Created
November 18, 2014 06:41
-
-
Save deevis/ef5071d6d251acae765f to your computer and use it in GitHub Desktop.
Nginx, Faye, Nodejs and SSL configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NGINX - Configured to forward root domain requests to SSL, subdomains w/o SSL, and to upgrade /faye to websocket | |
| -------------------------------------------------------------------------------------------------------------------- | |
| upstream my_app_upstream { | |
| server unix:///var/run/my_app/my_app.sock; | |
| } | |
| server { | |
| listen 80; | |
| server_name mydomain.com; | |
| if ($scheme = http) { | |
| return 301 https://$host$request_uri; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| listen 443 ssl; | |
| ssl_certificate /etc/ssl/mydomain_bundle.crt; | |
| ssl_certificate_key /etc/ssl/mydomain.key; | |
| server_name mydomain.com *.mydomain.com; | |
| root /home/my_app/pyr-my_app/public; | |
| gzip on; | |
| gzip_http_version 1.1; | |
| gzip_vary on; | |
| gzip_comp_level 6; | |
| gzip_proxied any; | |
| gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
| gzip_buffers 32 8k; | |
| gzip_min_length 4196; | |
| if (-f $document_root/system/maintenance.html) { | |
| rewrite ^(.*)$ /system/maintenance.html break; | |
| } | |
| location / { | |
| proxy_pass http://my_app_upstream; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_redirect off; | |
| #limit_req zone=one burst=15 nodelay; | |
| } | |
| # WebSocket Upgrades to Faye Server | |
| # curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: mydomain.com" -H "Origin: https://mydomain.com" https://mydomain.com/faye | |
| location /faye { | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| # Use your faye ip address and port to go direct to the node-backed Faye service | |
| proxy_pass http://54.83.25.223:9292/faye; | |
| break; | |
| } | |
| location ~ ^/(assets|system|uploads|favicon.ico|robots.txt)/ { | |
| gzip_static on; # to serve pre-gzipped version | |
| expires max; | |
| add_header Cache-Control public; | |
| #limit_req zone=one burst=15 nodelay; | |
| } | |
| } | |
| ~/.bashrc | |
| ---------------------------------------------------------- | |
| export FAYE_SERVER=https://mydomain.com/faye | |
| export RAILS_ENV="production" | |
| faye.js - no need for SSL. NGINX has already handled that and passed control directly | |
| ------------------------------------------------------------------------------------------ | |
| var http = require('http'), | |
| faye = require('faye'); | |
| var server = http.createServer(), | |
| bayeux = new faye.NodeAdapter({mount: '/faye', timeout: 45}); | |
| bayeux.attach(server); | |
| server.listen(9292); | |
| ~ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment