YesThatAllen/gist:8328404

## gistfile1.nginxconf
# Additional MIME types that you'd like nginx to handle go in here
types {
    text/csv                    csv;
}

upstream discourse {
  server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
}

# If you are going to use Puma, use these:
#
# upstream discourse {
#   server unix:/var/www/discourse/tmp/sockets/puam.sock;
# }

server {

  listen 80;
  server_name community.watchmanmonitoring.com;

  rewrite ^/(.*)$ https://$server_name/$1 permanent;
}

server {
  listen 443 ssl;
  ssl_certificate     /etc/ssl/our.crt;
  ssl_certificate_key /etc/ssl/private/our.key;
  ssl_prefer_server_ciphers       on;

  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  gzip on;
  gzip_min_length 1000;
  gzip_types application/json text/css application/x-javascript;

  server_name community.watchmanmonitoring.com;

  sendfile on;

  keepalive_timeout 65;

  # maximum file upload size (keep up to date when changing the corresponding site setting)
  client_max_body_size 2m;

  # path to discourse's public directory
  set $public /var/www/discourse/public;

  location / {
    root $public;

    location ~* \.(eot|ttf|woff)$ {
	    add_header Access-Control-Allow-Origin *;
	    expires 1y;
        add_header Cache-Control public;
	}

    location ~ ^/assets/ {
      expires 1y;
      add_header Cache-Control public;
      add_header ETag "";
      break;
    }

    location ~ ^/uploads/ {
      expires 1y;
      add_header Cache-Control public;
      add_header ETag "";

      ## optional upload anti-hotlinking rules
      #valid_referers none blocked mysite.com *.mysite.com;
      #if ($invalid_referer) {
      #  return 403;
      #}

      # custom CSS
      location ~ /stylesheet-cache/ { try_files $uri =404; }
      # images
      location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ { try_files $uri =404; }
      # thumbnails & optimized images
      location ~ /_optimized/ { try_files $uri =404; }

      # attachments must go through the rails application to get the right content-disposition header
      proxy_set_header X-Sendfile-Type X-Accel-Redirect;
      proxy_set_header X-Accel-Mapping $public/=/downloads/;
      proxy_pass http://discourse;
      break;
    }

    try_files $uri @discourse;
  }

  location /downloads/ {
    internal;
    alias $public/;
  }

  location @discourse {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;

    proxy_pass http://discourse;
  }

}
	# Additional MIME types that you'd like nginx to handle go in here
	types {
	text/csv csv;
	}

	upstream discourse {
	server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
	server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
	server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
	server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
	}

	# If you are going to use Puma, use these:
	#
	# upstream discourse {
	# server unix:/var/www/discourse/tmp/sockets/puam.sock;
	# }

	server {

	listen 80;
	server_name community.watchmanmonitoring.com;

	rewrite ^/(.*)$ https://$server_name/$1 permanent;
	}

	server {
	listen 443 ssl;
	ssl_certificate /etc/ssl/our.crt;
	ssl_certificate_key /etc/ssl/private/our.key;
	ssl_prefer_server_ciphers on;

	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	gzip on;
	gzip_min_length 1000;
	gzip_types application/json text/css application/x-javascript;

	server_name community.watchmanmonitoring.com;

	sendfile on;

	keepalive_timeout 65;

	# maximum file upload size (keep up to date when changing the corresponding site setting)
	client_max_body_size 2m;

	# path to discourse's public directory
	set $public /var/www/discourse/public;

	location / {
	root $public;

	location ~* \.(eot\|ttf\|woff)$ {
	add_header Access-Control-Allow-Origin *;
	expires 1y;
	add_header Cache-Control public;
	}

	location ~ ^/assets/ {
	expires 1y;
	add_header Cache-Control public;
	add_header ETag "";
	break;
	}

	location ~ ^/uploads/ {
	expires 1y;
	add_header Cache-Control public;
	add_header ETag "";

	## optional upload anti-hotlinking rules
	#valid_referers none blocked mysite.com *.mysite.com;
	#if ($invalid_referer) {
	# return 403;
	#}

	# custom CSS
	location ~ /stylesheet-cache/ { try_files $uri =404; }
	# images
	location ~* \.(gif\|png\|jpg\|jpeg\|bmp\|tif\|tiff)$ { try_files $uri =404; }
	# thumbnails & optimized images
	location ~ /_optimized/ { try_files $uri =404; }

	# attachments must go through the rails application to get the right content-disposition header
	proxy_set_header X-Sendfile-Type X-Accel-Redirect;
	proxy_set_header X-Accel-Mapping $public/=/downloads/;
	proxy_pass http://discourse;
	break;
	}

	try_files $uri @discourse;
	}

	location /downloads/ {
	internal;
	alias $public/;
	}

	location @discourse {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;

	proxy_pass http://discourse;
	}

	}