Add Health monitoring endpoint

docs/operation/modules/ROOT/nav.adoc

@@ -29,6 +29,7 @@
 *** xref:configuration/secret/aws_secrets_manager.adoc[]
 ** xref:configuration/server.adoc[]
 *** xref:configuration/encryption.adoc[]
+*** xref:configuration/health.adoc[]
 ** xref:configuration/client.adoc[]
 ** xref:configuration/log.adoc[]
 ** xref:configuration/telemetry.adoc[]
@@ -42,3 +43,4 @@
 * xref:extensibility.adoc[]
 * xref:telemetry.adoc[]
 * xref:migrate-tilestache.adoc[]
+* xref:productionizing.adoc[]

docs/operation/modules/ROOT/pages/configuration/authentication/custom.adoc

@@ -10,26 +10,27 @@ Name should be "custom"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter | Description | Type | Required | Default
 
 | token
+| How to extract the auth token from the request. Each Key/Value should be one of the options in the table above
 | map[string]string
 | Yes
 | None
-| How to extract the auth token from the request. Each Key/Value should be one of the options in the table above
 
 | cachesize
+| Configures the size of the cache of already verified tokens used to avoid re-verifying every request. Set to -1 to disable
 | int
 | No
 | 100
-| Configures the size of the cache of already verified tokens used to avoid re-verifying every request. Set to -1 to disable
 
 | file
+| Contains the path to the file containing the go code to perform validation of the auth token as a file
 | string
 | No
 | None
-| Contains the path to the file containing the go code to perform validation of the auth token as a file
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/authentication/jwt.adoc

@@ -6,6 +6,7 @@ Currently this implementation only supports a single key specified against a sin
 
 The following claims are supported/enforced:
 
+[cols="1,4"]
 |===
 | Claim | Implementation
 
@@ -32,74 +33,75 @@ Name should be "jwt"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
 | Parameter | Type | Required | Default | Description
 
 | Key
+| The key for verifying the signature. The public key if using asymmetric signing. If the value starts with "env." the remainder is interpreted as the name of the Environment Variable to use to retrieve the verification key.
 | string
 | Yes
 | None
-| The key for verifying the signature. The public key if using asymmetric signing. If the value starts with "env." the remainder is interpreted as the name of the Environment Variable to use to retrieve the verification key.
 
 | Algorithm
+| Algorithm to allow for JWT signature. One of: "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "EdDSA"
 | string
 | Yes
 | None
-| Algorithm to allow for JWT signature. One of: "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "EdDSA"
 
 | HeaderName
+| The header to extract the JWT from. If this is "Authorization" it removes "Bearer " from the start. Make sure this is in "canonical case" e.g. X-Header - auth will always fail otherwise
 | string
 | No
 | Authorization
-| The header to extract the JWT from. If this is "Authorization" it removes "Bearer " from the start. Make sure this is in "canonical case" e.g. X-Header - auth will always fail otherwise
 
 | MaxExpiration
+| How many seconds from now can the expiration be. JWTs more than X seconds from now will result in a 401
 | uint32
 | No
 | 1 day
-| How many seconds from now can the expiration be. JWTs more than X seconds from now will result in a 401
 
 | ExpectedAudience
+| Require the "aud" grant to be this string
 | string
 | No
 | None
-| Require the "aud" grant to be this string
 
 | ExpectedSubject
+| Require the "sub" grant to be this string
 | string
 | No
 | None
-| Require the "sub" grant to be this string
 
 | ExpectedIssuer
+| Require the "iss" grant to be this string
 | string
 | No
 | None
-| Require the "iss" grant to be this string
 
 | ExpectedScope
+| Require the "scope" grant to contain this string
 | string
 | No
 | None
-| Require the "scope" grant to contain this string
 
 | LayerScope
+| If true the "scope" grant is used to whitelist access to layers
 | bool
 | No
 | false
-| If true the "scope" grant is used to whitelist access to layers
 
 | ScopePrefix
+| If true this prefix indicates scopes to use. For example a prefix of "tile/" will mean a scope of "tile/test" grants access to "test". Doesn't impact ExpectedScope
 | string
 | No
 | Empty string
-| If true this prefix indicates scopes to use. For example a prefix of "tile/" will mean a scope of "tile/test" grants access to "test". Doesn't impact ExpectedScope
 
 | UserId
+| Use the specified grant as the user identifier. This is just used for logging by default but it's made available to custom providers
 | string
 | No
 | sub
-| Use the specified grant as the user identifier. This is just used for logging by default but it's made available to custom providers
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/authentication/static_key.adoc

@@ -8,12 +8,13 @@ Name should be "static key"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter  | Description | Type | Required | Default
 
 | key
+| The bearer token to require be supplied. If not specified `tilegroxy` will generate a random token at startup and output it in logs
 | string
 | No
 | Auto
-| The bearer token to require be supplied. If not specified `tilegroxy` will generate a random token at startup and output it in logs
 |===

docs/operation/modules/ROOT/pages/configuration/cache/disk.adoc

@@ -10,20 +10,21 @@ Name should be "disk"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter  | Description | Type | Required | Default
 
 | path
+| The absolute path to the directory to store cache entries within. Directory (and tree) will be created if it does not already exist
 | string
 | Yes
 | None
-| The absolute path to the directory to store cache entries within. Directory (and tree) will be created if it does not already exist
 
 | filemode
+| A https://pkg.go.dev/io/fs#FileMode[Go filemode] as an integer to use for all created files/directories. This might change in the future to support a more conventional unix permission notation
 | uint32
 | No
 | 0777
-| A https://pkg.go.dev/io/fs#FileMode[Go filemode] as an integer to use for all created files/directories. This might change in the future to support a more conventional unix permission notation
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/cache/memcache.adoc

@@ -6,38 +6,39 @@ Name should be "memcache"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter | Description | Type | Required | Default
 
 | host
+| The host of the memcache server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 | String
 | No
 | 127.0.0.1
-| The host of the memcache server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 
 | port
+| The port of the memcache server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 | int
 | No
 | 6379
-| The port of the memcache server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 
 | keyprefix
+| A prefix to use for keys stored in cache. Helps avoid collisions when multiple applications use the same memcache
 | string
 | No
 | None
-| A prefix to use for keys stored in cache. Helps avoid collisions when multiple applications use the same memcache
 
 | ttl
+| How long cache entries should persist for in seconds. Cannot be disabled.
 | uint32
 | No
 | 1 day
-| How long cache entries should persist for in seconds. Cannot be disabled.
 
 | servers
+| The list of servers to connect to supplied as an array of objects, each with a host and key parameter. This should only have a single entry when operating in standalone mode. If this is unspecified it uses the standalone `host` and `port` parameters as a default, therefore this shouldn't be specified at the same time as those
 | Array of `host` and `port`
 | No
 | host and port
-| The list of servers to connect to supplied as an array of objects, each with a host and key parameter. This should only have a single entry when operating in standalone mode. If this is unspecified it uses the standalone `host` and `port` parameters as a default, therefore this shouldn't be specified at the same time as those
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/cache/memory.adoc

@@ -8,20 +8,21 @@ Name should be "memory"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter | Description | Type | Required | Default 
 
 | maxsize
+| Maximum number of tiles to hold in the cache. Must be at least 10. Setting this too high can cause out-of-memory panics. This is not a guaranteed setting, which entry is evicted when exceeding this size is an implementation detail and the size can temporarily grow somewhat larger.
 | uint16
 | No
 | 100
-| Maximum number of tiles to hold in the cache. Must be at least 10. Setting this too high can cause out-of-memory panics. This is not a guaranteed setting, which entry is evicted when exceeding this size is an implementation detail and the size can temporarily grow somewhat larger.
 
 | ttl
+| Maximum time to live for cache entries in seconds
 | uint32
 | No
 | 3600
-| Maximum time to live for cache entries in seconds
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/cache/multi.adoc

@@ -8,14 +8,15 @@ Name should be "multi"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter | Description | Type | Required | Default
 
 | tiers
+| An array of Cache configurations. Multi should not be nested inside a Multi
 | Cache[]
 | Yes
 | None
-| An array of Cache configurations. Multi should not be nested inside a Multi
 |===
 
 Example:

docs/operation/modules/ROOT/pages/configuration/cache/redis.adoc

@@ -6,62 +6,63 @@ Name should be "redis"
 
 Configuration options:
 
+[cols="1,3,1,1,1"]
 |===
-| Parameter | Type | Required | Default | Description
+| Parameter | Description | Type | Required | Default
 
 | host
+| The host of the redis server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 | String
 | No
 | 127.0.0.1
-| The host of the redis server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 
 | port
+| The port of the redis server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 | int
 | No
 | 6379
-| The port of the redis server. A convenience equivalent to supplying `servers` with a single entry. Do not supply both this and `servers`
 
 | db
+| Database number, defaults to 0. Unused in cluster mode
 | int
 | No
 | 0
-| Database number, defaults to 0. Unused in cluster mode
 
 | keyprefix
+| A prefix to use for keys stored in cache. Serves a similar purpose as `db` in avoiding collisions when multiple applications use the same redis
 | string
 | No
 | None
-| A prefix to use for keys stored in cache. Serves a similar purpose as `db` in avoiding collisions when multiple applications use the same redis
 
 | username
+| Username to use to authenticate with redis
 | string
 | No
 | None
-| Username to use to authenticate with redis
 
 | password
+| Password to use to authenticate with redis
 | string
 | No
 | None
-| Password to use to authenticate with redis
 
 | mode
+| Controls operating mode of redis. Can be `standalone`, `ring` or `cluster`. Standalone is a single redis server. Ring distributes entries to multiple servers without any replication https://redis.uptrace.dev/guide/ring.html[(more details)]. Cluster is a proper redis cluster.
 | string
 | No
 | standalone
-| Controls operating mode of redis. Can be `standalone`, `ring` or `cluster`. Standalone is a single redis server. Ring distributes entries to multiple servers without any replication https://redis.uptrace.dev/guide/ring.html[(more details)]. Cluster is a proper redis cluster.
 
 | ttl
+| How long cache entries should persist for in seconds. Cannot be disabled.
 | uint32
 | No
 | 1 day
-| How long cache entries should persist for in seconds. Cannot be disabled.
 
 | servers
+| The list of servers to connect to supplied as an array of objects, each with a host and key parameter. This should only have a single entry when operating in standalone mode. If this is unspecified it uses the standalone `host` and `port` parameters as a default, therefore this shouldn't be specified at the same time as those
 | Array of `host` and `port`
 | No
 | host and port
-| The list of servers to connect to supplied as an array of objects, each with a host and key parameter. This should only have a single entry when operating in standalone mode. If this is unspecified it uses the standalone `host` and `port` parameters as a default, therefore this shouldn't be specified at the same time as those
 |===
 
 Example: