-
-
Save soulim/763707 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cd /usr/src | |
| $ wget http://nginx.org/download/nginx-0.8.52.tar.gz | |
| $ tar xzvf ./nginx-0.8.52.tar.gz | |
| $ rm ./nginx-0.8.52.tar.gz | |
| $ gem install s3sync capistrano capistrano-ext passenger --no-ri --no-rdoc | |
| $ passenger-install-nginx-module | |
| # Automatically download and install Nginx? 2. No: I want to customize my Nginx installation | |
| # Where is your Nginx source code located?: /usr/src/nginx-0.8.52 | |
| # Where do you want to install Nginx to?: /opt/nginx | |
| # Extra Nginx configure options | |
| --with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user app; | |
| worker_processes 2; | |
| error_log /home/app/logs/nginx.error.log info; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0; | |
| passenger_ruby /usr/local/bin/ruby; | |
| # Passenger never sleeps! | |
| passenger_pool_idle_time 0; | |
| # Use more instances, because memory is enough | |
| passenger_max_pool_size 15; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| client_max_body_size 25m; | |
| gzip on; | |
| gzip_http_version 1.1; | |
| gzip_disable "msie6"; | |
| # Don't forget to gzip your assets before you run, gzip -c -n -3 application.css > application.css.gz | |
| gzip_static on; | |
| gzip_vary on; | |
| gzip_min_length 512; | |
| gzip_buffers 256 8k; | |
| gzip_comp_level 3; | |
| gzip_proxied any; | |
| gzip_types text/plain text/css application/x-javascript text/xml application/xml; | |
| server_tokens off; | |
| sendfile on; | |
| keepalive_timeout 65; | |
| include /opt/nginx/conf/nginx_host.conf; | |
| # Start application instantly | |
| passenger_pre_start https://127.0.0.1/; | |
| } | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name *.server.com | |
| # There is ssl-only content, so redirection is permanent | |
| # No need to use ssl_requirement plugin here | |
| rewrite ^(.*) https://$host$1 permanent; | |
| # Block bots who like track urls (php usually) | |
| location ~ \.php$ { | |
| deny all; | |
| } | |
| access_log off; | |
| error_log off; | |
| } | |
| # HTTPS server | |
| server { | |
| listen 443 default ssl; | |
| server_name *.server.com | |
| ssl on; | |
| ssl_certificate /etc/ssl/selfsigned/cert.pem; | |
| ssl_certificate_key /etc/ssl/selfsigned/cert.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
| ssl_prefer_server_ciphers on; | |
| root /home/app/public_html/your_project/current/public; | |
| error_page 500 502 504 /500.html; | |
| location = /50x.html { | |
| root html; | |
| } | |
| error_page 503 @503; | |
| location @503 { | |
| error_page 405 = /system/maintenance.html; | |
| if (-f $document_root/system/maintenance.html) { | |
| rewrite ^(.*)$ /system/maintenance.html break; | |
| } | |
| rewrite ^(.*)$ /503.html break; | |
| } | |
| # try_files is more recommended than if-then conditional exp | |
| try_files $uri /system/maintenance.html @passenger; | |
| # Setup Rails specific directives, you can use rack_env for any Rack app, for example Rails3 | |
| location @passenger { | |
| passenger_enabled on; | |
| passenger_min_instances 5; | |
| rails_env production; | |
| passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme; | |
| } | |
| # Limit HTTP requests types | |
| if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){ | |
| return 405; | |
| } | |
| if (-f $document_root/system/maintenance.html) { | |
| return 503; | |
| } | |
| # Block bots who like track urls (php usually) | |
| location ~ \.php$ { | |
| deny all; | |
| } | |
| # Set max-age headers to assets | |
| # Since SSL content is not cached on hard disk, once the memory cache is full, the non-pubic SSL files are not cached at all. So add the extra http header | |
| location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ { | |
| access_log off; | |
| error_log off; | |
| expires max; | |
| add_header Cache-Control public; | |
| #if_modified_since off; | |
| #add_header Last-Modified ""; | |
| } | |
| # There is no need to touch Rails stack for wrong urls (as well as extensions) in assets directories | |
| location ~ ^/(images|javascripts|stylesheets|system)/ { | |
| error_page 404 /404.html; | |
| } | |
| access_log /home/app/logs/your_project.access.log; | |
| error_log /home/app/logs/your_project.error.log; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment