Created
May 21, 2012 12:58
-
-
Save hfase01/2762193 to your computer and use it in GitHub Desktop.
nginx diaspora
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user www-data; | |
| worker_processes 8; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 2048; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| sendfile on; | |
| keepalive_timeout 65; | |
| server_tokens off; | |
| gzip on; | |
| gzip_comp_level 2; | |
| gzip_vary on; | |
| gzip_proxied any; | |
| gzip_buffers 16 8k; | |
| gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
| gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
| upstream thin_cluster { | |
| server localhost:3000; | |
| server localhost:3001; | |
| server localhost:3002; | |
| server localhost:3003; | |
| server localhost:3004; | |
| server localhost:3005; | |
| server localhost:3006; | |
| server localhost:3007; | |
| server localhost:3008; | |
| server localhost:3009; | |
| server localhost:3010; | |
| } | |
| server { | |
| listen 80; | |
| server_name hfase.com www.hfase.com; | |
| rewrite ^(.*) https://hfase.com$1 permanent; | |
| } | |
| # | |
| # FIXME: specify correct value(s) for `server_name` directive and | |
| # `ssl_certificate` + `ssl_certificate_key` directives below | |
| # | |
| server { | |
| listen 443; | |
| server_name hfase.com; | |
| ## make sure you change location if you did clone into /usr/local/app | |
| root /home/hans/workspace/diaspora/public; | |
| ssl on; | |
| ssl_certificate /home/hans/hfase-ssl.crt; | |
| ssl_certificate_key /home/hans/hfase-ssl.key; | |
| # enable better ssl security if you like to mitigate BEAST and other exploits | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_timeout 5m; | |
| #ssl_protocols TLSv1; | |
| #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
| #ssl_prefer_server_ciphers on; | |
| add_header Strict-Transport-Security max-age=500; | |
| #ssl_ecdh_curve secp521r1; | |
| location /uploads/images { | |
| expires 1d; | |
| add_header Cache-Control public; | |
| } | |
| location /assets { | |
| expires 1d; | |
| add_header Cache-Control public; | |
| } | |
| location / { | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_redirect off; | |
| client_max_body_size 4M; | |
| client_body_buffer_size 128K; | |
| if (-f $request_filename/index.html) { | |
| rewrite (.*) $1/index.html break; | |
| } | |
| if (-f $request_filename.html) { | |
| rewrite (.*) $1.html break; | |
| } | |
| if (!-f $request_filename) { | |
| proxy_pass http://thin_cluster; | |
| break; | |
| } | |
| } | |
| error_page 500 503 504 /500.html; | |
| location = /500.html { | |
| root /home/hans/workspace/diaspora/public; | |
| } | |
| error_page 404 /404.html; | |
| location = /404.html { | |
| root /home/hans/workspace/diaspora/public; | |
| } | |
| error_page 502 /down.html; | |
| location = /down.html { | |
| root /home/hans/workspace/diaspora/public; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment