nginx_full.conf

upstream accounting_secure {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).
  server unix:/var/apps/[FILTERED]/current/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
  listen                      443;

  ssl                         on;
  ssl_certificate             /etc/nginx/ssl/accounting_secure_combined.crt;
  ssl_certificate_key         /etc/nginx/ssl/accounting_secure.key;
  keepalive_timeout           70;
  ssl_protocols               SSLv3 TLSv1;
  ssl_ciphers                 HIGH:!ADH:RC4-MD5;
  ssl_prefer_server_ciphers   on;
  ssl_session_cache           shared:SSL:1m;
  ssl_session_timeout         5m;

  server_name        [FILTERED];
  root               /var/apps/[FILTERED]/current/public;
  

  location / {
    try_files $uri @503-check;
  }
  
  location @503-check {

    rewrite ^/r-[a-z0-9]+/(.*)$ /$1;
    
    if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)\?[0-9]+$") {
      expires max;
      break;
    }
  
    if (-f $document_root/system/maintenance.html) {
      return 503;
    }

    try_files $uri $uri/index.html @proxy;
  }

  location @proxy {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://accounting_secure;
  }
                      
  error_log  /var/apps/[FILTERED]/current/log/nginx_error.log;
  access_log  /var/apps/[FILTERED]/current/log/nginx_access.log main;

  error_page 500          /500.html;
  error_page 502          /502.html;
  error_page 504          /504.html;
  error_page 404          /404.html;
  error_page 422          /422.html;
  error_page 503          /system/maintenance.html;
}