Add caching for POI tiles

group_vars/infrastructure.yml

@@ -75,3 +75,5 @@ poi_postgres_password: !vault |
   3065623439323034380a313934666537303065613331383765353665336639393366343865643965
   31333238666231383033643065343336393636656336386630656635643964636234633463666537
   6539316338353964333762366332383338626532616137653036
+
+poi_domain: "features.stadtnavi.eu"

requirements.yml

@@ -9,10 +9,10 @@ collections:
   version: 10.1.0
 
 # directory containing the collection
-#- source: ../../ansible-baseline
-#  type: dir
-- name: leonardehrenfried.baseline
-  version: 1.7.23
+- source: ../../ansible-baseline
+  type: dir
+#- name: leonardehrenfried.baseline
+#  version: 1.7.23
 
 roles:
 - src: geerlingguy.docker

roles/poi/defaults/main.yml

@@ -2,4 +2,5 @@
 poi_pbf_download_url: https://download.geofabrik.de/europe/germany-latest.osm.pbf
 poi_postgres_port: 6432
 poi_layers_url: "https://docs.google.com/spreadsheets/d/1-iKEeaits4W1EPoMzI29uazZRZJ9s2GJGUPnkO9GzKM/gviz/tq?tqx=out:csv&sheet=Layer"
-poi_pg_tileserve_port: 7800
+poi_pg_tileserv_port: 7800
+poi_cache_port: 7801

roles/poi/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
   - role: leonardehrenfried.baseline.podman
   - role: leonardehrenfried.baseline.caddyfile
+  - role: leonardehrenfried.baseline.nginx_cache

roles/poi/tasks/main.yml

@@ -74,3 +74,18 @@
     group: root
     mode: '0755'
   notify: Restart import-pois
+
+- name: Caddyfile
+  ansible.builtin.template:
+    src: templates/poi.caddy
+    dest: /etc/caddy/
+    owner: caddy
+    group: caddy
+    mode: 0660
+  notify: Restart caddy
+
+- name: Install nginx config
+  template:
+    src: "nginx/poi-cache.conf"
+    dest: /etc/nginx/sites-enabled/
+  notify: "Restart nginx"

roles/poi/templates/nginx/poi-cache.conf

@@ -0,0 +1,42 @@
+proxy_cache_path /var/cache/nginx/poi levels=1:2 keys_zone=poi:8m max_size=20g inactive=180d use_temp_path=off;
+
+server {
+  listen {{ poi_cache_port }};
+  listen [::]:{{ poi_cache_port }};
+
+  error_page 403 /unauthorized.png;
+  location = /unauthorized.png {
+      ssi on;
+      internal;
+      auth_basic off;
+      root /var/www/html;
+  }
+
+  location ~* \.(pbf)$ {
+    proxy_pass          http://127.0.0.1:{{ poi_pg_tileserv_port }};
+    # configure server-side cache
+    proxy_cache         poi;
+    proxy_cache_valid   200 2h;
+    proxy_buffering     on;
+
+    # update the tiles in the background
+    proxy_cache_background_update on;
+    # only one request per tile
+    proxy_cache_lock              on;
+    proxy_cache_use_stale         error timeout invalid_header updating http_500 http_502 http_503 http_504;
+
+    add_header          X-Cached $upstream_cache_status;
+    # cache client-side for one hour
+    add_header          "Cache-Control" "public, max-age=3600, must-revalidate";
+
+    #valid_referers none blocked {{ tileserver_allowed_referrers |join(' ') }};
+
+    if ($invalid_referer){
+      return 403;
+    }
+  }
+
+  location / {
+    proxy_pass          http://127.0.0.1:{{ poi_pg_tileserv_port }}/;
+  }
+}

roles/poi/templates/poi.caddy

@@ -0,0 +1,3 @@
+{{ poi_domain }} {
+  reverse_proxy localhost:{{ poi_cache_port }}
+}

roles/poi/templates/poi.yml

@@ -29,15 +29,18 @@ spec:
       image: docker.io/pramsey/pg_tileserv:20240614
       ports:
         - containerPort: 7800
-          hostPort: {{ poi_pg_tileserve_port }}
+          hostPort: {{ poi_pg_tileserv_port }}
           name: pg-tileserve
           protocol: TCP
       env:
         - name: DATABASE_URL
-          value: postgresql://poi:{{ poi_postgres_password }}@poi-postgresql/poi
-
+          value: postgresql://poi:{{ poi_postgres_password }}@poi-poi-postgresql/poi
+        - name: TS_DEFAULTMINZOOM
+          value: "10"
+        - name: TS_ENABLEMETRICS
+          value: "10"
   volumes:
     - name: poi-postgres-storage
       hostPath:
         path: poi-postgres
-        type: DirectoryOrCreate
+        type: Directory