dev-libre-is/docs/_source/maps-libre-is.rst

=============
maps.libre.is
=============
HOWTO run your own map servers.


Debian
======
Using Debian stable (12/bookworm).

Install dependenices:

.. code-block:: sh

  sudo apt install apache2 python3-certbot-apache \
  osm2pgsql postgresql-postgis postgresql-postgis-scripts \
  pkg-config libicu-dev virtualenv python3-pip \
  build-essential python3-dev


Firewall
========
Open ports 80 and 443 for web.

Apache
======
Install and set up Apache.

.. code-block:: sh

  certbot -d maps.libre.is -d map.libre.is
  # remove old apache configs:
  rm /etc/apache2/sites-enabled/000-default*

Add new apache configs to /etc/apache2/sites-available/maps-libre-is.conf:

.. code-block:: apache

  <VirtualHost maps.libre.is:80>
          ServerName maps.libre.is
          ServerAlias map.libre.is
          ServerAdmin webmaster@libre.is
          DocumentRoot /var/www/html/maps-libre-is
          ErrorLog ${APACHE_LOG_DIR}/error-libre-maps-is.log
          CustomLog ${APACHE_LOG_DIR}/access-libre-maps-is.log combined
          RewriteEngine on
          ReWriteCond %{HTTPS} off
          RewriteCond %{SERVER_NAME} =map.libre.is
          RewriteRule ^ https://maps.libre.is%{REQUEST_URI} [END,NE,R=permanent]
          ReWriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
          RewriteCond %{SERVER_NAME} =maps.libre.is
          RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  </VirtualHost>
  
  <VirtualHost maps.libre.is:443>
          ServerName maps.libre.is
          ServerAlias map.libre.is
          ServerAdmin webmaster@libre.is
          DocumentRoot /var/www/html/maps-libre-is
          ErrorLog ${APACHE_LOG_DIR}/error-ssl-libre-maps-is.log
          CustomLog ${APACHE_LOG_DIR}/access-ssl-libre-maps-is.log combined
          RewriteEngine on
          RewriteCond %{SERVER_NAME} =map.libre.is
          RewriteRule ^ https://maps.libre.is%{REQUEST_URI} [END,NE,R=permanent]
          ReWriteCond %{HTTPS} off [OR]
          ReWriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
          ReWriteRule ^(.*)$ https://%1$1 [L,R=301]
          <Directory /var/www/html/maps-libre-is>
                  Options FollowSymlinks
                  AllowOverride All
                  Require all granted
          </Directory>
          Include /etc/letsencrypt/options-ssl-apache.conf
          SSLCertificateFile /etc/letsencrypt/live/maps.libre.is/fullchain.pem
          SSLCertificateKeyFile /etc/letsencrypt/live/maps.libre.is/privkey.pem
  </VirtualHost>
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable new configuration:

.. code-block:: sh

  sudo mkdir -p /var/www/html/maps-libre-is
  echo maps.libre.is | sudo tee /var/www/html/maps-libre-is/index.html
  sudo ln -s /etc/apache2/sites-available/maps-libre-is.conf /etc/apache2/sites-enabled/maps-libre-is.conf
  sudo systemctl restart apache2  


Nominatim
=========
"Nominatim uses OpenStreetMap data to find locations on Earth by name and
address (geocoding).
It can also do the reverse, find an address for any location on the planet."

  `<https://nominatim.org/>`_

  `<https://github.com/osm-search/Nominatim>`_

  `<https://nominatim.org/release-docs/latest/admin/Installation/>`_

The full installation is quite demanding:

* 2GB RAM minimum.

* Full planet import requires 128GB of RAM or more.

* Full planet needs at least 1TB of fast disk.

* Full import of planet takes 2.5 days on NVMe, 4-5 days on SSD.

With the large disk, create a mount in /srv.

Set up Nominatim user and switch to it.

.. code-block:: sh

  sudo useradd -d /srv/nominatim -s /bin/bash -m nominatim
  sudo -u nominatim bash
  export USERNAME=nominatim
  export USERHOME=/srv/nominatim
  chmod a+x $USERHOME


Postgres
========
Postgres is needed by Nominatim.

.. code-block:: sh

  export USERNAME=nominatim
  export USERHOME=/srv/nominatim
  sudo systemctl restart postgresql
  sudo -u postgres createuser -s $USERNAME
  sudo -u postgres createuser www-data

Edit /etc/postgresql/15/main/postgresql.conf thusly:

.. code-block:: postgres

  shared_buffers = 2GB
  maintenance_work_mem = 10GB
  autovacuum_work_mem = 2GB
  work_mem = 50MB
  synchronous_commit = off
  max_wal_size = 1GB
  checkpoint_timeout = 60min
  checkpoint_completion_target = 0.9
  random_page_cost = 1.0
  wal_level = minimal
  max_wal_senders = 0


Nominatim Install
=================
As user nominatim.

.. code-block::

  sudo -u nominatim bash
  export USERNAME=nominatim
  export USERHOME=/srv/nominatim
  virtualenv $USERHOME/nominatim-venv
  $USERHOME/nominatim-venv/bin/pip install nominatim-db
  . $USERHOME/nominatim-venv/bin/activate


Now import data, such as described here:

  `<https://nominatim.org/release-docs/latest/admin/Import/>`_


.. code-block::

  $USERHOME/nominatim-venv/bin/pip install psycopg[binary] falcon uvicorn gunicorn
  $USERHOME/nominatim-venv/bin/pip install nominatim-api

Create systemd files:

.. code-block::

  sudo tee /etc/systemd/system/nominatim.socket << EOFSOCKETSYSTEMD
  [Unit]
  Description=Gunicorn socket for Nominatim
  
  [Socket]
  ListenStream=/run/nominatim.sock
  SocketUser=www-data
  
  [Install]
  WantedBy=multi-user.target
  EOFSOCKETSYSTEMD

Another systemd file:

.. code-block::

  sudo tee /etc/systemd/system/nominatim.service << EOFNOMINATIMSYSTEMD
  [Unit]
  Description=Nominatim running as a gunicorn application
  After=network.target
  Requires=nominatim.socket
  
  [Service]
  Type=simple
  User=www-data
  Group=www-data
  WorkingDirectory=$USERHOME/nominatim-project
  ExecStart=$USERHOME/nominatim-venv/bin/gunicorn -b unix:/run/nominatim.sock -w 4 -k uvicorn.workers.UvicornWorker nominatim_api.server.falcon.server:run_wsgi
  ExecReload=/bin/kill -s HUP \$MAINPID
  StandardOutput=append:/var/log/gunicorn-nominatim.log
  StandardError=inherit
  PrivateTmp=true
  TimeoutStopSec=5
  KillMode=mixed
  
  [Install]
  WantedBy=multi-user.target
  EOFNOMINATIMSYSTEMD

Start Nominatim systemd:

.. code-block::

  sudo systemctl daemon-reload
  sudo systemctl enable nominatim.socket
  sudo systemctl start nominatim.socket
  sudo systemctl enable nominatim.service

Nominatim Apache
================
Thusly.

As user nominatim:

.. code-block::

  mkdir $USERHOME/nominatim-project

As sudo user:

.. code-block::

  sudo a2enmod proxy_http
  sudo tee /etc/apache2/conf-available/nominatim.conf << EOFAPACHECONF
  #ProxyPass /nominatim "unix:/run/nominatim.sock|http://localhost/"
  ProxyPass / "unix:/run/nominatim.sock|http://localhost/"
  EOFAPACHECONF
  
  sudo a2enconf nominatim
  sudo systemctl restart apache2


Then connect to this to test:

  `<https://maps.libre.is/status>`_
maps.libre.is. Nominatim requirements 2024-09-14 10:48:34 -06:00			`=============`
			`maps.libre.is`
			`=============`
			`HOWTO run your own map servers.`


			`Debian`
			`======`
			`Using Debian stable (12/bookworm).`

nominatim notes 2024-09-14 11:04:23 -06:00			`Install dependenices:`

			`.. code-block:: sh`

			`sudo apt install apache2 python3-certbot-apache \`
			`osm2pgsql postgresql-postgis postgresql-postgis-scripts \`
			`pkg-config libicu-dev virtualenv python3-pip \`
			`build-essential python3-dev`

maps.libre.is. Nominatim requirements 2024-09-14 10:48:34 -06:00
			`Firewall`
			`========`
			`Open ports 80 and 443 for web.`

			`Apache`
			`======`
			`Install and set up Apache.`

			`.. code-block:: sh`

			`certbot -d maps.libre.is -d map.libre.is`
			`# remove old apache configs:`
			`rm /etc/apache2/sites-enabled/000-default*`

			`Add new apache configs to /etc/apache2/sites-available/maps-libre-is.conf:`

			`.. code-block:: apache`

			`<VirtualHost maps.libre.is:80>`
			`ServerName maps.libre.is`
			`ServerAlias map.libre.is`
			`ServerAdmin webmaster@libre.is`
			`DocumentRoot /var/www/html/maps-libre-is`
			`ErrorLog ${APACHE_LOG_DIR}/error-libre-maps-is.log`
			`CustomLog ${APACHE_LOG_DIR}/access-libre-maps-is.log combined`
			`RewriteEngine on`
			`ReWriteCond %{HTTPS} off`
			`RewriteCond %{SERVER_NAME} =map.libre.is`
			`RewriteRule ^ https://maps.libre.is%{REQUEST_URI} [END,NE,R=permanent]`
			`ReWriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]`
			`RewriteCond %{SERVER_NAME} =maps.libre.is`
			`RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]`
			`</VirtualHost>`

			`<VirtualHost maps.libre.is:443>`
			`ServerName maps.libre.is`
			`ServerAlias map.libre.is`
			`ServerAdmin webmaster@libre.is`
			`DocumentRoot /var/www/html/maps-libre-is`
			`ErrorLog ${APACHE_LOG_DIR}/error-ssl-libre-maps-is.log`
			`CustomLog ${APACHE_LOG_DIR}/access-ssl-libre-maps-is.log combined`
			`RewriteEngine on`
			`RewriteCond %{SERVER_NAME} =map.libre.is`
			`RewriteRule ^ https://maps.libre.is%{REQUEST_URI} [END,NE,R=permanent]`
			`ReWriteCond %{HTTPS} off [OR]`
			`ReWriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]`
			`ReWriteRule ^(.*)$ https://%1$1 [L,R=301]`
			`<Directory /var/www/html/maps-libre-is>`
			`Options FollowSymlinks`
			`AllowOverride All`
			`Require all granted`
			`</Directory>`
			`Include /etc/letsencrypt/options-ssl-apache.conf`
			`SSLCertificateFile /etc/letsencrypt/live/maps.libre.is/fullchain.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/maps.libre.is/privkey.pem`
			`</VirtualHost>`
			`# vim: syntax=apache ts=4 sw=4 sts=4 sr noet`

			`Enable new configuration:`

			`.. code-block:: sh`

			`sudo mkdir -p /var/www/html/maps-libre-is`
			`echo maps.libre.is \| sudo tee /var/www/html/maps-libre-is/index.html`
			`sudo ln -s /etc/apache2/sites-available/maps-libre-is.conf /etc/apache2/sites-enabled/maps-libre-is.conf`
			`sudo systemctl restart apache2`


nominatim notes 2024-09-14 11:04:23 -06:00
maps.libre.is. Nominatim requirements 2024-09-14 10:48:34 -06:00			`Nominatim`
			`=========`
			`"Nominatim uses OpenStreetMap data to find locations on Earth by name and`
			`address (geocoding).`
			`It can also do the reverse, find an address for any location on the planet."`

			`<https://nominatim.org/>`_

			`<https://github.com/osm-search/Nominatim>`_

			`<https://nominatim.org/release-docs/latest/admin/Installation/>`_

			`The full installation is quite demanding:`

			`* 2GB RAM minimum.`

			`* Full planet import requires 128GB of RAM or more.`

			`* Full planet needs at least 1TB of fast disk.`

			`* Full import of planet takes 2.5 days on NVMe, 4-5 days on SSD.`

nominatim notes 2024-09-14 11:04:23 -06:00			`With the large disk, create a mount in /srv.`

			`Set up Nominatim user and switch to it.`

			`.. code-block:: sh`

			`sudo useradd -d /srv/nominatim -s /bin/bash -m nominatim`
			`sudo -u nominatim bash`
			`export USERNAME=nominatim`
			`export USERHOME=/srv/nominatim`
			`chmod a+x $USERHOME`


