danhunter/nginx_conf

## nginx_conf
user                            nginx;
worker_processes                8;
error_log                       /var/deploy/lola-live/web_head/shared/log/nginx_error.log;

events
{
    worker_connections          1024;
    accept_mutex                off;
}

http
{
    gzip                        on;
    gzip_min_length             100;
    gzip_proxied                expired no-cache no-store private auth;
    gzip_types                  text/plain application/xml text/css application/x-javascript text/javascript application/javascript;
    gzip_disable                "MSIE [1-6]\.";

    add_header                  X-Powered-By      cloud66;

    access_log                  /var/deploy/lola-live/web_head/shared/log/nginx_access.log;

    tcp_nopush                  on;
    tcp_nodelay                 off;
    ssl_session_cache           shared:SSL:10m;
    ssl_session_timeout         10m;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;

    underscores_in_headers      on;
    types_hash_max_size         2048;
    include                     mime.types;
    default_type                application/octet-stream;

    client_max_body_size        250m;

    sendfile                    on;
    server_tokens               off;
    keepalive_timeout           65;

    upstream socket_server
    {
        server unix:/tmp/web_server.sock fail_timeout=0;
    }

    upstream blog
    {
        server leopard.lola-blog-629482.c66.me;
    }

    map $http_upgrade $connection_upgrade {
        default Upgrade;
        '' close;
    }

    server {
        server_name blog.mylola.com;
        return 301 $scheme://www.mylola.com/blog$request_uri;
    }

    server
    {
        listen                  80 default_server;

        server_name             _;
        keepalive_timeout       5;
        root                    /var/deploy/lola-live/web_head/current/public;

        client_max_body_size    250m;
        # redirect to 503 if maintenance page present
        if (-f $document_root/cloud66_maintenance.html)
        {
            return 503;
        }

        # redirect on errors
        error_page              500 502 504 /50x.html;

        # handle error redirect
        location = /50x.html
        {
            proxy_pass http://placeholders.cloud66.com/nginx/50x.html;
        }

        error_page              503 @maintenance;

        location @maintenance
        {
            error_page 405 = /cloud66_maintenance.html;
            if (-f $document_root/cloud66_maintenance.html)
            {
                rewrite ^(.*)$ /cloud66_maintenance.html break;
            }
            rewrite ^(.*)$ /503.html break;
        }

        # Cross domain resource
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Accept,Origin,Content-Type,X-Spree-Token";

        location /.well-known/acme-challenge/ {
            # serve letsencrypt requests from here
            alias /etc/cloud66/webroot/;
            try_files $uri =404;
        }

        location /blog
        {
            rewrite ^/blog/(.*)$ /$1 break;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $host;
            proxy_pass http://blog;
            proxy_redirect off;
        }

        location /wp-admin
        {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $host;
            proxy_pass http://blog;
            proxy_redirect off;
        }

        location /
        {
            if ($request_method = OPTIONS)
            {
                return 204;
            }

            try_files $uri @backend;
        }

        location @backend
        {
            # Next three lines enable websocket support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        Host $http_host;
            proxy_redirect          off;

            proxy_pass  http://socket_server;
            break;
        }
        location /status
        {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
        }
    }

    server
    {
       listen   8559;
       location /status
       {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
        }
    }

    server
    {
        listen                    443;
        ssl                       on;
        ssl_ciphers               'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        ssl_dhparam               /etc/ssl/private/dhparams.pem;
        ssl_certificate_key       /etc/ssl/localcerts/lola-live.key;
        ssl_certificate           /etc/ssl/localcerts/lola-live.crt;

        server_name             _;

        client_max_body_size    250m;
        root                    /var/deploy/lola-live/web_head/current/public;

        # redirect to 503 if maintenance page present
        if (-f $document_root/cloud66_maintenance.html)
        {
            return 503;
        }

        # redirect on errors
        error_page              500 502 504 /50x.html;

        # handle error redirect
        location = /50x.html
        {
            proxy_pass http://placeholders.cloud66.com/nginx/50x.html;
        }

        error_page              503 @maintenance;

        location @maintenance
        {
            error_page 405 = /cloud66_maintenance.html;
            if (-f $document_root/cloud66_maintenance.html)
            {
                rewrite ^(.*)$ /cloud66_maintenance.html break;
            }
            rewrite ^(.*)$ /503.html break;
        }
        # Cross domain resource
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Accept,Origin,Content-Type,X-Spree-Token";

        location /blog
        {
            rewrite ^/blog/(.*)$ /$1 break;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $host;
            proxy_pass http://blog;
            proxy_redirect off;
        }

        location /wp-admin
        {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Host $host;
            proxy_pass http://blog;
            proxy_redirect off;
        }

        location /
        {
            if ($request_method = OPTIONS)
            {
                return 204;
            }

            try_files $uri @backend;
        }

        location @backend
        {
            # Next three lines enable websocket support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        Host $http_host;
            proxy_set_header        X-Forwarded-Proto https;
            proxy_redirect          off;

