worker_processes auto; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # Rate limiting – schützt vor Missbrauch durch externe Dienste limit_req_zone $binary_remote_addr zone=tiles:10m rate=100r/s; server { listen 80; server_name _; # CORS für alle Clients (MediaWiki, Nextcloud, Home Assistant, etc.) include /etc/nginx/cors.conf; location / { limit_req zone=tiles burst=200 nodelay; proxy_pass http://tileserver:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Tile-Caching-Header proxy_hide_header Cache-Control; add_header Cache-Control "public, max-age=86400, stale-while-revalidate=3600"; # CORS-Header (aus cors.conf) add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, OPTIONS" always; add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept" always; } # CORS Preflight location ~* \.(pbf|png|jpg|json)$ { if ($request_method = OPTIONS) { add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, OPTIONS"; add_header Access-Control-Max-Age 86400; return 204; } proxy_pass http://tileserver:8080; add_header Access-Control-Allow-Origin "*" always; add_header Cache-Control "public, max-age=86400"; } } }