praisegeek/nginx.conf

## nginx.conf
# Getting Started.
# 1. Enter visual mode V, then use s/myapp/domain/g to replace all myapp to domain.
# 2. Change upstream port to PORT ENV variable defined in /etc/init.d/myapp

# hide server information
http {
  server_tokens off;
}

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name myapp.com www.myapp.com;

  return 301 https://$server_name$request_uri;
}

## snginx-deprecated.conf
# Getting Started.
# 1. Enter visual mode V, then use s/myapp.com/domain.com/g to replace all myapp to domain.
# 2. Change upstream port to PORT ENV variable defined in /etc/init.d/myapp

upstream myapp {
  server localhost:34567;
}

# hide server information
http {
  server_tokens off;
}

# the main server directive for ssl connections
# where we also use http2 (see asset delivery)
server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name myapp.com www.myapp.com;

  # paths to certificate and key provided by Let's Encrypt
  #ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
  #ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
  ssl_certificate /home/admin/conf/web/myapp.com.pem;
  ssl_certificate /home/admin/conf/web/myapp.com.key;

  # SSL settings that currently offer good results in the SSL check
  # and have a reasonable backwards-compatibility, taken from
  # - https://cipherli.st/
  # - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # security enhancements
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  # Let's Encrypt keeps its files here
  location ~ /.well-known {
    root /home/admin/conf/web/myapp.com/public_html;
    allow all;
  }

  # besides referencing the extracted upstream this stays the same
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://myapp;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # asset delivery using NGINX
    location ~* ^.+\.(css|cur|gif|gz|ico|jpg|jpeg|js|png|svg|woff|woff2|mp3|mp4)$ {
      root /home/admin/myapp/priv/static;
      etag off;
      expires max;
      add_header Cache-Control public;
    }

    # php support for Vesta
    location ~ [^/]\.php(/|$) {
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        if (!-f $document_root$fastcgi_script_name) {
            return  404;
        }

        fastcgi_pass    127.0.0.1:9002;
        fastcgi_index   index.php;
        include         /etc/nginx/fastcgi_params;
    }
  }

  error_page  403 /error/404.html;
  error_page  404 /error/404.html;
  error_page  500 502 503 504 /error/50x.html;

  location /error/ {
      alias   /home/admin/web/myapp.com/document_errors/;
  }

  location ~* "/\.(htaccess|htpasswd)$" {
      deny    all;
      return  404;
  }

  location /vstats/ {
      alias   /home/admin/web/myapp.com/stats/;
      include /home/admin/web/myapp.com/stats/auth.conf*;
  }

  include     /etc/nginx/conf.d/phpmyadmin.inc*;
  include     /etc/nginx/conf.d/phppgadmin.inc*;
  include     /etc/nginx/conf.d/webmail.inc*;

}

## snginx-phoenix-subdirectory.conf
#Configuration file for a phoenix app running on a subdirectory.

upstream myapp {
  server localhost:34567;
}

# hide server information
http {
  server_tokens off;
}

server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name myapp.com www.myapp.com;

  root /home/admin/web/myapp.com/public_html;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }

  location /subdirectory {
    # pass the requests on to our proxy
    try_files $uri @proxy;
  }

  location @proxy {
    include proxy_params;
    proxy_redirect off;
    proxy_pass http://myapp_phoenix;
  }
}

## snginx-phoenix.conf
#Configuration file for a phoenix app running on a subdirectory.

upstream myapp {
  server localhost:37340;
}

# hide server information
http {
  server_tokens off;
}

server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name myapp.com www.myapp.com;

  root /home/admin/web/myapp.com/public_html;
  index index.html;

  # paths to certificate and key provided by Let's Encrypt
  #ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
  #ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
  ssl_certificate /home/admin/conf/web/myapp.com.pem;
  ssl_certificate /home/admin/conf/web/myapp.com.key;

  # SSL settings that currently offer good results in the SSL check
  # and have a reasonable backwards-compatibility, taken from
  # - https://cipherli.st/
  # - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # security enhancements
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  location / {
    # pass the requests on to our proxy
    try_files $uri @proxy;

    # asset delivery using NGINX
    location ~* ^.+\.(css|cur|gif|gz|ico|jpg|jpeg|js|png|svg|woff|woff2|mp3|mp4)$ {
      root /home/admin/myapp/priv/static;
      etag off;
      expires max;
      add_header Cache-Control public;
    }

    # php delivery support
    location ~ [^/]\.php(/|$) {
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        if (!-f $document_root$fastcgi_script_name) {
            return  404;
        }

        fastcgi_pass    127.0.0.1:9002;
        fastcgi_index   index.php;
        include         /etc/nginx/fastcgi_params;
    }

  }

  location @proxy {
    include proxy_params;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://myapp;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  # Let's Encrypt keeps its files here
  location ~ /.well-known {
    root /home/admin/web/myapp.com/public_html;
    allow all;
  }

  include     /etc/nginx/conf.d/phpmyadmin.inc*;
  include     /etc/nginx/conf.d/phppgadmin.inc*;
  include     /etc/nginx/conf.d/webmail.inc*;

}
	# Getting Started.
	# 1. Enter visual mode V, then use s/myapp/domain/g to replace all myapp to domain.
	# 2. Change upstream port to PORT ENV variable defined in /etc/init.d/myapp

	# hide server information
	http {
	server_tokens off;
	}

	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name myapp.com www.myapp.com;

	return 301 https://$server_name$request_uri;
	}
	#Configuration file for a phoenix app running on a subdirectory.

	upstream myapp {
	server localhost:34567;
	}

	# hide server information
	http {
	server_tokens off;
	}

	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name myapp.com www.myapp.com;

	root /home/admin/web/myapp.com/public_html;
	index index.html;

	location / {
	try_files $uri $uri/ =404;
	}

	location /subdirectory {
	# pass the requests on to our proxy
	try_files $uri @proxy;
	}

	location @proxy {
	include proxy_params;
	proxy_redirect off;
	proxy_pass http://myapp_phoenix;
	}
	}
	#Configuration file for a phoenix app running on a subdirectory.

	upstream myapp {
	server localhost:37340;
	}

	# hide server information
	http {
	server_tokens off;
	}

	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name myapp.com www.myapp.com;

	root /home/admin/web/myapp.com/public_html;
	index index.html;

	# paths to certificate and key provided by Let's Encrypt
	#ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
	#ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
	ssl_certificate /home/admin/conf/web/myapp.com.pem;
	ssl_certificate /home/admin/conf/web/myapp.com.key;

	# SSL settings that currently offer good results in the SSL check
	# and have a reasonable backwards-compatibility, taken from
	# - https://cipherli.st/
	# - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_ecdh_curve secp384r1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;

	# security enhancements
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	location / {
	# pass the requests on to our proxy
	try_files $uri @proxy;

	# asset delivery using NGINX
	location ~* ^.+\.(css\|cur\|gif\|gz\|ico\|jpg\|jpeg\|js\|png\|svg\|woff\|woff2\|mp3\|mp4)$ {
	root /home/admin/myapp/priv/static;
	etag off;
	expires max;
	add_header Cache-Control public;
	}

	# php delivery support
	location ~ [^/]\.php(/\|$) {
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	if (!-f $document_root$fastcgi_script_name) {
	return 404;
	}

	fastcgi_pass 127.0.0.1:9002;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	}

	}

	location @proxy {
	include proxy_params;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_pass http://myapp;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	# Let's Encrypt keeps its files here
	location ~ /.well-known {
	root /home/admin/web/myapp.com/public_html;
	allow all;
	}

	include /etc/nginx/conf.d/phpmyadmin.inc*;
	include /etc/nginx/conf.d/phppgadmin.inc*;
	include /etc/nginx/conf.d/webmail.inc*;

	}