gistfile1.txt

test

upstream app_server {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).
  server unix:<%= @code_root %>/current/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
  listen                      443;

  ssl                         on;
  ssl_certificate             <%= @nginx_conf_dir %>/ssl/server_combined.crt;
  ssl_certificate_key         <%= @nginx_conf_dir %>/ssl/server.key;
  keepalive_timeout           70;
  ssl_protocols               SSLv3 TLSv1;
  ssl_ciphers                 HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers   on;
  ssl_session_cache           shared:SSL:1m;
  ssl_session_timeout         5m;

  server_name        <%= @server_name %>;
  root               <%= @code_root %>/current/public;

  location / {
    <% if @protected %>
    auth_basic            "Restricted";
    auth_basic_user_file  <%= @nginx_conf_dir %>/htpasswd;
    <% end %>

    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://app_server;
  }
  
  location /system/maintenance.html {
    return 503;
  }

  error_log  <%= @code_root %>/current/log/nginx_error.log;
  access_log  <%= @code_root %>/current/log/nginx_access.log;

  error_page 500 502 504  /500.html;
  error_page 404          /404.html;
  error_page 422          /422.html;
  error_page 503          @503;
  location @503 {
    rewrite ^(.*)$ /system/maintenance.html break;
  }
}