-
-
Save nacengineer/fc05cf8121893d650d14 to your computer and use it in GitHub Desktop.
redo-nginx-default-host-to-host-puma-rails-app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream your-most-excellent-domain.in_puma { | |
server 127.0.0.1:9292; | |
} | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server ipv6only=on; | |
rewrite (.*) https://$http_host$1 permanent; | |
} | |
server { | |
listen 443; | |
root /var/www/your-most-excellent-domain; | |
# Make site accessible from http://localhost/ | |
server_name your-most-excellent-domain.in; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/your-most-excellent-domain.in.cer; | |
ssl_certificate_key /etc/ssl/private/your-most-excellent-domain.in.key; | |
# SSL settings | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
server_tokens off; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK; | |
location / { | |
proxy_pass http://your-most-excellent-domain.in_puma; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_connect_timeout 120; | |
proxy_read_timeout 240; | |
} | |
location ~* ^/assets/ { | |
# Per RFC2616 - 1 year maximum expiry | |
expires 1y; | |
add_header Cache-Control public; | |
# Some browsers still send conditional-GET requests if there's a | |
# Last-Modified header or an ETag header even if they haven't | |
# reached the expiry date sent in the Expires header. | |
add_header Last-Modified ""; | |
add_header ETag ""; | |
break; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment