Skip to content

Instantly share code, notes, and snippets.

@hfase01
Created May 21, 2012 12:58
Show Gist options
  • Save hfase01/2762193 to your computer and use it in GitHub Desktop.
Save hfase01/2762193 to your computer and use it in GitHub Desktop.
nginx diaspora
user www-data;
worker_processes 8;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_comp_level 2;
gzip_vary on;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
upstream thin_cluster {
server localhost:3000;
server localhost:3001;
server localhost:3002;
server localhost:3003;
server localhost:3004;
server localhost:3005;
server localhost:3006;
server localhost:3007;
server localhost:3008;
server localhost:3009;
server localhost:3010;
}
server {
listen 80;
server_name hfase.com www.hfase.com;
rewrite ^(.*) https://hfase.com$1 permanent;
}
#
# FIXME: specify correct value(s) for `server_name` directive and
# `ssl_certificate` + `ssl_certificate_key` directives below
#
server {
listen 443;
server_name hfase.com;
## make sure you change location if you did clone into /usr/local/app
root /home/hans/workspace/diaspora/public;
ssl on;
ssl_certificate /home/hans/hfase-ssl.crt;
ssl_certificate_key /home/hans/hfase-ssl.key;
# enable better ssl security if you like to mitigate BEAST and other exploits
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
location /uploads/images {
expires 1d;
add_header Cache-Control public;
}
location /assets {
expires 1d;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://thin_cluster;
break;
}
}
error_page 500 503 504 /500.html;
location = /500.html {
root /home/hans/workspace/diaspora/public;
}
error_page 404 /404.html;
location = /404.html {
root /home/hans/workspace/diaspora/public;
}
error_page 502 /down.html;
location = /down.html {
root /home/hans/workspace/diaspora/public;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment