monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(map): revert to Leaflet + proxied OSM tiles, add CPE signal to popups

Browse Source 
Reverted from MapLibre/PMTiles to Leaflet with nginx-proxied OSM raster
tiles — the MapLibre approach had unresolvable CSP and theme compat
issues. The proxy keeps all browser requests local (no third-party).

Also:
- Add CPE signal strength and parent AP name to fleet summary SQL
  and map popup cards (e.g. "Signal: -62 dBm to ap-shady-north")
- Add .dockerignore to exclude 8GB PMTiles and node_modules from
  Docker build context (was causing 10+ minute builds)
- Configure mailpit SMTP in dev compose

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Staack
2026-03-19 21:47:15 -05:00
parent 877cb1a55c
commit 21f2934906
9 changed files with 145 additions and 558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
infrastructure/docker/nginx-spa.conf
View File

@@ -23,7 +23,7 @@ server {
# CSP for React SPA with Tailwind CSS and Leaflet maps
# worker-src required for SRP key derivation Web Worker (Safari won't fall back to script-src)
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' ws: wss:; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self' ws: wss:; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always;
# Proxy API requests to the backend service
# The api container is reachable via Docker internal DNS as "api" on port 8000
@@ -91,6 +91,19 @@ server {
add_header X-Content-Type-Options "nosniff" always;
}
# Proxy OSM raster tiles so the browser never contacts third parties directly
location ~ ^/osm-tiles/(.+)$ {
resolver 127.0.0.11 8.8.8.8 valid=300s ipv6=off;
set $osm_tile_path $1;
proxy_pass https://tile.openstreetmap.org/$osm_tile_path;
proxy_ssl_server_name on;
proxy_set_header Host tile.openstreetmap.org;
proxy_set_header User-Agent "TOD Fleet Manager (tile proxy)";
proxy_set_header Accept-Encoding "";
add_header X-Content-Type-Options "nosniff" always;
expires 7d;
}
# Serve PMTiles with byte range support
location /tiles/ {
add_header Access-Control-Allow-Origin "*" always;