Nginx configs for Unicorn and Passenger Enterprise

nginx.passenger.conf

user www-data www-data;
worker_processes 4; # Rule of thumb is 1 process per core.

error_log logs/error.log;
pid /var/run/nginx.pid;

events {
  worker_connections 1024;
  use epoll;
}

http {
  passenger_root /path/to/passenger-enterprise-server-version;
  passenger_ruby /path/to/ruby;

  passenger_user_switching on;
  passenger_default_user www-data;
  passenger_spawn_method smart;
  passenger_min_instances 12;
  passenger_max_pool_size 24;
  passenger_pool_idle_time 20;
  passenger_max_requests 2000; # If your Passenger processes use more memory over time.
  passenger_max_preloader_idle_time 0;

  # Passenger Enterprise only configs.
  passenger_concurrency_model process;
  passenger_rolling_restarts on;
  passenger_resist_deployment_errors on;
  passenger_max_request_time 0;
  passenger_memory_limit 400; # Tweak this according to instance memory / no. of instances

  # Turn on cache for file descriptors.
  open_file_cache max=1000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  include mime.types;
  default_type application/octet-stream;

  access_log off;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

  # Apache 'combined' log format, but logging X-REAL-IP header for reverse proxied servers.
  log_format reverse_proxied '$http_x_real_ip - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent "$http_referer" '
                             '"$http_user_agent" "$http_x_forwarded_for"';

  sendfile on;
  tcp_nodelay on;
  tcp_nopush on;
  keepalive_timeout 32;
  server_names_hash_bucket_size 128;
  server_tokens off;

  gzip on;
  gzip_min_length 512;
  gzip_proxied any;
  gzip_types text/plain text/xhtml text/xml text/css text/javascript application/json application/x-javascript application/javascript application/xml;

  server {
    listen 80 default;
    server_name _;

    access_log /usr/local/nginx/logs/appname.access.log reverse_proxied;
    error_log /usr/local/nginx/logs/appname.error.log;

    rack_env production;

    root /var/apps/appname/current/public;

    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # Rewrite all the requests to the maintenance.html page if it exists in the doc root.
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html last;
      break;
    }

    # Serve files (CSS, JS, images) in assets/ directory directly,
    # with Expires header in the far future.
    location /assets/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
      break;
    }

    location / {
      passenger_enabled on;

      if (-f $request_filename/index.html) {
        rewrite (.*) $1/index.html break;
      }
    }

    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /var/railsapps/appname/current/public;
    }
  }
}

nginx.unicorn.conf

user www-data www-data;
worker_processes 4; # Rule of thumb is 1 process per core.

error_log logs/error.log;
pid /var/run/nginx.pid;

events {
  worker_connections 1024;
  use epoll;
}

http {
  # Turn on cache for file descriptors.
  open_file_cache max=1000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  include mime.types;
  default_type application/octet-stream;

  access_log off;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

  # Apache 'combined' log format, but logging X-REAL-IP header for reverse proxied servers.
  log_format reverse_proxied '$http_x_real_ip - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent "$http_referer" '
                             '"$http_user_agent" "$http_x_forwarded_for"';

  sendfile on;
  tcp_nodelay on;
  tcp_nopush on;
  keepalive_timeout 32;
  server_names_hash_bucket_size 64;
  server_tokens off;

  gzip on;
  gzip_vary on;
  gzip_min_length 512;
  gzip_proxied any;
  gzip_types text/plain text/xhtml text/xml text/css text/javascript application/json application/x-javascript application/javascript application/xml;

  upstream unicorn {
    server unix:/tmp/unicorn.appname.sock fail_timeout=0;
  }

  server {
    listen 80 default;
    server_name _;

    access_log /usr/local/nginx/logs/appname.access.log reverse_proxied;
    error_log /usr/local/nginx/logs/appname.error.log;

    root /var/apps/appname/current/public;

    # Rewrite all the requests to the maintenance.html page if it exists in the doc root.
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html last;
      break;
    }

    # Serve files (CSS, JS, images) in assets/ directory directly,
    # with Expires header in the far future.
    location /assets/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
      break;
    }

    location / {
      try_files $uri/index.html $uri @unicorn;
    }

    location @unicorn {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_redirect off;
      proxy_pass http://unicorn;
    }

    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /var/apps/appname/current/public;
    }

    keepalive_timeout 5;
  }
}