            proxy_pass  http://socket_server;
            break;
        }
    }
}
	user nginx;
	worker_processes 8;
	error_log /var/deploy/lola-live/web_head/shared/log/nginx_error.log;

	events
	{
	worker_connections 1024;
	accept_mutex off;
	}

	http
	{
	gzip on;
	gzip_min_length 100;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain application/xml text/css application/x-javascript text/javascript application/javascript;
	gzip_disable "MSIE [1-6]\.";

	add_header X-Powered-By cloud66;

	access_log /var/deploy/lola-live/web_head/shared/log/nginx_access.log;

	tcp_nopush on;
	tcp_nodelay off;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	underscores_in_headers on;
	types_hash_max_size 2048;
	include mime.types;
	default_type application/octet-stream;

	client_max_body_size 250m;

	sendfile on;
	server_tokens off;
	keepalive_timeout 65;

	upstream socket_server
	{
	server unix:/tmp/web_server.sock fail_timeout=0;
	}

	upstream blog
	{
	server leopard.lola-blog-629482.c66.me;
	}

	map $http_upgrade $connection_upgrade {
	default Upgrade;
	'' close;
	}

	server {
	server_name blog.mylola.com;
	return 301 $scheme://www.mylola.com/blog$request_uri;
	}

	server
	{
	listen 80 default_server;

	server_name _;
	keepalive_timeout 5;
	root /var/deploy/lola-live/web_head/current/public;

	client_max_body_size 250m;
	# redirect to 503 if maintenance page present
	if (-f $document_root/cloud66_maintenance.html)
	{
	return 503;
	}

	# redirect on errors
	error_page 500 502 504 /50x.html;

	# handle error redirect
	location = /50x.html
	{
	proxy_pass http://placeholders.cloud66.com/nginx/50x.html;
	}

	error_page 503 @maintenance;

	location @maintenance
	{
	error_page 405 = /cloud66_maintenance.html;
	if (-f $document_root/cloud66_maintenance.html)
	{
	rewrite ^(.*)$ /cloud66_maintenance.html break;
	}
	rewrite ^(.*)$ /503.html break;
	}

	# Cross domain resource
	add_header Access-Control-Allow-Origin "*";
	add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
	add_header Access-Control-Allow-Headers "Accept,Origin,Content-Type,X-Spree-Token";

	location /.well-known/acme-challenge/ {
	# serve letsencrypt requests from here
	alias /etc/cloud66/webroot/;
	try_files $uri =404;
	}

	location /blog
	{
	rewrite ^/blog/(.*)$ /$1 break;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $host;
	proxy_pass http://blog;
	proxy_redirect off;
	}

	location /wp-admin
	{
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $host;
	proxy_pass http://blog;
	proxy_redirect off;
	}

	location /
	{
	if ($request_method = OPTIONS)
	{
	return 204;
	}

	try_files $uri @backend;
	}

	location @backend
	{
	# Next three lines enable websocket support
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;

	proxy_pass http://socket_server;
	break;
	}
	location /status
	{
	stub_status on;
	access_log off;
	allow 127.0.0.1;
	deny all;
	}
	}

	server
	{
	listen 8559;
	location /status
	{
	stub_status on;
	access_log off;
	allow 127.0.0.1;
	deny all;
	}
	}

	server
	{
	listen 443;
	ssl on;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/private/dhparams.pem;
	ssl_certificate_key /etc/ssl/localcerts/lola-live.key;
	ssl_certificate /etc/ssl/localcerts/lola-live.crt;

	server_name _;

	client_max_body_size 250m;
	root /var/deploy/lola-live/web_head/current/public;

	# redirect to 503 if maintenance page present
	if (-f $document_root/cloud66_maintenance.html)
	{
	return 503;
	}

	# redirect on errors
	error_page 500 502 504 /50x.html;

	# handle error redirect
	location = /50x.html
	{
	proxy_pass http://placeholders.cloud66.com/nginx/50x.html;
	}

	error_page 503 @maintenance;

	location @maintenance
	{
	error_page 405 = /cloud66_maintenance.html;
	if (-f $document_root/cloud66_maintenance.html)
	{
	rewrite ^(.*)$ /cloud66_maintenance.html break;
	}
	rewrite ^(.*)$ /503.html break;
	}
	# Cross domain resource
	add_header Access-Control-Allow-Origin "*";
	add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
	add_header Access-Control-Allow-Headers "Accept,Origin,Content-Type,X-Spree-Token";

	location /blog
	{
	rewrite ^/blog/(.*)$ /$1 break;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $host;
	proxy_pass http://blog;
	proxy_redirect off;
	}

	location /wp-admin
	{
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $host;
	proxy_pass http://blog;
	proxy_redirect off;
	}

	location /
	{
	if ($request_method = OPTIONS)
	{
	return 204;
	}

	try_files $uri @backend;
	}

	location @backend
	{
	# Next three lines enable websocket support
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_redirect off;

	proxy_pass http://socket_server;
	break;
	}
	}
	}