yannick · June 12, 2013 17:07
diff --git a/hot_reload b/hot_reload
 #!/bin/bash
 kill -USR2 `cat tmp/pids/unicorn.pid`

diff --git a/nginx.conf b/nginx.conf

 #user html;
 worker_processes  6;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info;

 #pid        logs/nginx.pid;


 events {
    worker_connections  1024;
 }


 http {
    include       mime.types;
    default_type  application/octet-stream;
    ssl_certificate      cert/star.rayneer.tv.chain.crt;
    ssl_certificate_key  cert/star.rayneer.tv.key;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

        server_names_hash_bucket_size 64;
    server_names_hash_max_size 2048;
    client_max_body_size 150m;
    client_body_buffer_size 128k;
    log_format  main  'remote_addr=$remote_addr\t'
                       'remote_user=$remote_user\t'
                       'time_local=$time_local\t'
                       'request=$request\t'
                      'status=$status\t'
                      'body_bytes_sent=$body_bytes_sent\t'
                      'http_referer=$http_referer\t'
                      'http_user_agent=$http_user_agent\t'
                      'http_x_cluster_client_ip=$http_X_Cluster_Client_Ip\t'
                      'cookies=$http_cookie\t'
                      'http_host=$http_host\t'
                      'accept_lang=$http_accept_language\t'
                      ;

    access_log  /var/log/nginx/default_access.log  main;

   include /etc/nginx/conf/wildcard.conf;	

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
  location / {
      rewrite     ^(.*)   https://web.rayneer.tv$1 permanent;
    }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443;
    #    server_name  localhost;

    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers   on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

 }
diff --git a/wildcard.conf b/wildcard.conf
 server {
 #  listen 80;
  listen 443 ssl;
  # For static stuff
  #root /srv/http/$host;

  # Prefer to serve static files directly from nginx to avoid unnecessary
  # data copies from the application server.
  #
  # try_files directive appeared in in nginx 0.7.27 and has stabilized
  # over time.  Older versions of nginx (e.g. 0.6.x) requires
  # "if (!-f $request_filename)" which was less efficient:
  # http://bogomips.org/unicorn.git/tree/examples/n
  # try_files $uri/index.html $uri.html $uri @app;
  
  # Rails error pages
  error_page 500 502 503 504 @error_page;
  
  # this handles 50x errors that happen via upstream proxy,
  # when the normal error_page directive alone is not enough.
  location @error_page {
    root /srv/http/$host/public;
    internal;
    rewrite ^ /500.html;
    break;
  }
  
  
  # Compress everything [tm]
  gzip on;
  gzip_static on;
  gzip_proxied any;
  
  # Not for silly ie
  gzip_disable  "MSIE [1-6]\.";
  gzip_http_version 1.0;
  gzip_types text/plain text/xml text/css
             text/comma-separated-values
             text/javascript application/x-javascript
             application/atom+xml;
  
  proxy_connect_timeout 400;
  client_header_timeout 400;
 client_body_timeout 400;

  location ~ "^/assets/.*-[a-z0-9]{32}.\w+" {
    root /srv/http/$host/public;
     
   add_header Pragma no-cache;
   add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
   add_header Cache-Control "post-check=0, pre-check=0";

    # Some browsers still send conditional-GET requests if there's a
    # Last-Modified header or an ETag header even if they haven't
    # reached the expiry date sent in the Expires header.
    add_header Last-Modified "";
    add_header ETag "";
    break;
  }

  location ~ ^/assets/ {
    root /srv/http/$host/public;
    expires 1m;
    break;
  }
  
  
  root /srv/http/$host/public;
  try_files $uri $uri.html @unicorn;
  
  location @unicorn {
    proxy_pass http://unix:/srv/http/$host/unicorn.sock;

      proxy_set_header X-Real-IP $remote_addr;

      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;

    # Forward original host name to be seen in unicorn
    proxy_set_header Host $host;

    # Server name and address like being available in PHP
    proxy_set_header SERVER_NAME $server_name;
    proxy_set_header SERVER_ADDR $server_addr;

    # The real client IP address - header has ben setup by Zeus
    proxy_set_header X-Real-IP   $http_x_cluster_client_ip;
    
    # Important to not show rails 500 erros (ensure that no stack traces are shown in public)
    proxy_intercept_errors on;
  }


 }

	#user html;
	worker_processes 6;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	#error_log logs/error.log info;

