1 files changed, 23 insertions, 5 deletions

diff --git a/files/etc/nginx/sites-available/webmap b/files/etc/nginx/sites-available/webmap
index 57368cb..d5e005a 100644
--- a/files/etc/nginx/sites-available/webmap
+++ b/files/etc/nginx/sites-available/webmap
@@ -54,7 +54,7 @@ server {
     add_header X-XSS-Protection "1; mode=block";
     add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
     add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'self'";
-    #add_header Access-Control-Allow-Origin "*" always;
+    #add_header Access-Control-Allow-Origin $http_origin always;
 
     include mime.types;
     types {
@@ -69,12 +69,30 @@ server {
         try_files $uri =404;
     }
     location ^~ /tiles/ {
-        expires 8h;
+        expires 30m;
         brotli_static on;
         try_files $uri =404;
         # service an empty payload to save bandwidth
         error_page 404 /_.txt;
     }
+    location = /q {
+        expires epoch;
+        limit_except POST { deny all; }
+        #if ($request_method = OPTIONS) {
+        #    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+        #    add_header Access-Control-Allow-Origin $http_origin;
+        #    add_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
+        #    add_header Access-Control-Allow-Headers "Accept, Content-Type";
+        #    add_header Access-Control-Max-Age 28800;
+        #    return 204;
+        #}
+        client_max_body_size 64k;
+        gzip on;
+        gzip_types application/json text/plain;
+        include uwsgi_params;
+        uwsgi_buffering off;
+        uwsgi_pass unix:/run/webmap-cgi.socket;
+    }
     location = /tiles/metadata.json {
         expires epoch;
         brotli_static on;
@@ -82,10 +100,10 @@ server {
     }
 
     location = /_.txt {
-        # cache 404 responses for 8h like for valid tiles
+        # cache 404 responses for 30m like for valid tiles
         add_header Strict-Transport-Security "max-age=31557600; includeSubDomains" always;
-        add_header Cache-Control "public; max-age=28800" always;
-        #add_header Access-Control-Allow-Origin "*" always;
+        add_header Cache-Control "public; max-age=1800" always;
+        #add_header Access-Control-Allow-Origin $http_origin always;
         internal;
     }