marvindanig/nginx_conf.erb

## nginx_conf.erb
upstream puma_<%= fetch(:nginx_config_name) %> { <%
  @backends = [fetch(:puma_bind)].flatten.map do |m|
  etype, address  = /(tcp|unix|ssl):\/{1,2}(.+)/.match(m).captures
  if etype == 'unix'
    "server #{etype}:#{address} #{fetch(:nginx_socket_flags)};"
  else
    "server #{address.gsub(/0\.0\.0\.0(.+)/, "127.0.0.1\\1")} #{fetch(:nginx_http_flags)};"
  end
end
%><% @backends.each do |server| %>
  <%= server %><% end %>
}

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    server_name <%= fetch(:nginx_server_name) %> www.<%= fetch(:nginx_server_name) %>;
    rewrite ^(.*) https://$host$1$request_uri permanent;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name www.<%= fetch(:nginx_server_name) %>;
  ssl_certificate /etc/letsencrypt/live/www.bubblin.io/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/www.bubblin.io/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  rewrite ^ https://bubblin.io$request_uri permanent;

}

server {
  server_name <%= fetch(:nginx_server_name) %>;
  root <%= current_path %>/public;
  try_files $uri/index.html $uri @puma_<%= fetch(:nginx_config_name) %>;

  client_max_body_size 4G;
  keepalive_timeout 10;

  error_page 500 502 504 /500.html;
  error_page 503 @503;

  location @puma_<%= fetch(:nginx_config_name) %> {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
<% if fetch(:nginx_use_ssl) -%>
    proxy_set_header X-Forwarded-Proto https;
<% else -%>
    proxy_set_header X-Forwarded-Proto http;
<% end -%>
    proxy_pass http://puma_<%= fetch(:nginx_config_name) %>;
    # limit_req zone=one;
    access_log <%= shared_path %>/log/nginx.access.log;
    error_log <%= shared_path %>/log/nginx.error.log;
  }

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  location = /50x.html {
    root html;
  }

  location = /404.html {
    root html;
  }

  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }

  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  if (-f $document_root/system/maintenance.html) {
    return 503;
  }

  listen 443 ssl http2; # managed by Certbot
  listen [::]:443 ssl http2;
  ssl_certificate /etc/letsencrypt/live/bubblin.io/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/bubblin.io/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  # Add HSTS header with preloads
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";


}
	upstream puma_<%= fetch(:nginx_config_name) %> { <%
	@backends = [fetch(:puma_bind)].flatten.map do \|m\|
	etype, address = /(tcp\|unix\|ssl):\/{1,2}(.+)/.match(m).captures
	if etype == 'unix'
	"server #{etype}:#{address} #{fetch(:nginx_socket_flags)};"
	else
	"server #{address.gsub(/0\.0\.0\.0(.+)/, "127.0.0.1\\1")} #{fetch(:nginx_http_flags)};"
	end
	end
	%><% @backends.each do \|server\| %>
	<%= server %><% end %>
	}

	server {
	listen 80;
	listen [::]:80 ipv6only=on;
	server_name <%= fetch(:nginx_server_name) %> www.<%= fetch(:nginx_server_name) %>;
	rewrite ^(.*) https://$host$1$request_uri permanent;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name www.<%= fetch(:nginx_server_name) %>;
	ssl_certificate /etc/letsencrypt/live/www.bubblin.io/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/www.bubblin.io/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

	rewrite ^ https://bubblin.io$request_uri permanent;

	}

	server {
	server_name <%= fetch(:nginx_server_name) %>;
	root <%= current_path %>/public;
	try_files $uri/index.html $uri @puma_<%= fetch(:nginx_config_name) %>;

	client_max_body_size 4G;
	keepalive_timeout 10;

	error_page 500 502 504 /500.html;
	error_page 503 @503;

	location @puma_<%= fetch(:nginx_config_name) %> {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host;
	proxy_redirect off;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	<% if fetch(:nginx_use_ssl) -%>
	proxy_set_header X-Forwarded-Proto https;
	<% else -%>
	proxy_set_header X-Forwarded-Proto http;
	<% end -%>
	proxy_pass http://puma_<%= fetch(:nginx_config_name) %>;
	# limit_req zone=one;
	access_log <%= shared_path %>/log/nginx.access.log;
	error_log <%= shared_path %>/log/nginx.error.log;
	}

	location ^~ /assets/ {
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	}

	location = /50x.html {
	root html;
	}

	location = /404.html {
	root html;
	}

	location @503 {
	error_page 405 = /system/maintenance.html;
	if (-f $document_root/system/maintenance.html) {
	rewrite ^(.*)$ /system/maintenance.html break;
	}
	rewrite ^(.*)$ /503.html break;
	}

	if ($request_method !~ ^(GET\|HEAD\|PUT\|PATCH\|POST\|DELETE\|OPTIONS)$ ){
	return 405;
	}

	if (-f $document_root/system/maintenance.html) {
	return 503;
	}

	listen 443 ssl http2; # managed by Certbot
	listen [::]:443 ssl http2;
	ssl_certificate /etc/letsencrypt/live/bubblin.io/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/bubblin.io/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

	# Add HSTS header with preloads
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";


	}