-
-
Save nathan-muir/b33149515c00b620c6e7 to your computer and use it in GitHub Desktop.
Meteor NGINX config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
upstream meteor { | |
server 127.0.0.1:8080; | |
} | |
server_tokens off; | |
resolver 8.8.8.8 valid=300s; | |
resolver_timeout 10s; | |
proxy_cache_path /tmp/cache levels=1:2 keys_zone=S3_CACHE:10m inactive=48h max_size=1000m; | |
proxy_temp_path /tmp/cache/temp; | |
server { | |
listen 80; | |
server_name mysite.com; | |
return 301 https://mysite.com$request_uri; | |
} | |
server { | |
listen 443 ssl default deferred spdy; | |
server_name localhost mysite.com; | |
ssl_certificate /etc/nginx/ssl/mysite.com.crt; | |
ssl_certificate_key /etc/nginx/ssl/mysite.com.key; | |
# enable session resumption to improve https performance | |
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html | |
ssl_session_cache shared:SSL:50m; | |
ssl_session_timeout 5m; | |
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
ssl_dhparam /etc/nginx/ssl/dhparam.pem; | |
# enables server-side protection from BEAST attacks | |
# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html | |
ssl_prefer_server_ciphers on; | |
# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
# ciphers chosen for forward secrecy and compatibility | |
# http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html | |
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_min_length 1100; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 6; | |
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
location = /robots.txt { | |
root /var/app/msite.com/www/programs/web.browser/app; | |
access_log off; | |
expires max; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
} | |
location = /favicon.ico { access_log off; log_not_found off; } | |
# this is any assets that belong in packages | |
location /packages/ { | |
root /var/app/msite.com/www/programs/web.browser; | |
access_log off; | |
expires max; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
} | |
# this is for the main css & js | |
location ~* "^/[a-z0-9]{40}\.(css|js)$" { | |
root /var/app/msite.com/www/programs/web.browser; | |
access_log off; | |
expires max; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
} | |
# this is for any sockets | |
location /sockjs/ { | |
proxy_pass http://meteor; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
location ~* /user-content/(.*) { | |
limit_except GET { | |
deny all; | |
} | |
proxy_set_header Host 's3.amazonaws.com'; | |
proxy_set_header Authorization ''; | |
proxy_hide_header x-amz-id-2; | |
proxy_hide_header x-amz-request-id; | |
proxy_hide_header Set-Cookie; | |
proxy_ignore_headers "Set-Cookie"; | |
proxy_intercept_errors on; | |
proxy_cache S3_CACHE; | |
proxy_cache_valid 200 24h; | |
proxy_cache_valid 403 15m; | |
proxy_cache_bypass $http_cache_purge; | |
add_header X-Cached $upstream_cache_status; | |
proxy_http_version 1.1; | |
proxy_set_header Connection ""; | |
proxy_pass http://s3.amazonaws.com/mybucket/$1; | |
} | |
location / { | |
proxy_pass http://meteor; | |
add_header X-Meteor "1"; | |
expires -1; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment