Skip to content

Instantly share code, notes, and snippets.

@denisoster
Last active Aug 20, 2021
Embed
What would you like to do?
Nginx+RoR(Puma)+Nuxt.js(node.js)+SSL+redirect
upstream icon {
server unix:/home/icon/web/site.ru/icon/shared/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
server_name site.ru www.site.ru;
rewrite ^(.+)$ https://site.ru$uri permanent;
}
server {
listen 443 ssl;
server_name www.site.ru;
rewrite ^(.+)$ https://site.ru$1 permanent;
ssl on;
ssl_certificate /home/icon/conf/web/ssl/ssl_certificate.crt;
ssl_certificate_key /home/icon/conf/web/ssl/ssl_certificate_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
}
server {
listen 443;
server_name site.ru www.site.ru;
rewrite ^/(.*)/$ /$1 permanent;
ssl on;
ssl_certificate /home/icon/conf/web/ssl/ssl_certificate.crt;
ssl_certificate_key /home/icon/conf/web/ssl/ssl_certificate_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location /api {
proxy_pass http://icon;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ \.(txt|xml.gz|xml|gz) {
root /home/icon/web/site.ru/icon/public;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
[Unit]
Description=Node application server for icon
After=network.target
[Service]
WorkingDirectory=/home/icon/web/site.ru/icon_front
Environment=NODE_ENV=production
User=icon
ExecStart=/home/icon/.asdf/shims/node /home/icon/.asdf/installs/nodejs/9.3.0/.npm/bin/nuxt /home/icon/web/site.ru/icon_front/
Restart=always
[Install]
WantedBy=multi-user.target
workers 2
threads 1, 6
app_dir = File.expand_path("../..", __FILE__)
shared_dir = "/home/icon/web/site.ru/icon/shared"
rails_env = ENV['RAILS_ENV'] || "production"
environment rails_env
bind "unix:///home/icon/web/site.ru/icon/shared/sockets/puma.sock"
stdout_redirect "/home/icon/web/site.ru/icon/log/puma.stdout.log", "/home/icon/web/site.ru/icon/log/puma.stderr.log", true
pidfile "/home/icon/web/site.ru/icon/shared/pids/puma.pid"
state_path "/home/icon/web/site.ru/icon/shared/pids/puma.state"
activate_control_app
on_worker_boot do
require "active_record"
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
ActiveRecord::Base.establish_connection(YAML.load_file("/home/icon/web/site.ru/icon/config/database.yml")[rails_env])
end
[Unit]
Description=Puma application server for icon
After=network.target
[Service]
WorkingDirectory=/home/icon/web/site.ru/icon
Environment=RAILS_ENV=production
User=icon
PIDFile=/home/icon/web/site.ru/icon/shared/pids/puma.pid
ExecStart=/home/icon/.asdf/shims/bundle exec \
/home/icon/.asdf/shims/puma \
-C /home/icon/web/site.ru/icon/config/puma.rb
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment