jwatson/gist:5307444

## gistfile1.nginxconf
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    use epoll;
    accept_mutex off;
}

http {
    charset utf-8;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 75 60;
    proxy_read_timeout 200;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_min_length 1000;
    gzip_disable "msie6";
    gzip_proxied any;
    gzip_comp_level 9;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    # Docs claim that 1MB of session cache will store ~4000 connections.
    # 10MB should be OK for a while.
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # AWS does not (yet) have widespread support for AES-NI, so use
    # RC4 instead. Explicitly disble support for Ephemeral Diffie-Hellman,
    # since it's the slowest handshake protocol.
    ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
    ssl_prefer_server_ciphers on;

    ssl_certificate <YOUR_SSL_CERT>;
    ssl_certificate_key <YOUR_SSL_KEY>;

    # HSTS: remember this for 365 days.
    add_header Strict-Transport-Security max-age=31536000;

    # Disable frames to avoid clickjacking.
    add_header X-Frame-Options DENY;

    # Listen on 80 but force HTTPS.
    server {
        return 301 https://$host$request_uri;
    }

    # Default SSL server.
    server {
        listen 443 default_server ssl;

        server_name <SERVER_NAME>;

        client_body_buffer_size 8K;
        client_header_buffer_size 1K;
        client_max_body_size 2M;
        large_client_header_buffers 2 1K;

        root /home/ubuntu/HockeyKit/server/php/public;

        rewrite /stats/userlist.txt$ /stats;

        location / {
            try_files $uri $uri/ /index.php?$args;
            index index.php;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi_params;
        }

        # Set a far-future expires header for static content.
        location ~* \.(css|ico|js|jpg|png) {
            auth_basic off;
            access_log off;
            expires max;
            add_header Cache-Control public;
        }

        location /stats {
            auth_basic "Restricted";
            auth_basic_user_file htaccess;
            index index.php;
	}

	location /favicon.ico {
	    return 204;
	    access_log off;
            log_not_found off;
	}

	location /apple-touch-icon-precomposed.png {
	    return 204;
	    access_log off;
            log_not_found off;
        }
    }
}
	user www-data;
	worker_processes 1;
	pid /var/run/nginx.pid;

	events {
	worker_connections 1024;
	use epoll;
	accept_mutex off;
	}

	http {
	charset utf-8;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 75 60;
	proxy_read_timeout 200;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_min_length 1000;
	gzip_disable "msie6";
	gzip_proxied any;
	gzip_comp_level 9;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	# Docs claim that 1MB of session cache will store ~4000 connections.
	# 10MB should be OK for a while.
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	# AWS does not (yet) have widespread support for AES-NI, so use
	# RC4 instead. Explicitly disble support for Ephemeral Diffie-Hellman,
	# since it's the slowest handshake protocol.
	ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
	ssl_prefer_server_ciphers on;

	ssl_certificate <YOUR_SSL_CERT>;
	ssl_certificate_key <YOUR_SSL_KEY>;

	# HSTS: remember this for 365 days.
	add_header Strict-Transport-Security max-age=31536000;

	# Disable frames to avoid clickjacking.
	add_header X-Frame-Options DENY;

	# Listen on 80 but force HTTPS.
	server {
	return 301 https://$host$request_uri;
	}

	# Default SSL server.
	server {
	listen 443 default_server ssl;

	server_name <SERVER_NAME>;

	client_body_buffer_size 8K;
	client_header_buffer_size 1K;
	client_max_body_size 2M;
	large_client_header_buffers 2 1K;

	root /home/ubuntu/HockeyKit/server/php/public;

	rewrite /stats/userlist.txt$ /stats;

	location / {
	try_files $uri $uri/ /index.php?$args;
	index index.php;
	}

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	# Set a far-future expires header for static content.
	location ~* \.(css\|ico\|js\|jpg\|png) {
	auth_basic off;
	access_log off;
	expires max;
	add_header Cache-Control public;
	}

	location /stats {
	auth_basic "Restricted";
	auth_basic_user_file htaccess;
	index index.php;
	}

	location /favicon.ico {
	return 204;
	access_log off;
	log_not_found off;
	}

	location /apple-touch-icon-precomposed.png {
	return 204;
	access_log off;
	log_not_found off;
	}
	}
	}