root is reliable root /data/ofm/http_host/runs/monaco/20250806_231001_pt; # no trailing slash try_files /tilejson-ofm_roundrobin.json =404; expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'wildcard JSON monaco'; } # wildcard PBF monaco location ~ ^/monaco/([^/]+)/(.+)$ { # regex location is unreliable with alias, only root is reliable root /mnt/ofm/monaco-20250806_231001_pt/tiles/; # trailing slash try_files /$2 @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'wildcard PBF monaco'; } # latest JSON planet location = /planet { # no trailing slash alias /data/ofm/http_host/runs/planet/20250806_001001_pt/tilejson-ofm_roundrobin.json; # no trailing slash expires 1d; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'latest JSON planet'; } # wildcard JSON planet location ~ ^/planet/([^/]+)$ { # regex location is unreliable with alias, only root is reliable root /data/ofm/http_host/runs/planet/20250806_001001_pt; # no trailing slash try_files /tilejson-ofm_roundrobin.json =404; expires 1w; default_type application/json; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'wildcard JSON planet'; } # wildcard PBF planet location ~ ^/planet/([^/]+)/(.+)$ { # regex location is unreliable with alias, only root is reliable root /mnt/ofm/planet-20250806_001001_pt/tiles/; # trailing slash try_files /$2 @empty_tile; add_header Content-Encoding gzip; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'wildcard PBF planet'; } location /fonts/ { # trailing slash alias /data/ofm/http_host/assets/fonts/ofm/; # trailing slash try_files $uri =404; expires 1w; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; } location /natural_earth/ { # trailing slash alias /data/ofm/http_host/assets/natural_earth/ofm/; # trailing slash try_files $uri =404; expires 10y; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; } location /sprites/ { # trailing slash alias /data/ofm/http_host/assets/sprites/; # trailing slash try_files $uri =404; expires 10y; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; } # we need to handle missing tiles as valid request returning empty string location @empty_tile { return 200 ''; expires 10y; types { application/vnd.mapbox-vector-tile pbf; } add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; add_header x-ofm-debug 'empty tile'; } location = / { return 302 https://openfreemap.org; } location /styles/ { # trailing slash alias /data/ofm/http_host/assets/styles/ofm/; # trailing slash try_files $uri.json =404; expires 1d; default_type application/json; # substitute the domain in the TileJSON sub_filter '__TILEJSON_DOMAIN__' 'tiles.openfreemap.org'; sub_filter_once off; sub_filter_types '*'; add_header 'Access-Control-Allow-Origin' '*' always; add_header Cache-Control public; add_header X-Robots-Tag "noindex, nofollow" always; } # catch-all block to deny all other requests location / { deny all; error_log /data/ofm/http_host/logs_nginx/roundrobin-deny.log error; } }