Skip to content

Instantly share code, notes, and snippets.

@beanieboi
Last active May 11, 2023 15:59
Show Gist options
  • Save beanieboi/ad526faf063181f336a2 to your computer and use it in GitHub Desktop.
Save beanieboi/ad526faf063181f336a2 to your computer and use it in GitHub Desktop.
Codeship Nginx Config for Heroku
daemon off;
# Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
worker_connections 1024;
}
http {
gzip on;
gzip_comp_level 3;
gzip_min_length 150;
gzip_proxied any;
gzip_types text/plain text/css text/json text/javascript
application/javascript application/x-javascript application/json
application/rss+xml application/vnd.ms-fontobject application/x-font-ttf
application/xml font/opentype image/svg+xml text/xml;
server_tokens off;
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log logs/nginx/access.log l2met;
error_log logs/nginx/error.log;
include mime.types;
default_type application/octet-stream;
sendfile on;
# Must read the body in 5 seconds.
client_body_timeout 5;
upstream app_server {
server unix:<%= ENV["PUMA_SOCKET"] %> fail_timeout=0;
}
server {
listen <%= ENV["PORT"] %>;
server_name www.railsonfire.com railsonfire.com
www.codeship.io codeship.io
www.codeship.com www.staging.codeship.com;
return 301 $scheme://codeship.com$request_uri;
}
server {
listen <%= ENV["PORT"] %>;
server_name codeship.com staging.codeship.com;
keepalive_timeout 5;
root /app/public; # path to your app
location ~* ^/documentation(.*) {
set $s3_bucket 'docs.codeship.io.s3-website-us-east-1.amazonaws.com';
set $url_full '$1';
resolver 8.8.8.8 valid=300s;
resolver_timeout 10s;
index index.html;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $s3_bucket;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
proxy_redirect off;
proxy_pass http://$s3_bucket/documentation$url_full;
}
location ~* \.(eot|oft|svg|ttf|woff2?)$ {
add_header Access-Control-Allow-Origin *;
expires max;
log_not_found off;
access_log off;
add_header Cache-Control public;
}
location ~* ^/assets/ {
gzip_static on;
# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
@Pierstoval
Copy link

worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;

What kind of nginx tag is this? Is this valid on any config? Is this coming from a specific module, or is the config file processed externally before being pushed to nginx?

@p-himik
Copy link

p-himik commented Feb 7, 2018

@Pierstoval The file is pre-processed by erb (Embedded RuBy), as far as I can tell it's expected to be installed by another buildpack.

@stephengardner
Copy link

stephengardner commented Apr 6, 2018

resolver 8.8.8.8 valid=300s;
A publicly accessible DNS (google) as your resolver is a security risk, no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment