huned · March 23, 2014 01:14
diff --git a/- b/-
 # <%= hostname %>
 #
 # Serves a Rails app via SSL. If nginx finds a rule to handle the request, use
 # it; unhandled requests are proxied upstream to a puma server.
 #
 # Notes:
 #
 # * Assumes SSL. Non-SSL requests are redirected to their SSL equivalents.
 # * Assumes SSL certificate and key at ...
 # * Assumes that rails app is served via puma at ...
 #
 <% upstream_hostname = "upstream-#{hostname.gsub('.', '_')}" %>

 # Redirect non-SSL requests to their SSL equivalents.
 server {
  listen              80;
  server_name         <%= hostname %>;
  return              301 https://<%= hostname %>$request_uri;
 }

 # App server.
 upstream <%= upstream_hostname %> {
  server              unix:/home/deploy/upper-chord-server/shared/tmp/sockets/puma.sock;
 }

 # Web server.
 server {
  listen              443 ssl;
  server_name         <%= hostname %>;

  # SSL
  ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_certificate     <%= root %>/../../shared/public.crt;
  ssl_certificate_key <%= root %>/../../shared/private.key;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  # Root at the app's public/ directory.
  root                <%= root %>;

  # Rewrite all requests to maintenance.html if that file exists.
  # Used for capistrano's web:disable task.
  if (-f $document_root/maintenance.html) {
    rewrite           ^(.*)$ /maintenance.html last;
    break;
  }

  # Rewrite rules for /assets.
  location ~ /assets/ {
    root              <%= root %>;
    expires           max;
    add_header        Cache-Control public;
  }

  # Rewrite rules for /.
  location / {
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;

    # Serve a static file directly if it exists.
    if (-f $request_filename) {
      break;
    }

    # Serve a directory's static index.html if it exists.
    if (-f $request_filename/index.html) {
      rewrite         (.*) $1/index.html break;
    }

    # If statically cached html of the request exists, then rewrite the
    # request so it ends with .html. Allows us to serve the cached html.
    if (-f $request_filename.html) {
      rewrite         (.*) $1.html break;
    }

    # Proxy everything else to the upstream app server.
    if (!-f $request_filename) {
      proxy_pass      http://<%= upstream_hostname %>;
      break;
    }
  } # location
 } # server
	# <%= hostname %>
	#
	# Serves a Rails app via SSL. If nginx finds a rule to handle the request, use
	# it; unhandled requests are proxied upstream to a puma server.
	#
	# Notes:
	#
	# * Assumes SSL. Non-SSL requests are redirected to their SSL equivalents.
	# * Assumes SSL certificate and key at ...
	# * Assumes that rails app is served via puma at ...
	#
	<% upstream_hostname = "upstream-#{hostname.gsub('.', '_')}" %>

	# Redirect non-SSL requests to their SSL equivalents.
	server {
	listen 80;
	server_name <%= hostname %>;
	return 301 https://<%= hostname %>$request_uri;
	}

	# App server.
	upstream <%= upstream_hostname %> {
	server unix:/home/deploy/upper-chord-server/shared/tmp/sockets/puma.sock;
	}

	# Web server.
	server {
	listen 443 ssl;
	server_name <%= hostname %>;

	# SSL
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
	ssl_certificate <%= root %>/../../shared/public.crt;
	ssl_certificate_key <%= root %>/../../shared/private.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	# Root at the app's public/ directory.
	root <%= root %>;

	# Rewrite all requests to maintenance.html if that file exists.
	# Used for capistrano's web:disable task.
	if (-f $document_root/maintenance.html) {
	rewrite ^(.*)$ /maintenance.html last;
	break;
	}

	# Rewrite rules for /assets.
	location ~ /assets/ {
	root <%= root %>;
	expires max;
	add_header Cache-Control public;
	}

	# Rewrite rules for /.
	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;

	# Serve a static file directly if it exists.
	if (-f $request_filename) {
	break;
	}

	# Serve a directory's static index.html if it exists.
	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}

	# If statically cached html of the request exists, then rewrite the
	# request so it ends with .html. Allows us to serve the cached html.
	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}

	# Proxy everything else to the upstream app server.
	if (!-f $request_filename) {
	proxy_pass http://<%= upstream_hostname %>;
	break;
	}
	} # location
	} # server