From a600d7e974053b667605914728020c5671ace8f8 Mon Sep 17 00:00:00 2001 From: Daniel Schadt Date: Sat, 19 Nov 2022 18:29:07 +0100 Subject: add docs for more tile proxy information --- doc/administration/configuration.rst | 197 +++++++++++++++++++++++++++-------- 1 file changed, 155 insertions(+), 42 deletions(-) (limited to 'doc/administration/configuration.rst') diff --git a/doc/administration/configuration.rst b/doc/administration/configuration.rst index 5268903..feb3e40 100644 --- a/doc/administration/configuration.rst +++ b/doc/administration/configuration.rst @@ -36,51 +36,164 @@ Most of the configuration is in the ``[app:main]`` category and looks like this: sqlalchemy.url = sqlite:///%(here)s/fietsboek.sqlite fietsboek.data_dir = %(here)s/data + redis.url = redis://localhost/ retry.attempts = 3 -* You should leave the ``use``, ``pyramid.reload_templates`` and - ``pyramid.debug_*`` settings as they are. -* ``pyramid.default_locale_name`` can be used to set the default language of - the installation. Note that Fietsboek will try to detect the user's language, - so the ``default_locale_name`` is used as a fallback. -* ``available_locales`` sets the list of available languages. Currently, - Fietsboek ships with English ("en") and German ("de"). Removing a language - from this list will make it unavailable. If you create a custom language - locally, make sure to add it to this list here! -* ``enable_account_registration`` can be used to enable and disable the - creation of new accounts via the web interface, for example if you want to - have a private instance. New accounts can always be created using the CLI - management tool. -* ``session_key`` should be set to a random string of characters. This is the - key used to sign session data, so it should not get into wrong hands! -* ``sqlalchemy.url`` is the URL to the database. See the `SQLAlchemy - documentation - `__ for - more information. -* ``fietsboek.data_dir`` sets the directory for data uploads. This directory - must be writable by the Fietsboek process, as Fietsboek will save track - images in there. -* ``fietsboek.pages`` see :doc:`custom-pages`. -* ``email.from`` sets the sender of emails, for example for account verifications. -* ``email.smtp_url`` sets the URL of the SMTP server. The following formats are accepted: - - * ``debug://`` a debug implementation that simply prints emails to the - standard output. Should not be used in production, as no emails would ever - arrive. - * ``smtp://host:port`` use the given SMTP server (without transport encryption!) - * ``smtp+ssl://host:port`` use the given SMTP server over a SSL connection - * ``smtp+starttls://host:port`` use the given SMTP server and the STARTTLS - command to start an encrypted channel. - -* ``email.username`` and ``email.password`` can be used to set the login - information for the SMTP server. -* ``thunderforest.api_key`` can be set to an API key of `Thunderforest - `__ to enable support for the OpenCycleMap, - Landscape and Outdoors maps. +General Settings +---------------- +Use ``enable_account_registration`` enable or disable the creation of new +accounts via the web interface, for example if you want to have a private +instance. New accounts can always be created using the CLI management tool. + +Set ``session_key`` to a random string of characters. This is the key used to +sign session data, so it should not get into wrong hands! + +You can set up custom pages using ``fietsboek.pages``. See :doc:`custom-pages` +for more information. + +Pyramid Settings +---------------- + +You should leave the ``use``, ``pyramid.reload_templates`` and +``pyramid.debug_*`` settings as they are. Refer to the `Pyramid documentation +`__ +for more information. + +Language Settings +----------------- + +You can set the default language with the ``pyramid.default_locale_name`` +setting. Note that Fietsboek will try to detect the user's language, so the +``default_locale_name`` is used as a fallback. + +You can use ``available_locales`` to set the list of available languages. +Currently, Fietsboek ships with English ("en") and German ("de"). Removing a +language from this list will make it unavailable. If you create a custom +language locally, make sure to add it to this list here! + +Database Settings +----------------- + +Fietsboek uses three different databases: +A SQL database for persistent data (like user accounts), a file storage on the +disk for big files (like images), and a redis server for ephemeral data (like +cached tiles). + +Set ``sqlalchemy.url`` to the URL of the SQL database. See the `SQLAlchemy +documentation +`__ for more +information on available URL formats. Make sure to install the driver necessary +to communicate with your database (e.g. ``psycopg2`` for PostreSQL)! + +Set ``fietsboek.data_dir`` to the directory for data uploads. This directory +must be writable by the Fietsboek process, as Fietsboek will save track images +in there. + +Set ``redis.url`` to the URL of the redis instance. See the `redis module +documentation +`__ +for information about the possible syntaxes of this URL. Note that the redis +server is only used for caching and temporary data, so don't sweat to make it +persistent. A container running redis is fine. + +.. note:: + + Fietsboek will cache map tiles in the redis server. + To avoid using up too much memory, consider setting a maximum memory size + and policy in redis: + + https://redis.io/docs/management/config/#configuring-redis-as-a-cache + +Email Settings +-------------- + +Use ``email.from`` to set the sender of emails, for example for account verifications. + +Set ``email.smtp_url`` to the URL of the SMTP server. The following formats are +accepted: + +* ``debug://`` a debug implementation that simply prints emails to the + standard output. Should not be used in production, as no emails would ever + arrive. +* ``smtp://host:port`` use the given SMTP server (without transport encryption!) +* ``smtp+ssl://host:port`` use the given SMTP server over a SSL connection +* ``smtp+starttls://host:port`` use the given SMTP server and the STARTTLS + command to start an encrypted channel. + +Use ``email.username`` and ``email.password`` to set the login credentials for +the SMTP server. + +Map Layers & Thunderforest Integration +-------------------------------------- + +By default, Fietsboek offers the following map layers: + +* ``osm``: `OpenStreetMap `__ +* ``osmde``: `OpenStreetMap Deutschland `__ +* ``satellite``: Satellite imaging from `Esri `__ +* ``opentopo``: `OpenTopoMap `__ +* ``topplusopen``: `TopPlus-Open + `__ + +As well as the following overlay layers: + +* ``opensea``: `OpenSeaMap `__ +* ``cycling``: `Waymarked Trails: Cycling `__ +* ``hiking``: `Waymarked Trails: Hiking `__ + +You can use ``fietsboek.default_tile_layers`` to set the list of activated +layers (by default, all of them), for example: + +.. code:: ini + + fietsboek.default_tile_layers = osm osmde cycling + +You can enable `Thunderforest `__ support by +setting ``thunderforest.api_key``, and ``thunderforest.maps`` to a list of +Thunderforest maps (e.g. "cycle" or "landscape"). By default, only logged in +users will be able to use the Thunderforest maps (to protect your quota), this +can be changed by setting ``thunderforest.access = public`` (default is +"restricted"). + +You can add custom tile layers in the following way: + +.. code:: ini + + fietsboek.tile_layer.ID = My Custom Layer + fietsboek.tile_layer.ID.url = https://tiles.example.com/{z}/{x}/{y}.png + # Optional, set the type (base or overlay), default base + fietsboek.tile_layer.ID.type = base + # Optional, set the maximum zoom factor, default 22 + fietsboek.tile_layer.ID.zoom = 22 + # Optional, set the attribution + fietsboek.tile_layer.ID.attribution = Copyright Example + # Optional, set the access restriction (public or restricted), default + # public + fietsboek.tile_layer.ID.access = public + +``ID`` must be an alphanumerical identifier. + +By default, Fietsboek will proxy all tile requests through the Fietsboek +instance. While this can slow down the user experience, it has the following +benefits: + +* Your users' IPs stay private and protected, as no third party is contacted. + The tile servers will only see the IP from the Fietsboek server. +* If you use private tile servers or servers that require a key, your key is + protected as it will not be given out to the users. +* Fietsboek caches tile requests, which reduces the strain on the providers and + might even make maps faster if many people use them. + +You can disable the tile proxy by setting ``fietsboek.tile_proxy.disable = +true``. This will cause the tiles to be loaded directly by the client. .. warning:: - The API key will be embedded in the source of the website, therefore it is - possible for visitors to "steal" the API key. Keep that in mind when - setting an API key for a publicly accessible site! + If you disable the tile proxy, all tile source URLs will be given to the + user. If you use API keys or other private sources, **those keys will be + leaked to the users**. + + In addition, depending on the jurisdiction, you might be required to tell + your users that third party content is included in your site, and that + their IP will be accessible to the third party. -- cgit v1.2.3