Skip to content

Instantly share code, notes, and snippets.

@rchampourlier

rchampourlier/gist:1079119

Created July 12, 2011 22:18
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save rchampourlier/1079119 to your computer and use it in GitHub Desktop.
Save rchampourlier/1079119 to your computer and use it in GitHub Desktop.
Download ZIP
nginx configuration file template for HTML-serving, reverse-proxying PHP and Rails apps through Passenger and standalone rails servers
Raw
gistfile1.txt
user www;
worker_processes 1;
daemon on;
error_log /var/log/nginx/error.log warn;
timer_resolution 500ms;
events {
worker_connections 512;
}
http {
include mime.types;
default_type text/plain;
server_name_in_redirect on;
server_names_hash_bucket_size 64;
client_max_body_size 25M;
client_body_buffer_size 128k;
client_body_timeout 60;
proxy_max_temp_file_size 25M;
proxy_buffering on;
proxy_read_timeout 100;
access_log /var/log/nginx/access.log combined buffer=4k;
log_not_found on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
ignore_invalid_headers on;
keepalive_timeout 65;
send_timeout 300;
autoindex off;
msie_padding on;
gzip on;
gzip_comp_level 7;
gzip_min_length 1000;
gzip_types text/css text/plain text/javascript application/x-javascript text/xml;
gzip_disable msie6;
gzip_vary on;
gzip_http_version 1.1;
gzip_proxied any;
server {
# Serve default to /var/www/html
listen 80 default;
root /var/www/html;
}
# ASSUMPTIONS
# - PHP is served through FastCGI configured. Nginx is reverse-proxying it
# in the following configuration.
#
# The CAPITALIZED parts must be replaced by your values, but some other parts
# may be too...
server {
server_name www.SERVERNAME.EXT SERVERNAME.EXT SERVERIP;
root /var/www/SERVERNAME.EXT;
index index.html;
# This is simply serving HTML from /var/www/SERVERNAME.EXT directory.
}
server {
server_name SUBDOMAIN1.SERVERNAME.EXT;
rewrite ^(.*) https://$server_name$1 permanent;
# This is just to use HTTPS on this subdomain.
}
server {
server_name SUBDOMAIN2.SERVERNAME.EXT;
rewrite ^(.*) https://$server_name$1 permanent;
# This is just to use HTTPS on this subdomain.
}
server {
server_name SUBDOMAIN3.SERVERNAME.EXT;
rewrite ^(.*) https://$server_name$1 permanent;
# This is just to use HTTPS on this subdomain.
}
server {
# Serving PHP content for localhost only
# Goal is to make this location accessible from the local machine
# or through a SSH tunnel connection, but not from an external machine.
# This is for areas which need more security (i.e. database management
# or administration applications).
server_name 127.0.0.1;
allow 127.0.0.1;
allow <your_server_external_ip>; # since when tunneling the client will appear as this IP
deny all;
root /var/www/localhost;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/work.jili.fr$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
server {
listen 443 ssl;
server_name SUBDOMAIN1.SERVERNAME.EXT;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
location "/" {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
}
# This setups the SSL certificate to use on this connection,
# and tells nginx to reverse proxy to something served on
# port 3000.
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
server_name SUBDOMAIN2.SERVERNAME.EXT;
location "/" {
auth_basic "Restricted";
auth_basic_user_file /var/www/railsapps/htpasswd;
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
}
# This setups the SSL certificate to use on this connection,
# tells nginx to reverse proxy to something served on
# port 3001, and tells nginx to do basic HTTP Authentication.
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
server_name SUBDOMAIN3.SERVERNAME.EXT;
root /var/www/SUBDOMAIN3.SERVERNAME.EXT;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/SUBDOMAIN3.SERVERNAME.EXT$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
# This setups the SSL certificate to use on this connection,
# tells nginx to server index and index.php files as index too,
# and tells it to reverse-proxy php through fastcgi on port
# 9000. Do not forget the fastcgi_params file which has to be
# included.
}
upstream unicorn_server {
# This is the socket configured in unicorn.rb
server unix:/var/www/railsapps/app/tmp/sockets/unicorn.sock fail_timeout=0;
}
# Configuration for serving a Rails app, running on an
# Unicorn server too, but passing directly through an unix
# socket instead of FastCGI (a lot better I think!).
server {
listen 80;
server_name SUBDOMAIN4.SERVERNAME.EXT$;
keepalive_timeout 5;
# Location of our static files
root /var/www/railsapps/app/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# If you don't find the filename in the static files
# Then request it from the unicorn server
if (!-f $request_filename) {
proxy_pass http://unicorn_server;
break;
}
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/railsapps/app/public;
}
}
}
@rchampourlier
Copy link
Author

Added a part to deal with an unicorn-served Rails app through Unix socket instead of FastCGI. Plus the configuration is better, we serving static files through nginx in particular.

@rchampourlier
Copy link
Author

Added a VirtualHost serving PHP to localhost / tunneled connection appearing as localhost only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment