Merge branch 'main' of https://github.com/TaskarCenterAtUW/workspaces-stack

Author: jeffmaki

LICENSE

@@ -0,0 +1,15 @@
+Workspaces Stack
+Copyright (C) 2024 Taskar Center for Accessible Technology
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

docker-compose.yml

@@ -105,13 +105,13 @@ services:
       - traefik.http.services.osm-log-proxy.loadbalancer.server.port=80
 
   osm-web:
-    image: rtsp/lighttpd:latest
+    image: nginx:stable-alpine
     depends_on:
       - osm-rails
       - osm-cgimap
     volumes:
-      - ./osm-web/lighttpd.conf:/etc/lighttpd/conf.d/06-osm.conf:ro
-      - ./osm-rails/public:/var/www/html:ro
+      - ./osm-web/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./osm-rails/public:/usr/share/nginx/html:ro
     labels:
       - traefik.enable=true
       - traefik.http.routers.osm-web.rule=Host(`${WS_OSM_HOST}`)

osm-web/Dockerfile

@@ -1,3 +1,3 @@
-FROM rtsp/lighttpd:latest
+FROM nginx:stable-alpine
 
-COPY lighttpd.conf /etc/lighttpd/conf.d/06-osm.conf
+COPY nginx.conf /etc/nginx/conf.d/default.conf

osm-web/lighttpd.conf

@@ -2,6 +2,9 @@
 # This file is based on openstreetmap-cgimap's lighttpd configuration example:
 # https://github.com/zerebubuth/openstreetmap-cgimap/blob/master/lighttpd.conf
 #
+# We don't use lighttpd anymore. We'll keep this reference file for now. Nginx
+# replaced lighttpd, and a similar configuration exists in nginx.conf.
+#
 
 server.reject-expect-100-with-417 = "disable"
 

osm-web/nginx.conf

@@ -0,0 +1,120 @@
+#
+# This file is based on openstreetmap-cgimap's lighttpd configuration example:
+# https://github.com/zerebubuth/openstreetmap-cgimap/blob/master/lighttpd.conf
+#
+
+# Resolve hostnames with Docker's internal DNS resolver:
+resolver 127.0.0.11 ipv6=off;
+
+upstream osm-rails-upstream {
+    keepalive 4;
+    server osm-rails:3000;
+}
+
+# Improve support for third-party clients by enabling workspace selection using
+# a path prefix (/workspace/123/...). We strip the prefix for upstream services
+# here:
+#
+map $request_uri $mapped_request_uri {
+    ~^(/workspace/\d+)?(.*)$ $2;
+}
+
+# Improve support for third-party clients by mapping workspace IDs from the URI
+# path prefix. We carry it here from a query parameter as needed:
+#
+map $http_x_workspace $mapped_workspace_id {
+    default $http_x_workspace;
+    "" $arg_x_workspace;
+}
+
+# Improve support for third-party clients by mapping TDEI tokens from a request
+# basic authorization header or from the user information in a URI:
+#
+map $http_authorization $mapped_tdei_token {
+    ~^Basic $remote_user;
+    ~^Bearer\ (.*)$ $1;
+    "" $remote_user;
+}
+
+server {
+    listen 80;
+    server_name _;
+
+    set_real_ip_from 0.0.0.0/0;
+    real_ip_header X-Forwarded-For;
+
+    error_page 404 /dispatch.map;
+
+    # This is effectively the maximum size of a dataset that we're willing to
+    # accept when creating a workspace:
+    #
+    client_max_body_size 2g;
+
+    # Improve support for third-party clients by enabling workspace selection
+    # using a path prefix (/workspace/123/...). We rewrite the path to remove
+    # the prefix and carry the workspace ID to the next location context with
+    # a query parameter:
+    #
+    location ~ ^/workspace/(\d+)/ {
+        rewrite ^/workspace/(\d+)/(.*) /$2?x_workspace=$1 last;
+    }
+
+    # If a request does not match an API endpoint implemented in CGImap, pass
+    # the request to the Rails implementation:
+    #
+    location / {
+        if ($request_method = GET) {
+            rewrite ^/api/0\.6/map(\.(json|xml))?$ /dispatch.map last;
+            rewrite ^/api/0\.6/(node|way|relation)/[0-9]+(\.(json|xml))?$ /dispatch.map last;
+            rewrite ^/api/0\.6/(node|way|relation)/[0-9]+/history.*$ /dispatch.map last;
+            rewrite ^/api/0\.6/(node|way|relation)/[0-9]+/[0-9]+.*$ /dispatch.map last;
+            rewrite ^/api/0\.6/(node|way|relation)/[0-9]+/relations$ /dispatch.map last;
+            rewrite ^/api/0\.6/node/[0-9]+/ways$ /dispatch.map last;
+            rewrite ^/api/0\.6/(way|relation)/[0-9]+/full$ /dispatch.map last;
+            rewrite ^/api/0\.6/changeset/[0-9]+.*$ /dispatch.map last;
+            rewrite ^/api/0\.6/(nodes|ways|relations)$ /dispatch.map last;
+            rewrite ^/api/0\.6/changeset/[0-9]+/download$ /dispatch.map last;
+        }
+
+        if ($request_method = POST) {
+            rewrite ^/api/0\.6/changeset/[0-9]+/upload.*$ /dispatch.map last;
+        }
+
+        if ($request_method = PUT) {
+            rewrite ^/api/0\.6/changeset/[0-9]+/close.*$ /dispatch.map last;
+            rewrite ^/api/0\.6/changeset/[0-9]+$ /dispatch.map last;
+            rewrite ^/api/0\.6/changeset/create.*$ /dispatch.map last;
+        }
+
+        proxy_pass http://osm-rails-upstream;
+
+        # Some map operations may take a bit longer:
+        proxy_read_timeout 3m;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        proxy_set_header Authorization "Bearer $mapped_tdei_token";
+        proxy_set_header X-Workspace $mapped_workspace_id;
+    }
+
+    # Handle requests for the endpoints implemented in CGImap:
+    #
+    location ~ \.map$ {
+        fastcgi_pass osm-cgimap:8000;
+
+        # Large dataset uploads may take a long time to process
+        fastcgi_read_timeout 3h;
+
+        fastcgi_param CONTENT_LENGTH $content_length;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_param REMOTE_ADDR $remote_addr;
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param REQUEST_URI $mapped_request_uri;
+
+        fastcgi_param HTTP_AUTHORIZATION "Bearer $mapped_tdei_token";
+        fastcgi_param HTTP_X_WORKSPACE $mapped_workspace_id;
+    }
+}