			`Postgres`
			`========`
			`Postgres is needed by Nominatim.`

			`.. code-block:: sh`

			`export USERNAME=nominatim`
			`export USERHOME=/srv/nominatim`
			`sudo systemctl restart postgresql`
			`sudo -u postgres createuser -s $USERNAME`
			`sudo -u postgres createuser www-data`

nominatim postgres, apache 2024-09-14 11:34:23 -06:00			`Edit /etc/postgresql/15/main/postgresql.conf thusly:`

			`.. code-block:: postgres`

			`shared_buffers = 2GB`
postgres config fix 2024-09-14 11:41:53 -06:00			`maintenance_work_mem = 10GB`
nominatim postgres, apache 2024-09-14 11:34:23 -06:00			`autovacuum_work_mem = 2GB`
postgres config fix 2024-09-14 11:41:53 -06:00			`work_mem = 50MB`
nominatim postgres, apache 2024-09-14 11:34:23 -06:00			`synchronous_commit = off`
			`max_wal_size = 1GB`
			`checkpoint_timeout = 60min`
			`checkpoint_completion_target = 0.9`
			`random_page_cost = 1.0`
			`wal_level = minimal`
			`max_wal_senders = 0`

nominatim notes 2024-09-14 11:04:23 -06:00
			`Nominatim Install`
			`=================`
			`As user nominatim.`

			`.. code-block::`

			`sudo -u nominatim bash`
			`export USERNAME=nominatim`
			`export USERHOME=/srv/nominatim`
			`virtualenv $USERHOME/nominatim-venv`
			`$USERHOME/nominatim-venv/bin/pip install nominatim-db`
			`. $USERHOME/nominatim-venv/bin/activate`
import map data linky 2024-09-14 11:48:00 -06:00

			`Now import data, such as described here:`

			`<https://nominatim.org/release-docs/latest/admin/Import/>`_


			`.. code-block::`

nominatim postgres, apache 2024-09-14 11:34:23 -06:00			`$USERHOME/nominatim-venv/bin/pip install psycopg[binary] falcon uvicorn gunicorn`
			`$USERHOME/nominatim-venv/bin/pip install nominatim-api`

			`Create systemd files:`

			`.. code-block::`

			`sudo tee /etc/systemd/system/nominatim.socket << EOFSOCKETSYSTEMD`
			`[Unit]`
			`Description=Gunicorn socket for Nominatim`

			`[Socket]`
			`ListenStream=/run/nominatim.sock`
			`SocketUser=www-data`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOFSOCKETSYSTEMD`

			`Another systemd file:`

			`.. code-block::`

			`sudo tee /etc/systemd/system/nominatim.service << EOFNOMINATIMSYSTEMD`
			`[Unit]`
			`Description=Nominatim running as a gunicorn application`
			`After=network.target`
			`Requires=nominatim.socket`

			`[Service]`
			`Type=simple`
			`User=www-data`
			`Group=www-data`
			`WorkingDirectory=$USERHOME/nominatim-project`
			`ExecStart=$USERHOME/nominatim-venv/bin/gunicorn -b unix:/run/nominatim.sock -w 4 -k uvicorn.workers.UvicornWorker nominatim_api.server.falcon.server:run_wsgi`
			`ExecReload=/bin/kill -s HUP \$MAINPID`
			`StandardOutput=append:/var/log/gunicorn-nominatim.log`
			`StandardError=inherit`
			`PrivateTmp=true`
			`TimeoutStopSec=5`
			`KillMode=mixed`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOFNOMINATIMSYSTEMD`

			`Start Nominatim systemd:`

			`.. code-block::`

			`sudo systemctl daemon-reload`
			`sudo systemctl enable nominatim.socket`
			`sudo systemctl start nominatim.socket`
			`sudo systemctl enable nominatim.service`

			`Nominatim Apache`
			`================`
			`Thusly.`

			`As user nominatim:`

			`.. code-block::`

			`mkdir $USERHOME/nominatim-project`

			`As sudo user:`

			`.. code-block::`

			`sudo a2enmod proxy_http`
			`sudo tee /etc/apache2/conf-available/nominatim.conf << EOFAPACHECONF`
			`#ProxyPass /nominatim "unix:/run/nominatim.sock\|http://localhost/"`
			`ProxyPass / "unix:/run/nominatim.sock\|http://localhost/"`
			`EOFAPACHECONF`

			`sudo a2enconf nominatim`
			`sudo systemctl restart apache2`


			`Then connect to this to test:`

			`<https://maps.libre.is/status>`_