Skip to content

Instantly share code, notes, and snippets.

@denisoster
Last active April 13, 2024 12:17
Show Gist options
  • Save denisoster/0ea67a1b1d803eca214f1e7d7de75e8d to your computer and use it in GitHub Desktop.
Save denisoster/0ea67a1b1d803eca214f1e7d7de75e8d to your computer and use it in GitHub Desktop.
Nginx+RoR(Puma)+SSL+redirect
upstream site {
server unix:/home/site/web/site.com.ua/site/shared/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
server_name site.com.ua www.site.com.ua;
rewrite ^(.+)$ https://site.com.ua$uri permanent;
}
server {
listen 443 ssl;
server_name www.site.com.ua;
rewrite ^(.+)$ https://site.com.ua$1 permanent;
ssl on;
ssl_certificate /home/site/conf/web/ssl/ssl_certificate.crt;
ssl_certificate_key /home/site/conf/web/ssl/ssl_certificate_key.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
server {
listen 443 ssl;
server_name site.com.ua;
rewrite ^/(.*)/$ /$1 permanent;
root /home/site/web/site.com.ua/site/public;
access_log /var/log/nginx/domains/site.com.ua.log combined;
access_log /var/log/nginx/domains/site.com.ua.bytes bytes;
error_log /var/log/nginx/domains/site.com.ua.error.log error;
ssl on;
ssl_certificate /home/site/conf/web/ssl/ssl_certificate.crt;
ssl_certificate_key /home/site/conf/web/ssl/ssl_certificate_key.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
try_files $uri/index.html $uri @site;
location @site {
proxy_pass http://site;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
if ( $request_filename ~ proekty/ ) {
rewrite ^ https://site.com.ua/projects? permanent;
}
}
workers 2
threads 1, 6
app_dir = File.expand_path("../..", __FILE__)
shared_dir = "/home/site/web/site.com.ua/site/shared"
rails_env = ENV['RAILS_ENV'] || "production"
environment rails_env
bind "unix:///home/site/web/site.com.ua/site/shared/sockets/puma.sock"
stdout_redirect "/home/site/web/site.com.ua/site/log/puma.stdout.log", "/home/site/web/site.com.ua/site/log/puma.stderr.log", true
pidfile "/home/site/web/site.com.ua/site/shared/pids/puma.pid"
state_path "/home/site/web/site.com.ua/site/shared/pids/puma.state"
activate_control_app
on_worker_boot do
require "active_record"
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
ActiveRecord::Base.establish_connection(YAML.load_file("/home/site/web/site.com.ua/site/config/database.yml")[rails_env])
end
[Unit]
Description=Puma application server for site
After=network.target
[Service]
WorkingDirectory=/home/site/web/site.com.ua/site
Environment=RAILS_ENV=production
User=site
PIDFile=/home/site/web/site.com.ua/site/shared/pids/puma.pid
ExecStart=/home/site/.rbenv/shims/bundle exec \
/home/site/.rbenv/shims/puma \
-C /home/site/web/site.com.ua/site/config/puma.rb
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment