NikoRoberts · August 29, 2015 14:07
diff --git a/internal web server b/internal web server
  # on 10.133.0.2 - a private web server (can be used with different listen address on other web servers)
  # /etc/nginx/sites-enabled/default
  
  server {
    # only listens to private network address on port 80
    listen 10.133.0.2:80;

    charset utf-8;
    server_name localhost;
    root /location/of/rails/app/current;
    
    passenger_enabled on;
    rails_env production;

    location ~ ^/(assets)/  {
      root /location/of/rails/app/current/public;
      gzip_static on;
      expires max;
      add_header Cache-Control public;
    }
  }
diff --git a/proxy setup b/proxy setup
  # on 10.133.0.1/178.62.0.1 - the publically visible reverse proxy
  # /etc/nginx/sites-enabled/default

  upstream myservers {
    server 10.133.0.2;
    # other servers to share requests go here
  }

  server {
    # this receives the encrypted HTTPS request, decrypts and forwards unencrypted request to one of the
    #  upstream servers in the myservers group above
    
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /etc/nginx/ssl/certs/my.cer;
    ssl_certificate_key /etc/ssl/certs/my.key;
    ssl_trusted_certificate /etc/ssl/certs/my_provider_trusted_ca.pem;

    location / {
      proxy_pass http://myservers;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
	# on 10.133.0.2 - a private web server (can be used with different listen address on other web servers)
	# /etc/nginx/sites-enabled/default

	server {
	# only listens to private network address on port 80
	listen 10.133.0.2:80;

	charset utf-8;
	server_name localhost;
	root /location/of/rails/app/current;

	passenger_enabled on;
	rails_env production;

	location ~ ^/(assets)/ {
	root /location/of/rails/app/current/public;
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	}
	}
	# on 10.133.0.1/178.62.0.1 - the publically visible reverse proxy
	# /etc/nginx/sites-enabled/default

	upstream myservers {
	server 10.133.0.2;
	# other servers to share requests go here
	}

	server {
	# this receives the encrypted HTTPS request, decrypts and forwards unencrypted request to one of the
	# upstream servers in the myservers group above

	listen 443 ssl spdy;

	ssl on;
	ssl_certificate /etc/nginx/ssl/certs/my.cer;
	ssl_certificate_key /etc/ssl/certs/my.key;
	ssl_trusted_certificate /etc/ssl/certs/my_provider_trusted_ca.pem;

	location / {
	proxy_pass http://myservers;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}