add tileserver and load balancer

gen-selfsigned-cert.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+mkdir -p data/certificates
+cd data/certificates
+openssl genrsa -out default.key 2048
+openssl req -new -key default.key -out default.csr
+openssl x509 -req -days 3650 -in default.csr -signkey default.key -out default.crt
+cat default.key default.crt >> default.pem

issue-certificate.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+CB=`docker ps --format='{{.Names}}' --filter=label=meta.role=certbot`
+
+EMAIL=$2
+
+CERTNAME=$1
+DOMAIN=$1
+
+docker exec $CB certbot certonly --non-interactive --standalone --email $2 --agree-tos --keep --preferred-challenges http --cert-name "$CERTNAME" -d "$DOMAIN"
+
+cat ./data/certbot/etc/live/$CERTNAME/privkey.pem ./data/certbot/etc/live/$CERTNAME/fullchain.pem > /certificates/$CERTNAME.pem"

lb/haproxy.cfg

@@ -0,0 +1,69 @@
+global
+    maxconn 4096
+    user root
+    group root
+    daemon
+
+    tune.ssl.default-dh-param       2048
+    ssl-default-bind-options no-sslv3 no-tls-tickets
+    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+defaults
+    log global
+    mode http
+    balance roundrobin
+    maxconn 1024
+
+#   This breaks HTTP2
+#    option abortonclose
+    option httpclose
+    option forwardfor
+
+    retries 3
+    option redispatch
+
+    timeout client  30s
+    timeout connect 30s
+    timeout server  30s
+
+    #option httpchk HEAD /haproxy?monitor HTTP/1.0
+    #timeout check 5s
+    #stats enable
+    #stats uri     /haproxy?stats
+    #stats realm   Haproxy\ Statistics
+    #stats auth    admin:yourpasswordhere
+    #stats refresh 5s
+
+cache mapscache
+    total-max-size 1023   # MB
+    max-object-size 10000 # bytes
+    max-age 30            # seconds
+
+frontend http
+    bind :80
+    option http-server-close
+    redirect scheme https if ! { path_beg -i /.well-known/acme-challenge }
+    default_backend certbot
+
+frontend https
+    bind :443 ssl crt /certificates alpn http/1.1
+
+    # CORS
+    http-response set-header Access-Control-Allow-Origin "*"
+    http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
+    http-response set-header Access-Control-Max-Age 3628800
+    http-response set-header Access-Control-Allow-Methods "GET"
+
+    use_backend osmtile
+
+backend certbot
+    server c1 certbot:80
+
+backend osmtile
+    # Get from cache / put in cache
+    http-request cache-use mapscache
+    http-response cache-store mapscache
+
+    # server list
+    server o1 osmtile:80 check
+

tileserver/Dockerfile

@@ -0,0 +1,13 @@
+FROM overv/openstreetmap-tile-server:1.7.4
+EXPOSE 80
+# Remove all original style files
+RUN rm -rf /home/renderer/src/openstreetmap-carto/style/*.mss
+RUN rm -fr /home/renderer/src/openstreetmap-carto/project.mml
+# Add custom style files
+ADD carto-style /home/renderer/src/openstreetmap-carto
+# Recompile the stylesheet
+RUN cd /home/renderer/src/openstreetmap-carto \
+ && carto project.mml > mapnik.xml \
+ && scripts/get-external-data.py
+
+##TODO ADD map-data/