nacengineer/gist:fc05cf8121893d650d14 Secret

## gistfile1.txt
upstream your-most-excellent-domain.in_puma {
   server 127.0.0.1:9292;
}

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        rewrite (.*) https://$http_host$1 permanent;
}

server {
        listen 443;
        root /var/www/your-most-excellent-domain;
        # Make site accessible from http://localhost/
        server_name your-most-excellent-domain.in;

        ssl on;
        ssl_certificate /etc/ssl/certs/your-most-excellent-domain.in.cer;
        ssl_certificate_key /etc/ssl/private/your-most-excellent-domain.in.key;

        # SSL settings
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;
        server_tokens off;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;

        location / {
                proxy_pass http://your-most-excellent-domain.in_puma;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout      120;
                proxy_read_timeout         240;
        }

        location ~* ^/assets/ {
                # Per RFC2616 - 1 year maximum expiry
                expires 1y;
                add_header Cache-Control public;

                # Some browsers still send conditional-GET requests if there's a
                # Last-Modified header or an ETag header even if they haven't
                # reached the expiry date sent in the Expires header.
                add_header Last-Modified "";
                add_header ETag "";
                break;
        }

}
	upstream your-most-excellent-domain.in_puma {
	server 127.0.0.1:9292;
	}

	server {
	listen 80 default_server;
	listen [::]:80 default_server ipv6only=on;
	rewrite (.*) https://$http_host$1 permanent;
	}

	server {
	listen 443;
	root /var/www/your-most-excellent-domain;
	# Make site accessible from http://localhost/
	server_name your-most-excellent-domain.in;

	ssl on;
	ssl_certificate /etc/ssl/certs/your-most-excellent-domain.in.cer;
	ssl_certificate_key /etc/ssl/private/your-most-excellent-domain.in.key;

	# SSL settings
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	server_tokens off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;

	location / {
	proxy_pass http://your-most-excellent-domain.in_puma;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_connect_timeout 120;
	proxy_read_timeout 240;
	}

	location ~* ^/assets/ {
	# Per RFC2616 - 1 year maximum expiry
	expires 1y;
	add_header Cache-Control public;

	# Some browsers still send conditional-GET requests if there's a
	# Last-Modified header or an ETag header even if they haven't
	# reached the expiry date sent in the Expires header.
	add_header Last-Modified "";
	add_header ETag "";
	break;
	}

	}