chriseckhardt/gemstash-nginx.conf.erb

## gemstash-nginx.conf.erb
# This assumes deployment to a small container
worker_processes 4;

error_log  <%= log_dir %>/nginx-error.log;
pid        <%= log_dir %>/nginx.pid;

env TMPDIR=<%= log_dir %>;

events {
    worker_connections  8192;
    use epoll;
}

http {
    # Stop server from announcing own details
    server_tokens off;

    # Stop server from announcing additional headers
    more_clear_headers 'Server';
    more_clear_headers 'X-Powered-By';
    more_clear_headers 'X-Runtime';

    include       mime.types;
    include       <%= app_dir %>/config/<%= user %>-nginx.conf;

    default_type  application/octet-stream;

    access_log  <%= log_dir %>/nginx-access.log;

    sendfile        on;
    keepalive_timeout  65;
    gzip on;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_buffers 16 8k;
    gzip_types text/plain application/json text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_disable "msie6";

    server {
        # Bind to HTTP port first if provided by app. Note that you should handle SSL redirection
        # in your app if you use this option.
        <% if http_port %>
          listen <%= http_port %>;
        <% end %>
        listen <%= https_port %> ssl;

        # Only accept the default 7 HTTP METHODS
        if ($request_method !~ \A(GET|PUT|DELETE|POST|HEAD|OPTIONS|PATCH)\z) {
            return 405;
        }

        # proxy_set_header will technically override any headers that are set.
        # This is done as an extra bit of paranoia to ensure nobody can pass their own certs
        # via headers and bypass the normal verification nginx does against the certs.
        more_clear_input_headers "X-SSL-Client-Cert";

        location / {
            proxy_pass http://127.0.0.1:30965;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Request-Start "t=${msec}";
            proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
            proxy_read_timeout 120s;
        }
      }
   }
}
	# This assumes deployment to a small container
	worker_processes 4;

	error_log <%= log_dir %>/nginx-error.log;
	pid <%= log_dir %>/nginx.pid;

	env TMPDIR=<%= log_dir %>;

	events {
	worker_connections 8192;
	use epoll;
	}

	http {
	# Stop server from announcing own details
	server_tokens off;

	# Stop server from announcing additional headers
	more_clear_headers 'Server';
	more_clear_headers 'X-Powered-By';
	more_clear_headers 'X-Runtime';

	include mime.types;
	include <%= app_dir %>/config/<%= user %>-nginx.conf;

	default_type application/octet-stream;

	access_log <%= log_dir %>/nginx-access.log;

	sendfile on;
	keepalive_timeout 65;
	gzip on;
	gzip_http_version 1.1;
	gzip_comp_level 2;
	gzip_proxied any;
	gzip_buffers 16 8k;
	gzip_types text/plain application/json text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	gzip_disable "msie6";

	server {
	# Bind to HTTP port first if provided by app. Note that you should handle SSL redirection
	# in your app if you use this option.
	<% if http_port %>
	listen <%= http_port %>;
	<% end %>
	listen <%= https_port %> ssl;

	# Only accept the default 7 HTTP METHODS
	if ($request_method !~ \A(GET\|PUT\|DELETE\|POST\|HEAD\|OPTIONS\|PATCH)\z) {
	return 405;
	}

	# proxy_set_header will technically override any headers that are set.
	# This is done as an extra bit of paranoia to ensure nobody can pass their own certs
	# via headers and bypass the normal verification nginx does against the certs.
	more_clear_input_headers "X-SSL-Client-Cert";

	location / {
	proxy_pass http://127.0.0.1:30965;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Request-Start "t=${msec}";
	proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
	proxy_read_timeout 120s;
	}
	}
	}
	}