avsej/gist:735996

## gistfile1.txt
# Enable upload_progress module for easy cross browser progress bar support
# using only javascript client side
upload_progress foobar_uploads 1m;

server {
  # We only need one server block to deal with HTTP and HTTPS
  # avoids duplication
  listen 80;
  listen 443 default ssl;

  server_name foobar.com;

  # Sort out redirects
  ## If it has come from localhost - dont mess, handy for services running locally
  if ($host  = localhost   ) { break; }
  ## If another domain name has resolved to this server (e.g. www.foobar.com)
  ## then redirect it permanently to the name we really want
  if ($host != $server_name) { rewrite ^ $scheme://$server_name$request_uri permanent; }

  # Rails isn't interested by default in any other type of request
  # so deal with them here
  if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  # We follow a convention of each site having it's own user account
  # with a Capistrano esque layout
  root /home/foobar/foobar/current/public;

  # PCI Compliant settings
  ssl_protocols             SSLv3 TLSv1;
  ssl_ciphers               ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH;
  ssl_prefer_server_ciphers on;

  # Do not forget to include all certificates for chain in this file
  ssl_certificate           /etc/nginx/certificates/foobar.com.crt;
  ssl_certificate_key       /etc/nginx/certificates/foobar.com.key;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;

  # Your favorite error pages
  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;

  # Simple way to serve static content and maintenance page if maintenance page present
  try_files $uri /maintenance.html @passenger;

  # We are not interested in uploads that are larger than 10MB
  client_max_body_size 10m;

  # Reached if no maintenance page or static content can fulfill request
  location @passenger {
    passenger_enabled       on;
    passenger_min_instances 2;

    rack_env production;

    # Make sure that Rails knows whether the connection was encrypted or not
    passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;

    # Enable tracking of POST requests
    track_uploads foobar_uploads 30s;
  }

  # Enable monitoring of POST requests reported in JSON
  location /progress {
    upload_progress_json_output;
    report_uploads foobar_uploads;
  }

  access_log  /var/log/nginx/foobar.access.log;
}

# Starts passenger after nginx is rebooted
# Rather than on first request
passenger_pre_start http://foobar.com/;
	# Enable upload_progress module for easy cross browser progress bar support
	# using only javascript client side
	upload_progress foobar_uploads 1m;

	server {
	# We only need one server block to deal with HTTP and HTTPS
	# avoids duplication
	listen 80;
	listen 443 default ssl;

	server_name foobar.com;

	# Sort out redirects
	## If it has come from localhost - dont mess, handy for services running locally
	if ($host = localhost ) { break; }
	## If another domain name has resolved to this server (e.g. www.foobar.com)
	## then redirect it permanently to the name we really want
	if ($host != $server_name) { rewrite ^ $scheme://$server_name$request_uri permanent; }

	# Rails isn't interested by default in any other type of request
	# so deal with them here
	if ($request_method !~ ^(GET\|HEAD\|PUT\|POST\|DELETE\|OPTIONS)$ ){
	return 405;
	}

	# We follow a convention of each site having it's own user account
	# with a Capistrano esque layout
	root /home/foobar/foobar/current/public;

	# PCI Compliant settings
	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH;
	ssl_prefer_server_ciphers on;

	# Do not forget to include all certificates for chain in this file
	ssl_certificate /etc/nginx/certificates/foobar.com.crt;
	ssl_certificate_key /etc/nginx/certificates/foobar.com.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Your favorite error pages
	error_page 404 /404.html;
	error_page 422 /422.html;
	error_page 500 /500.html;

	# Simple way to serve static content and maintenance page if maintenance page present
	try_files $uri /maintenance.html @passenger;

	# We are not interested in uploads that are larger than 10MB
	client_max_body_size 10m;

	# Reached if no maintenance page or static content can fulfill request
	location @passenger {
	passenger_enabled on;
	passenger_min_instances 2;

	rack_env production;

	# Make sure that Rails knows whether the connection was encrypted or not
	passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;

	# Enable tracking of POST requests
	track_uploads foobar_uploads 30s;
	}

	# Enable monitoring of POST requests reported in JSON
	location /progress {
	upload_progress_json_output;
	report_uploads foobar_uploads;
	}

	access_log /var/log/nginx/foobar.access.log;
	}

	# Starts passenger after nginx is rebooted
	# Rather than on first request
	passenger_pre_start http://foobar.com/;