mrrooijen · November 25, 2010 14:10
diff --git a/nginx.conf b/nginx.conf
 user  app;
 worker_processes  2;

 error_log   /home/app/logs/nginx.error.log  info;

 events {
    worker_connections  1024;
 }


 http {
    passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0;
    passenger_ruby /usr/local/bin/ruby;

    # Passenger never sleeps!
    passenger_pool_idle_time 0;

    # Use more instances, because memory is enough
    passenger_max_pool_size 15;

    include       mime.types;
    default_type  application/octet-stream;

    client_max_body_size 25m;

    gzip                    on;
    gzip_disable            "msie6";
    gzip_vary               on;
    gzip_min_length         512;
    gzip_buffers            256 8k;
    gzip_comp_level         3;
    gzip_proxied            any;
    gzip_types              text/plain text/css application/x-javascript text/xml application/xml;

    server_tokens           off;

    sendfile                on;
    keepalive_timeout       65;

    include /opt/nginx/conf/nginx_host.conf;

    # Start application instantly
    passenger_pre_start https://127.0.0.1/;

 }

diff --git a/nginx_host.conf b/nginx_host.conf
 server {
    listen       80;
    server_name  *.server.com

    # There is ssl-only content, so redirection is permanent
    # No need to use ssl_requirement plugin here
    rewrite ^(.*) https://$host$1 permanent;

    # Block bots who like track urls (php usually)
    location ~ \.php$ {
       deny  all;
    }
 }


 # HTTPS server
 server {
  listen       443;
  server_name  *.server.com

  ssl                  on;
  ssl_certificate      /etc/ssl/selfsigned/cert.pem;
  ssl_certificate_key  /etc/ssl/selfsigned/cert.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

  root /home/app/public_html/your_project/current/public;
  index index.html;

  passenger_enabled on;

  # Spawn 10 instances, because memory is enough 
  passenger_min_instances 10;

  error_page   500 502 504  /500.html;
  location = /50x.html {
      root   html;
  }

  # 503 -> static for POSTs could cause 405
  recursive_error_pages on;


  # Maintenance page handle
  if (-f $document_root/system/maintenance.html) {
       return 503;
  }

  error_page 503 @503;
  location @503 {
          error_page 405 = /system/maintenance.html;
          # Serve static assets if found.
          if (-f $request_filename) {
                  break;
          }
          if (-f $document_root/system/maintenance.html) {
                  rewrite ^(.*)$ /system/maintenance.html break;
          }

          rewrite ^(.*)$ /503.html break;
  }


  # Block bots who like track urls (php usually)
  location ~ \.php$ {
          deny  all;
  }

  # Set max-age headers to assets
  location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ {
      access_log off;
      expires max;
      break;
  }

 }
	user app;
	worker_processes 2;

	error_log /home/app/logs/nginx.error.log info;

	events {
	worker_connections 1024;
	}


	http {
	passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0;
	passenger_ruby /usr/local/bin/ruby;

	# Passenger never sleeps!
	passenger_pool_idle_time 0;

	# Use more instances, because memory is enough
	passenger_max_pool_size 15;

	include mime.types;
	default_type application/octet-stream;

	client_max_body_size 25m;

	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_min_length 512;
	gzip_buffers 256 8k;
	gzip_comp_level 3;
	gzip_proxied any;
	gzip_types text/plain text/css application/x-javascript text/xml application/xml;

	server_tokens off;

	sendfile on;
	keepalive_timeout 65;

	include /opt/nginx/conf/nginx_host.conf;

	# Start application instantly
	passenger_pre_start https://127.0.0.1/;

	}
	server {
	listen 80;
	server_name *.server.com

	# There is ssl-only content, so redirection is permanent
	# No need to use ssl_requirement plugin here
	rewrite ^(.*) https://$host$1 permanent;

	# Block bots who like track urls (php usually)
	location ~ \.php$ {
	deny all;
	}
	}


	# HTTPS server
	server {
	listen 443;
	server_name *.server.com

	ssl on;
	ssl_certificate /etc/ssl/selfsigned/cert.pem;
	ssl_certificate_key /etc/ssl/selfsigned/cert.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_prefer_server_ciphers on;

	root /home/app/public_html/your_project/current/public;
	index index.html;

	passenger_enabled on;

	# Spawn 10 instances, because memory is enough
	passenger_min_instances 10;

	error_page 500 502 504 /500.html;
	location = /50x.html {
	root html;
	}

	# 503 -> static for POSTs could cause 405
	recursive_error_pages on;


	# Maintenance page handle
	if (-f $document_root/system/maintenance.html) {
	return 503;
	}

	error_page 503 @503;
	location @503 {
	error_page 405 = /system/maintenance.html;
	# Serve static assets if found.
	if (-f $request_filename) {
	break;
	}
	if (-f $document_root/system/maintenance.html) {
	rewrite ^(.*)$ /system/maintenance.html break;
	}

	rewrite ^(.*)$ /503.html break;
	}


	# Block bots who like track urls (php usually)
	location ~ \.php$ {
	deny all;
	}

	# Set max-age headers to assets
	location ~* \.(png\|gif\|jpg\|jpeg\|css\|js\|swf\|ico)(\?[0-9]+)?$ {
	access_log off;
	expires max;
	break;
	}

	}