Configure nginx for rails

configure_nginx_rails.rb

#!/usr/bin/env ruby

require 'erb'

puts "Generating nginx config..."

app_root    = Dir.getwd
app_name    = File.basename(app_root)
public_path = File.join(app_root, 'public')

puts "\nGenerate SSL certificate? (y/n)"
generate_ssl = gets.chomp =~ %r{^y|Y$}

file_path = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
config_template = File.read(File.expand_path('../../templates/nginx_rails.conf.erb', file_path))
output = ERB.new(config_template)

conf_file = "/usr/local/etc/nginx/sites-available/#{app_name}.dev.conf"
conf_link = "/usr/local/etc/nginx/sites-enabled/#{app_name}.dev.conf"

File.open(File.join(conf_file), 'w+') do |f|
  f.write output.result
end

File.unlink(conf_link) if File.exists?(conf_link)

File.symlink(conf_file, conf_link)

puts File.read(conf_link)

if generate_ssl
  puts "For 'Common Name' enter: #{app_name}.dev\n"
  Dir.chdir "/usr/local/etc/nginx/"

  # generate private key and certificate signing request
  `openssl req -new -nodes -keyout #{app_name}.key -out #{app_name}.csr`

  # generate certificate
  `openssl x509 -req -days 365 -in #{app_name}.csr -signkey #{app_name}.key -out #{app_name}.crt`

  puts "To instruct browsers to trust the self-signed certificate on Mac OSX, visit:"
  puts "http://www.robpeck.com/2010/10/google-chrome-mac-os-x-and-self-signed-ssl-certificates/#.UslLAWRDs4Q"
end

gistfile1.txt

# require 'rails-dev-boost'

# Create a development.local.rb and/or a test.local.rb from this example
Settings.configure do |s|
  s.ssl.enabled  = true
  # s.ssl.forced  = true

  # s.protocol = s.ssl.forced? ? :https : :http
  # s.secure_protocol = s.ssl.enabled? ? :https : :http
end

Platform::Application.configure do
  config.default_url_options = {}
  config.default_url_options[:host]     = Settings.domain.root
  config.default_url_options[:protocol] = Settings.protocol
end

nginx_conf.erb

upstream <%= app_name %> {
    # server 127.0.0.1:3000; # rails default
    server unix:/tmp/unicorn.<%= app_name %>.sock fail_timeout=0;   # unicorn
}

server {
    listen 80;
    server_name <%= app_name %>.dev;
    root <%= public_path %>;

    try_files $uri/index.html $uri.html $uri @app;

    location @app {
      proxy_set_header  X-Real-IP         $remote_addr;
      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header  Host              $http_host;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_set_header  X-Queue-Start     "t=${msec}";

      proxy_redirect off;

      proxy_pass http://<%= app_name %>;
    }
}

<% if generate_ssl %>
server {
    listen 443;
    server_name <%= app_name %>.dev;
    root <%= public_path %>;

    try_files $uri/index.html $uri.html $uri @app;

    ssl                  on;
    ssl_certificate      <%= app_name %>.crt;
    ssl_certificate_key  <%= app_name %>.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location @app {
      proxy_set_header  X-Real-IP         $remote_addr;
      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header  Host              $http_host;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_set_header  X-Queue-Start     "t=${msec}";

      proxy_redirect off;

      proxy_pass http://<%= app_name %>;
    }
}
<% end %>