Skip to content

Instantly share code, notes, and snippets.

@YesThatAllen
Created January 9, 2014 02:25
Show Gist options
  • Save YesThatAllen/8328404 to your computer and use it in GitHub Desktop.
Save YesThatAllen/8328404 to your computer and use it in GitHub Desktop.
nginx conf used to host our discourse community, where any http request is moved to https for delivery
# Additional MIME types that you'd like nginx to handle go in here
types {
text/csv csv;
}
upstream discourse {
server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
}
# If you are going to use Puma, use these:
#
# upstream discourse {
# server unix:/var/www/discourse/tmp/sockets/puam.sock;
# }
server {
listen 80;
server_name community.watchmanmonitoring.com;
rewrite ^/(.*)$ https://$server_name/$1 permanent;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/our.crt;
ssl_certificate_key /etc/ssl/private/our.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
gzip on;
gzip_min_length 1000;
gzip_types application/json text/css application/x-javascript;
server_name community.watchmanmonitoring.com;
sendfile on;
keepalive_timeout 65;
# maximum file upload size (keep up to date when changing the corresponding site setting)
client_max_body_size 2m;
# path to discourse's public directory
set $public /var/www/discourse/public;
location / {
root $public;
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
expires 1y;
add_header Cache-Control public;
}
location ~ ^/assets/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
break;
}
location ~ ^/uploads/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
#if ($invalid_referer) {
# return 403;
#}
# custom CSS
location ~ /stylesheet-cache/ { try_files $uri =404; }
# images
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ { try_files $uri =404; }
# thumbnails & optimized images
location ~ /_optimized/ { try_files $uri =404; }
# attachments must go through the rails application to get the right content-disposition header
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
proxy_pass http://discourse;
break;
}
try_files $uri @discourse;
}
location /downloads/ {
internal;
alias $public/;
}
location @discourse {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://discourse;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment