I have a stack composed of a python flask server and a nginx proxy server. Using folium/leaftlet, the map tiles are provided by a subdomain of my own, "https://maps.SERVER.TLD/v1/tile/toner-grey/{z}/{x}/{y}.png", which fetches them from Geoapify with the API key.
This subdomain corresponds to the nginx proxy server with the nginx.conf below. Since there's a limit to the number of requests to geoapify, I want to cache the tiles on my server and serve them from there.
At this point I have this nginx.conf mostly coming from https://otse.co.nz/otse/2023/03/06/creating-a-high-performance-caching-tile-server-for-openview/ but modified since I do not need the other upstream servers, I want longer caches, and some protection from other users.
The proxy is working well, it is just not saving anything to the directory apart from creating the two levels of cache folders.
error_log logs/error.log notice;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
postpone_output 0;
# Just for log
map $request_uri $tile_coords {
~/(?<z>[0-9]+)/(?<x>[0-9]+)/(?<y>[0-9]+)\.png$ $z:$x:$y;
}
# Reporting cache status and tile coordinates for reference
log_format logresponsetime '[$time_local] "$tile_coords" $status $bytes_sent "$http_referer" $request_time "upstream_cache_status:$upstream_cache_status" $upstream_response_time';
access_log logs/access.log logresponsetime;
access_log /dev/stdout;
error_log /dev/stderr;
# on for troubleshooting
error_log /dev/stderr debug;
resolver 8.8.8.8 ipv6=off;
#https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
keepalive_time 5m;
#default ssl settings:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
#time during which ssl parameters may be reused by clients
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
# https://serverfault.com/questions/997614/setting-ssl-prefer-server-ciphers-directive-in-nginx-config for discussion
ssl_prefer_server_ciphers off; ssl_certificate /etc/letsencrypt/live/npm-8/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-8/privkey.pem;
#default proxy settings:
#required to keepalive connections, https://stackoverflow.com/questions/46771389/why-does-nginx-proxy-pass-close-my-connection
proxy_http_version 1.1;
#time between sucessive requests before closing the connection
proxy_read_timeout 600;
proxy_connect_timeout 20;
proxy_cache_revalidate on;
#allows serving stale content from the cache in certain conditions https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_use_stale
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
#https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_background_update
proxy_cache_background_update on;
#only one request at a time for the same content https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock
proxy_cache_lock on;
proxy_cache_valid 200 302 120d;
proxy_cache_valid 404 1m;
proxy_ssl_server_name on;
#proxy_cache_lock on;
proxy_cache_lock_timeout 1s;
##Proxy Caches
# ignore inactive threshold
proxy_cache_path /nginx/cache/geoapify levels=1:2 keys_zone=geoapify:1024m max_size=25g inactive=0 use_temp_path=off;
proxy_ignore_headers Expires Cache-Control Set-Cookie Vary;
proxy_buffering on;
proxy_hide_header "Set-Cookie";
##Upstreams
upstream maps.geoapify.com {
server maps.geoapify.com:443;
keepalive 4;
}
server {
listen 880 ssl;
server_name maps.SERVER.TLD;
##Geoapify
#location ~ ^/geoapify/(.*)$ {
#location = (v1.*\.png) {
location ~ (v1.*\.png) {
proxy_set_header Referer "https://maps.SERVER.TLD";
valid_referers SERVER.TLD;
if ($invalid_referer) {
return 403;
}
add_header X-My-Cache-Bypass-Control "force-cache";
access_log logs/geoapify.access.log logresponsetime;
access_log /dev/stdout logresponsetime;
proxy_cache geoapify;
proxy_cache_key "$request_uri";
#proxy_ignore_headers Cache-Control;
proxy_cache_valid 200 302 120d;
proxy_cache_valid 404 120m;
proxy_set_header Connection "";
proxy_pass https://maps.geoapify.com/$1?apiKey=APIKEY;
}
}
}
When used, I can see the logs always as upstream miss, and I see no files created. There is write access to the nginx user (running on docker) as if I use that user, I can create files in the cache folder. cache folder has 700 permission.
Any idea of what could be wrong?
