avsej/installation.sh

## installation.sh
  $ cd /usr/src
  $ wget http://nginx.org/download/nginx-0.8.52.tar.gz
  $ tar xzvf ./nginx-0.8.52.tar.gz
  $ rm ./nginx-0.8.52.tar.gz

  $ gem install s3sync capistrano capistrano-ext passenger --no-ri --no-rdoc
  $ passenger-install-nginx-module
  # Automatically download and install Nginx?           2. No: I want to customize my Nginx installation
  # Where is your Nginx source code located?:           /usr/src/nginx-0.8.52
  # Where do you want to install Nginx to?:             /opt/nginx
  # Extra Nginx configure options

  --with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module

## nginx.conf
user  app;
worker_processes  2;

error_log   /home/app/logs/nginx.error.log  info;

events {
    worker_connections  1024;
}


http {
    passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0;
    passenger_ruby /usr/local/bin/ruby;

    # Passenger never sleeps!
    passenger_pool_idle_time 0;

    # Use more instances, because memory is enough
    passenger_max_pool_size 15;

    include       mime.types;
    default_type  application/octet-stream;

    client_max_body_size 25m;

    gzip                    on;
    gzip_http_version       1.1;
    gzip_disable            "msie6";

    # Don't forget to gzip your assets before you run, gzip -c -n -3 application.css > application.css.gz
    gzip_static             on;

    gzip_vary               on;
    gzip_min_length         512;
    gzip_buffers            256 8k;
    gzip_comp_level         3;
    gzip_proxied            any;
    gzip_types              text/plain text/css application/x-javascript text/xml application/xml;

    server_tokens           off;

    sendfile                on;
    keepalive_timeout       65;

    include /opt/nginx/conf/nginx_host.conf;

    # Start application instantly
    passenger_pre_start https://127.0.0.1/;

}


## nginx_host.conf
server {
    listen       80;
    server_name  *.server.com

    # There is ssl-only content, so redirection is permanent
    # No need to use ssl_requirement plugin here
    rewrite ^(.*) https://$host$1 permanent;

    # Block bots who like track urls (php usually)
    location ~ \.php$ {
       deny  all;
    }

    access_log off;
    error_log off;
}


# HTTPS server
server {
  listen       443 default ssl;
  server_name  *.server.com

  ssl                         on;
  ssl_certificate             /etc/ssl/selfsigned/cert.pem;
  ssl_certificate_key         /etc/ssl/selfsigned/cert.key;
  ssl_session_timeout         5m;
  ssl_protocols               SSLv2 SSLv3 TLSv1;
  ssl_ciphers                 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

  root /home/app/public_html/your_project/current/public;

  error_page   500 502 504  /500.html;
  location = /50x.html {
      root   html;
  }

  # try_files is more recommended than if-then conditional exp
  try_files $uri /system/maintenance.html @passenger;


  # Setup Rails specific directives,  you can use rack_env for any Rack app, for example Rails3
  location @passenger {
    passenger_enabled on;
    passenger_min_instances 5;
    rails_env production;
    passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;
  }


  # Limit HTTP requests types
  if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
    return 405;
  }


  # Block bots who like track urls (php usually)
  location ~ \.php$ {
          deny  all;
  }

  # Set max-age headers to assets
  # Since SSL content is not cached on hard disk, once the memory cache is full, the non-pubic SSL files are not cached at all. So add the extra http header
  location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ {
      access_log off;
      error_log off;
      expires max;
      add_header Cache-Control public;

      if_modified_since off;
      add_header Last-Modified "";
  }

  # There is no need to touch Rails stack for wrong urls (as well as extensions) in assets directories
  location ~ ^/(images|javascripts|stylesheets|system)/  {
    error_page 404 /404.html;
  }


  access_log  /home/app/logs/your_project.access.log;
  error_log  /home/app/logs/your_project.error.log;

}
	$ cd /usr/src
	$ wget http://nginx.org/download/nginx-0.8.52.tar.gz
	$ tar xzvf ./nginx-0.8.52.tar.gz
	$ rm ./nginx-0.8.52.tar.gz

	$ gem install s3sync capistrano capistrano-ext passenger --no-ri --no-rdoc
	$ passenger-install-nginx-module
	# Automatically download and install Nginx? 2. No: I want to customize my Nginx installation
	# Where is your Nginx source code located?: /usr/src/nginx-0.8.52
	# Where do you want to install Nginx to?: /opt/nginx
	# Extra Nginx configure options

	--with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module
	user app;
	worker_processes 2;

	error_log /home/app/logs/nginx.error.log info;

	events {
	worker_connections 1024;
	}


	http {
	passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0;
	passenger_ruby /usr/local/bin/ruby;

	# Passenger never sleeps!
	passenger_pool_idle_time 0;

	# Use more instances, because memory is enough
	passenger_max_pool_size 15;

	include mime.types;
	default_type application/octet-stream;

	client_max_body_size 25m;

	gzip on;
	gzip_http_version 1.1;
	gzip_disable "msie6";

	# Don't forget to gzip your assets before you run, gzip -c -n -3 application.css > application.css.gz
	gzip_static on;

	gzip_vary on;
	gzip_min_length 512;
	gzip_buffers 256 8k;
	gzip_comp_level 3;
	gzip_proxied any;
	gzip_types text/plain text/css application/x-javascript text/xml application/xml;

	server_tokens off;

	sendfile on;
	keepalive_timeout 65;

	include /opt/nginx/conf/nginx_host.conf;

	# Start application instantly
	passenger_pre_start https://127.0.0.1/;

	}
	server {
	listen 80;
	server_name *.server.com

	# There is ssl-only content, so redirection is permanent
	# No need to use ssl_requirement plugin here
	rewrite ^(.*) https://$host$1 permanent;

	# Block bots who like track urls (php usually)
	location ~ \.php$ {
	deny all;
	}

	access_log off;
	error_log off;
	}


	# HTTPS server
	server {
	listen 443 default ssl;
	server_name *.server.com

	ssl on;
	ssl_certificate /etc/ssl/selfsigned/cert.pem;
	ssl_certificate_key /etc/ssl/selfsigned/cert.key;
	ssl_session_timeout 5m;
	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_prefer_server_ciphers on;

	root /home/app/public_html/your_project/current/public;

	error_page 500 502 504 /500.html;
	location = /50x.html {
	root html;
	}

	# try_files is more recommended than if-then conditional exp
	try_files $uri /system/maintenance.html @passenger;


	# Setup Rails specific directives, you can use rack_env for any Rack app, for example Rails3
	location @passenger {
	passenger_enabled on;
	passenger_min_instances 5;
	rails_env production;
	passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;
	}


	# Limit HTTP requests types
	if ($request_method !~ ^(GET\|HEAD\|PUT\|POST\|DELETE\|OPTIONS)$ ){
	return 405;
	}


	# Block bots who like track urls (php usually)
	location ~ \.php$ {
	deny all;
	}

	# Set max-age headers to assets
	# Since SSL content is not cached on hard disk, once the memory cache is full, the non-pubic SSL files are not cached at all. So add the extra http header
	location ~* \.(png\|gif\|jpg\|jpeg\|css\|js\|swf\|ico)(\?[0-9]+)?$ {
	access_log off;
	error_log off;
	expires max;
	add_header Cache-Control public;

	if_modified_since off;
	add_header Last-Modified "";
	}

	# There is no need to touch Rails stack for wrong urls (as well as extensions) in assets directories
	location ~ ^/(images\|javascripts\|stylesheets\|system)/ {
	error_page 404 /404.html;
	}


	access_log /home/app/logs/your_project.access.log;
	error_log /home/app/logs/your_project.error.log;

	}