Created
February 6, 2016 23:53
-
-
Save leandromoreira/901789af93a2296eed42 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# we'll use 2 processors/core | |
worker_processes 2; | |
# we set a new limit for open files for our workers | |
worker_rlimit_nofile 100000; | |
# we define how we're going to work | |
events { | |
# for each worker we'll handle 4000 requests (enquee them) | |
worker_connections 4000; | |
# we'll accept multiple | |
multi_accept on; | |
# we'll use epoll as a IO event notification | |
use epoll; | |
} | |
# our server | |
http { | |
server_tokens off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
access_log off; | |
open_file_cache max=200000 inactive=20s; | |
open_file_cache_valid 30s; | |
open_file_cache_min_uses 2; | |
open_file_cache_errors on; | |
sendfile on; | |
keepalive_timeout 30; | |
reset_timedout_connection on; | |
gzip on; | |
gzip_http_version 1.0; | |
gzip_proxied any; | |
gzip_min_length 500; | |
gzip_disable "MSIE [1-6]\."; | |
# we created that folder because we save our cache in there | |
proxy_cache_path /var/lib/nginx/proxy levels=1:2 keys_zone=backcache:8m max_size=50m; | |
proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args"; | |
proxy_cache_valid 404 1m; | |
# we'll forward request to our web app at 3000 | |
upstream app_server { | |
server web:3000 fail_timeout=0; | |
} | |
server { | |
# listening at 80 | |
listen 80; | |
# compreess it | |
gzip_static on; | |
gzip_http_version 1.1; | |
gzip_proxied expired no-cache no-store private auth; | |
gzip_disable "MSIE [1-6]\."; | |
gzip_vary on; | |
# some security precautions | |
client_body_buffer_size 8K; | |
client_max_body_size 20m; | |
client_body_timeout 10s; | |
client_header_buffer_size 1k; | |
large_client_header_buffers 2 16k; | |
client_header_timeout 5s; | |
keepalive_timeout 40; | |
# let's get rid of simple attackers GET /admin/setup.php .... | |
location ~ \.(aspx|php|jsp|cgi)$ { | |
return 404; | |
} | |
# let's try to serve static files otherwise forward to app | |
try_files $uri $uri/index.html $uri.html @app; | |
# app is a proxy to our web app | |
location @app { | |
proxy_set_header X-Url-Scheme $scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_redirect off; | |
proxy_pass http://app_server; | |
} | |
# let's serve error pages | |
error_page 500 502 503 504 /500.html; | |
location = /500.html { | |
root /myapp/public; | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment