Created
July 12, 2011 22:18
-
-
Save rchampourlier/1079119 to your computer and use it in GitHub Desktop.
nginx configuration file template for HTML-serving, reverse-proxying PHP and Rails apps through Passenger and standalone rails servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www; | |
worker_processes 1; | |
daemon on; | |
error_log /var/log/nginx/error.log warn; | |
timer_resolution 500ms; | |
events { | |
worker_connections 512; | |
} | |
http { | |
include mime.types; | |
default_type text/plain; | |
server_name_in_redirect on; | |
server_names_hash_bucket_size 64; | |
client_max_body_size 25M; | |
client_body_buffer_size 128k; | |
client_body_timeout 60; | |
proxy_max_temp_file_size 25M; | |
proxy_buffering on; | |
proxy_read_timeout 100; | |
access_log /var/log/nginx/access.log combined buffer=4k; | |
log_not_found on; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
ignore_invalid_headers on; | |
keepalive_timeout 65; | |
send_timeout 300; | |
autoindex off; | |
msie_padding on; | |
gzip on; | |
gzip_comp_level 7; | |
gzip_min_length 1000; | |
gzip_types text/css text/plain text/javascript application/x-javascript text/xml; | |
gzip_disable msie6; | |
gzip_vary on; | |
gzip_http_version 1.1; | |
gzip_proxied any; | |
server { | |
# Serve default to /var/www/html | |
listen 80 default; | |
root /var/www/html; | |
} | |
# ASSUMPTIONS | |
# - PHP is served through FastCGI configured. Nginx is reverse-proxying it | |
# in the following configuration. | |
# | |
# The CAPITALIZED parts must be replaced by your values, but some other parts | |
# may be too... | |
server { | |
server_name www.SERVERNAME.EXT SERVERNAME.EXT SERVERIP; | |
root /var/www/SERVERNAME.EXT; | |
index index.html; | |
# This is simply serving HTML from /var/www/SERVERNAME.EXT directory. | |
} | |
server { | |
server_name SUBDOMAIN1.SERVERNAME.EXT; | |
rewrite ^(.*) https://$server_name$1 permanent; | |
# This is just to use HTTPS on this subdomain. | |
} | |
server { | |
server_name SUBDOMAIN2.SERVERNAME.EXT; | |
rewrite ^(.*) https://$server_name$1 permanent; | |
# This is just to use HTTPS on this subdomain. | |
} | |
server { | |
server_name SUBDOMAIN3.SERVERNAME.EXT; | |
rewrite ^(.*) https://$server_name$1 permanent; | |
# This is just to use HTTPS on this subdomain. | |
} | |
server { | |
# Serving PHP content for localhost only | |
# Goal is to make this location accessible from the local machine | |
# or through a SSH tunnel connection, but not from an external machine. | |
# This is for areas which need more security (i.e. database management | |
# or administration applications). | |
server_name 127.0.0.1; | |
allow 127.0.0.1; | |
allow <your_server_external_ip>; # since when tunneling the client will appear as this IP | |
deny all; | |
root /var/www/localhost; | |
location / { | |
index index.php index.html index.htm; | |
} | |
location ~ \.php$ { | |
fastcgi_pass localhost:9000; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME /var/www/work.jili.fr$fastcgi_script_name; | |
include /etc/nginx/fastcgi_params; | |
} | |
} | |
server { | |
listen 443 ssl; | |
server_name SUBDOMAIN1.SERVERNAME.EXT; | |
ssl_certificate /etc/nginx/server.crt; | |
ssl_certificate_key /etc/nginx/server.key; | |
location "/" { | |
proxy_pass http://127.0.0.1:3000; | |
proxy_set_header Host $host; | |
} | |
# This setups the SSL certificate to use on this connection, | |
# and tells nginx to reverse proxy to something served on | |
# port 3000. | |
} | |
server { | |
listen 443 ssl; | |
ssl_certificate /etc/nginx/server.crt; | |
ssl_certificate_key /etc/nginx/server.key; | |
server_name SUBDOMAIN2.SERVERNAME.EXT; | |
location "/" { | |
auth_basic "Restricted"; | |
auth_basic_user_file /var/www/railsapps/htpasswd; | |
proxy_pass http://127.0.0.1:3001; | |
proxy_set_header Host $host; | |
} | |
# This setups the SSL certificate to use on this connection, | |
# tells nginx to reverse proxy to something served on | |
# port 3001, and tells nginx to do basic HTTP Authentication. | |
} | |
server { | |
listen 443 ssl; | |
ssl_certificate /etc/nginx/server.crt; | |
ssl_certificate_key /etc/nginx/server.key; | |
server_name SUBDOMAIN3.SERVERNAME.EXT; | |
root /var/www/SUBDOMAIN3.SERVERNAME.EXT; | |
location / { | |
index index.php index.html index.htm; | |
} | |
location ~ \.php$ { | |
fastcgi_pass localhost:9000; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME /var/www/SUBDOMAIN3.SERVERNAME.EXT$fastcgi_script_name; | |
include /etc/nginx/fastcgi_params; | |
} | |
# This setups the SSL certificate to use on this connection, | |
# tells nginx to server index and index.php files as index too, | |
# and tells it to reverse-proxy php through fastcgi on port | |
# 9000. Do not forget the fastcgi_params file which has to be | |
# included. | |
} | |
upstream unicorn_server { | |
# This is the socket configured in unicorn.rb | |
server unix:/var/www/railsapps/app/tmp/sockets/unicorn.sock fail_timeout=0; | |
} | |
# Configuration for serving a Rails app, running on an | |
# Unicorn server too, but passing directly through an unix | |
# socket instead of FastCGI (a lot better I think!). | |
server { | |
listen 80; | |
server_name SUBDOMAIN4.SERVERNAME.EXT$; | |
keepalive_timeout 5; | |
# Location of our static files | |
root /var/www/railsapps/app/public; | |
location / { | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
# If you don't find the filename in the static files | |
# Then request it from the unicorn server | |
if (!-f $request_filename) { | |
proxy_pass http://unicorn_server; | |
break; | |
} | |
} | |
error_page 500 502 503 504 /500.html; | |
location = /500.html { | |
root /var/www/railsapps/app/public; | |
} | |
} | |
} |
Added a VirtualHost serving PHP to localhost / tunneled connection appearing as localhost only.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added a part to deal with an unicorn-served Rails app through Unix socket instead of FastCGI. Plus the configuration is better, we serving static files through nginx in particular.