Last active
May 11, 2023 15:59
-
-
Save beanieboi/ad526faf063181f336a2 to your computer and use it in GitHub Desktop.
Codeship Nginx Config for Heroku
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
daemon off; | |
# Heroku dynos have at least 4 cores. | |
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>; | |
events { | |
use epoll; | |
accept_mutex on; | |
worker_connections 1024; | |
} | |
http { | |
gzip on; | |
gzip_comp_level 3; | |
gzip_min_length 150; | |
gzip_proxied any; | |
gzip_types text/plain text/css text/json text/javascript | |
application/javascript application/x-javascript application/json | |
application/rss+xml application/vnd.ms-fontobject application/x-font-ttf | |
application/xml font/opentype image/svg+xml text/xml; | |
server_tokens off; | |
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id'; | |
access_log logs/nginx/access.log l2met; | |
error_log logs/nginx/error.log; | |
include mime.types; | |
default_type application/octet-stream; | |
sendfile on; | |
# Must read the body in 5 seconds. | |
client_body_timeout 5; | |
upstream app_server { | |
server unix:<%= ENV["PUMA_SOCKET"] %> fail_timeout=0; | |
} | |
server { | |
listen <%= ENV["PORT"] %>; | |
server_name www.railsonfire.com railsonfire.com | |
www.codeship.io codeship.io | |
www.codeship.com www.staging.codeship.com; | |
return 301 $scheme://codeship.com$request_uri; | |
} | |
server { | |
listen <%= ENV["PORT"] %>; | |
server_name codeship.com staging.codeship.com; | |
keepalive_timeout 5; | |
root /app/public; # path to your app | |
location ~* ^/documentation(.*) { | |
set $s3_bucket 'docs.codeship.io.s3-website-us-east-1.amazonaws.com'; | |
set $url_full '$1'; | |
resolver 8.8.8.8 valid=300s; | |
resolver_timeout 10s; | |
index index.html; | |
proxy_hide_header x-amz-id-2; | |
proxy_hide_header x-amz-request-id; | |
proxy_hide_header Set-Cookie; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $s3_bucket; | |
proxy_ignore_headers "Set-Cookie"; | |
proxy_buffering off; | |
proxy_intercept_errors on; | |
proxy_redirect off; | |
proxy_pass http://$s3_bucket/documentation$url_full; | |
} | |
location ~* \.(eot|oft|svg|ttf|woff2?)$ { | |
add_header Access-Control-Allow-Origin *; | |
expires max; | |
log_not_found off; | |
access_log off; | |
add_header Cache-Control public; | |
} | |
location ~* ^/assets/ { | |
gzip_static on; | |
# Per RFC2616 - 1 year maximum expiry | |
expires 1y; | |
add_header Cache-Control public; | |
# Some browsers still send conditional-GET requests if there's a | |
# Last-Modified header or an ETag header even if they haven't | |
# reached the expiry date sent in the Expires header. | |
add_header Last-Modified ""; | |
add_header ETag ""; | |
break; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://app_server; | |
} | |
} | |
} |
@Pierstoval The file is pre-processed by erb
(Embedded RuBy), as far as I can tell it's expected to be installed by another buildpack.
resolver 8.8.8.8 valid=300s;
A publicly accessible DNS (google) as your resolver is a security risk, no?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What kind of nginx tag is this? Is this valid on any config? Is this coming from a specific module, or is the config file processed externally before being pushed to nginx?