-
-
Save sofadesign/715443 to your computer and use it in GitHub Desktop.
Nginx+passenger application config: ssl redirection, http headers, passenger optimal settings. see details: http://mikhailov.posterous.com/nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user app; | |
worker_processes 2; | |
error_log /home/app/logs/nginx.error.log info; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0; | |
passenger_ruby /usr/local/bin/ruby; | |
# Passenger never sleeps! | |
passenger_pool_idle_time 0; | |
# Use more instances, because memory is enough | |
passenger_max_pool_size 15; | |
include mime.types; | |
default_type application/octet-stream; | |
client_max_body_size 25m; | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_vary on; | |
gzip_min_length 512; | |
gzip_buffers 256 8k; | |
gzip_comp_level 3; | |
gzip_proxied any; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml; | |
server_tokens off; | |
sendfile on; | |
keepalive_timeout 65; | |
include /opt/nginx/conf/nginx_host.conf; | |
# Start application instantly | |
passenger_pre_start https://127.0.0.1/; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name *.server.com | |
# There is ssl-only content, so redirection is permanent | |
# No need to use ssl_requirement plugin here | |
rewrite ^(.*) https://$host$1 permanent; | |
# Block bots who like track urls (php usually) | |
location ~ \.php$ { | |
deny all; | |
} | |
} | |
# HTTPS server | |
server { | |
listen 443; | |
server_name *.server.com | |
ssl on; | |
ssl_certificate /etc/ssl/selfsigned/cert.pem; | |
ssl_certificate_key /etc/ssl/selfsigned/cert.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
ssl_prefer_server_ciphers on; | |
root /home/app/public_html/your_project/current/public; | |
index index.html; | |
passenger_enabled on; | |
# Spawn 10 instances, because memory is enough | |
passenger_min_instances 10; | |
error_page 500 502 504 /500.html; | |
location = /50x.html { | |
root html; | |
} | |
# 503 -> static for POSTs could cause 405 | |
recursive_error_pages on; | |
# Maintenance page handle | |
if (-f $document_root/system/maintenance.html) { | |
return 503; | |
} | |
error_page 503 @503; | |
location @503 { | |
error_page 405 = /system/maintenance.html; | |
# Serve static assets if found. | |
if (-f $request_filename) { | |
break; | |
} | |
if (-f $document_root/system/maintenance.html) { | |
rewrite ^(.*)$ /system/maintenance.html break; | |
} | |
rewrite ^(.*)$ /503.html break; | |
} | |
# Block bots who like track urls (php usually) | |
location ~ \.php$ { | |
deny all; | |
} | |
# Set max-age headers to assets | |
location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ { | |
access_log off; | |
expires max; | |
break; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment