noomerikal · August 29, 2015 14:19
diff --git a/nginx.conf b/nginx.conf
 # Puma upstream
 upstream puma {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).

  # for UNIX domain socket setups:
  server unix:/mnt/project/api/shared/tmp/sockets/puma.sock fail_timeout=0;
 }

 server {
  listen 80 default_server;

  server_name www.example.com example.com;
  root /mnt/project/frontend/current;

  # Optimize for versioned assets
  location ~ ^/(styles|images|scripts|fonts)/ {
    expires 1y;
    add_header Cache-Control public;
    gzip_static on; # to serve pre-gzipped version

    # Some browsers still send conditional-GET requests if there's a
    # Last-Modified header or an ETag header even if they haven't
    # reached the expiry date sent in the Expires header.
    add_header Last-Modified "";
    add_header ETag "";
    break;
  }

  # Favicon
  location ~* \.ico$ {
    expires 1w;
    add_header Cache-Control "public";
    break;
  }

  # Force SSL
  location / {
    rewrite ^(.*)$ https://www.example.com$1 permanent;
    break;
  }
 }

 server {
  listen 443 ssl default_server;

  ssl_certificate /etc/nginx/ssl/project.crt;
  ssl_certificate_key /etc/nginx/ssl/project.key;
  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  server_name www.example.com;

  # For the ELB health checks
  location /elb-status {
    access_log off;
    return 200;
    break;
  }

  location / {
    return 301 $scheme://www.example.com$request_uri;
  }
 }

 server {
  listen 443 ssl;

  ssl_certificate /etc/nginx/ssl/project.crt;
  ssl_certificate_key /etc/nginx/ssl/project.key;
  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  server_name www.example.com;
  root /mnt/project/frontend/current;

  # Optimize for versioned assets
  location ~ ^/(styles|images|scripts|fonts)/ {
    expires 1y;
    add_header Cache-Control public;
    gzip_static on; # to serve pre-gzipped version

    # Some browsers still send conditional-GET requests if there's a
    # Last-Modified header or an ETag header even if they haven't
    # reached the expiry date sent in the Expires header.
    add_header Last-Modified "";
    add_header ETag "";
    break;
  }

  # Favicon
  location ~* \.ico$ {
    expires 1w;
    add_header Cache-Control "public";
    break;
  }

  # Proxy to our API
  location ~ ^/(api|oauth|assets)/ {
    proxy_pass  http://puma;
    proxy_redirect     off;

    proxy_set_header   Host              $host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Request-Start   "t=${msec}000";
    proxy_set_header   X-Forwarded-Proto $scheme;

    client_max_body_size       10m;
    client_body_buffer_size    128k;

    proxy_connect_timeout      120s;
    proxy_send_timeout         120s;
    proxy_read_timeout         120s;

    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
  }
 }
	# Puma upstream
	upstream puma {
	# fail_timeout=0 means we always retry an upstream even if it failed
	# to return a good HTTP response (in case the Unicorn master nukes a
	# single worker for timing out).

	# for UNIX domain socket setups:
	server unix:/mnt/project/api/shared/tmp/sockets/puma.sock fail_timeout=0;
	}

	server {
	listen 80 default_server;

	server_name www.example.com example.com;
	root /mnt/project/frontend/current;

	# Optimize for versioned assets
	location ~ ^/(styles\|images\|scripts\|fonts)/ {
	expires 1y;
	add_header Cache-Control public;
	gzip_static on; # to serve pre-gzipped version

	# Some browsers still send conditional-GET requests if there's a
	# Last-Modified header or an ETag header even if they haven't
	# reached the expiry date sent in the Expires header.
	add_header Last-Modified "";
	add_header ETag "";
	break;
	}

	# Favicon
	location ~* \.ico$ {
	expires 1w;
	add_header Cache-Control "public";
	break;
	}

	# Force SSL
	location / {
	rewrite ^(.*)$ https://www.example.com$1 permanent;
	break;
	}
	}

	server {
	listen 443 ssl default_server;

	ssl_certificate /etc/nginx/ssl/project.crt;
	ssl_certificate_key /etc/nginx/ssl/project.key;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	server_name www.example.com;

	# For the ELB health checks
	location /elb-status {
	access_log off;
	return 200;
	break;
	}

	location / {
	return 301 $scheme://www.example.com$request_uri;
	}
	}

	server {
	listen 443 ssl;

	ssl_certificate /etc/nginx/ssl/project.crt;
	ssl_certificate_key /etc/nginx/ssl/project.key;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	server_name www.example.com;
	root /mnt/project/frontend/current;

	# Optimize for versioned assets
	location ~ ^/(styles\|images\|scripts\|fonts)/ {
	expires 1y;
	add_header Cache-Control public;
	gzip_static on; # to serve pre-gzipped version

	# Some browsers still send conditional-GET requests if there's a
	# Last-Modified header or an ETag header even if they haven't
	# reached the expiry date sent in the Expires header.
	add_header Last-Modified "";
	add_header ETag "";
	break;
	}

	# Favicon
	location ~* \.ico$ {
	expires 1w;
	add_header Cache-Control "public";
	break;
	}

	# Proxy to our API
	location ~ ^/(api\|oauth\|assets)/ {
	proxy_pass http://puma;
	proxy_redirect off;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Request-Start "t=${msec}000";
	proxy_set_header X-Forwarded-Proto $scheme;

	client_max_body_size 10m;
	client_body_buffer_size 128k;

	proxy_connect_timeout 120s;
	proxy_send_timeout 120s;
	proxy_read_timeout 120s;

	proxy_buffer_size 4k;
	proxy_buffers 4 32k;
	proxy_busy_buffers_size 64k;
	proxy_temp_file_write_size 64k;
	}
	}