	#pid logs/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include mime.types;
	default_type application/octet-stream;
	ssl_certificate cert/star.rayneer.tv.chain.crt;
	ssl_certificate_key cert/star.rayneer.tv.key;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	sendfile on;
	tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;

	server_names_hash_bucket_size 64;
	server_names_hash_max_size 2048;
	client_max_body_size 150m;
	client_body_buffer_size 128k;
	log_format main 'remote_addr=$remote_addr\t'
	'remote_user=$remote_user\t'
	'time_local=$time_local\t'
	'request=$request\t'
	'status=$status\t'
	'body_bytes_sent=$body_bytes_sent\t'
	'http_referer=$http_referer\t'
	'http_user_agent=$http_user_agent\t'
	'http_x_cluster_client_ip=$http_X_Cluster_Client_Ip\t'
	'cookies=$http_cookie\t'
	'http_host=$http_host\t'
	'accept_lang=$http_accept_language\t'
	;

	access_log /var/log/nginx/default_access.log main;

	include /etc/nginx/conf/wildcard.conf;

	server {
	listen 80;
	server_name localhost;

	#charset koi8-r;

	#access_log logs/host.access.log main;
	location / {
	rewrite ^(.*) https://web.rayneer.tv$1 permanent;
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
	#
	#location ~ \.php$ {
	# proxy_pass http://127.0.0.1;
	#}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	# root html;
	# fastcgi_pass 127.0.0.1:9000;
	# fastcgi_index index.php;
	# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
	# include fastcgi_params;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	}


	# another virtual host using mix of IP-, name-, and port-based configuration
	#
	#server {
	# listen 8000;
	# listen somename:8080;
	# server_name somename alias another.alias;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}


	# HTTPS server
	#
	#server {
	# listen 443;
	# server_name localhost;

	# ssl on;
	# ssl_certificate cert.pem;
	# ssl_certificate_key cert.key;

	# ssl_session_timeout 5m;

	# ssl_protocols SSLv2 SSLv3 TLSv1;
	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;

	# location / {
	# root html;
	# index index.html index.htm;
	# }
	#}

	}
	server {
	# listen 80;
	listen 443 ssl;
	# For static stuff
	#root /srv/http/$host;

	# Prefer to serve static files directly from nginx to avoid unnecessary
	# data copies from the application server.
	#
	# try_files directive appeared in in nginx 0.7.27 and has stabilized
	# over time. Older versions of nginx (e.g. 0.6.x) requires
	# "if (!-f $request_filename)" which was less efficient:
	# http://bogomips.org/unicorn.git/tree/examples/n
	# try_files $uri/index.html $uri.html $uri @app;

	# Rails error pages
	error_page 500 502 503 504 @error_page;

	# this handles 50x errors that happen via upstream proxy,
	# when the normal error_page directive alone is not enough.
	location @error_page {
	root /srv/http/$host/public;
	internal;
	rewrite ^ /500.html;
	break;
	}


	# Compress everything [tm]
	gzip on;
	gzip_static on;
	gzip_proxied any;

	# Not for silly ie
	gzip_disable "MSIE [1-6]\.";
	gzip_http_version 1.0;
	gzip_types text/plain text/xml text/css
	text/comma-separated-values
	text/javascript application/x-javascript
	application/atom+xml;

	proxy_connect_timeout 400;
	client_header_timeout 400;
	client_body_timeout 400;

	location ~ "^/assets/.*-[a-z0-9]{32}.\w+" {
	root /srv/http/$host/public;

	add_header Pragma no-cache;
	add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
	add_header Cache-Control "post-check=0, pre-check=0";

	# Some browsers still send conditional-GET requests if there's a
	# Last-Modified header or an ETag header even if they haven't
	# reached the expiry date sent in the Expires header.
	add_header Last-Modified "";
	add_header ETag "";
	break;
	}

	location ~ ^/assets/ {
	root /srv/http/$host/public;
	expires 1m;
	break;
	}


	root /srv/http/$host/public;
	try_files $uri $uri.html @unicorn;

	location @unicorn {
	proxy_pass http://unix:/srv/http/$host/unicorn.sock;

	proxy_set_header X-Real-IP $remote_addr;

	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	# Forward original host name to be seen in unicorn
	proxy_set_header Host $host;

	# Server name and address like being available in PHP
	proxy_set_header SERVER_NAME $server_name;
	proxy_set_header SERVER_ADDR $server_addr;

	# The real client IP address - header has ben setup by Zeus
	proxy_set_header X-Real-IP $http_x_cluster_client_ip;

	# Important to not show rails 500 erros (ensure that no stack traces are shown in public)
	proxy_intercept_errors on;
	}


	}