Last active
April 13, 2024 12:20
-
-
Save denisoster/170509040be7b5b1b4c937e489ad972f to your computer and use it in GitHub Desktop.
Nginx+RoR(Puma)+Nuxt.js(node.js)+SSL+redirect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream icon { | |
| server unix:/home/icon/web/site.ru/icon/shared/sockets/puma.sock fail_timeout=0; | |
| } | |
| server { | |
| listen 80; | |
| server_name site.ru www.site.ru; | |
| rewrite ^(.+)$ https://site.ru$uri permanent; | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name www.site.ru; | |
| rewrite ^(.+)$ https://site.ru$1 permanent; | |
| ssl on; | |
| ssl_certificate /home/icon/conf/web/ssl/ssl_certificate.crt; | |
| ssl_certificate_key /home/icon/conf/web/ssl/ssl_certificate_key.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; | |
| ssl_prefer_server_ciphers on; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Content-Type-Options "nosniff"; | |
| } | |
| server { | |
| listen 443; | |
| server_name site.ru www.site.ru; | |
| rewrite ^/(.*)/$ /$1 permanent; | |
| ssl on; | |
| ssl_certificate /home/icon/conf/web/ssl/ssl_certificate.crt; | |
| ssl_certificate_key /home/icon/conf/web/ssl/ssl_certificate_key.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; | |
| ssl_prefer_server_ciphers on; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Content-Type-Options "nosniff"; | |
| location /api { | |
| proxy_pass http://icon; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_redirect off; | |
| } | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection 'upgrade'; | |
| proxy_set_header Host $host; | |
| proxy_cache_bypass $http_upgrade; | |
| } | |
| location ~ \.(txt|xml.gz|xml|gz) { | |
| root /home/icon/web/site.ru/icon/public; | |
| } | |
| error_page 500 502 503 504 /500.html; | |
| client_max_body_size 4G; | |
| keepalive_timeout 10; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Node application server for icon | |
| After=network.target | |
| [Service] | |
| WorkingDirectory=/home/icon/web/site.ru/icon_front | |
| Environment=NODE_ENV=production | |
| User=icon | |
| ExecStart=/home/icon/.asdf/shims/node /home/icon/.asdf/installs/nodejs/9.3.0/.npm/bin/nuxt /home/icon/web/site.ru/icon_front/ | |
| Restart=always | |
| [Install] | |
| WantedBy=multi-user.target | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| workers 2 | |
| threads 1, 6 | |
| app_dir = File.expand_path("../..", __FILE__) | |
| shared_dir = "/home/icon/web/site.ru/icon/shared" | |
| rails_env = ENV['RAILS_ENV'] || "production" | |
| environment rails_env | |
| bind "unix:///home/icon/web/site.ru/icon/shared/sockets/puma.sock" | |
| stdout_redirect "/home/icon/web/site.ru/icon/log/puma.stdout.log", "/home/icon/web/site.ru/icon/log/puma.stderr.log", true | |
| pidfile "/home/icon/web/site.ru/icon/shared/pids/puma.pid" | |
| state_path "/home/icon/web/site.ru/icon/shared/pids/puma.state" | |
| activate_control_app | |
| on_worker_boot do | |
| require "active_record" | |
| ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished | |
| ActiveRecord::Base.establish_connection(YAML.load_file("/home/icon/web/site.ru/icon/config/database.yml")[rails_env]) | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Puma application server for icon | |
| After=network.target | |
| [Service] | |
| WorkingDirectory=/home/icon/web/site.ru/icon | |
| Environment=RAILS_ENV=production | |
| User=icon | |
| PIDFile=/home/icon/web/site.ru/icon/shared/pids/puma.pid | |
| ExecStart=/home/icon/.asdf/shims/bundle exec \ | |
| /home/icon/.asdf/shims/puma \ | |
| -C /home/icon/web/site.ru/icon/config/puma.rb | |
| [Install] | |
| WantedBy=multi-user.target | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment