rimidl/gist:2818363

## gistfile1.txt
$ cat /etc/nginx/sites-enabled/ssl.myapp.com
upstream evrmyapp_ssl {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).

  # for UNIX domain socket setups:
  server unix:/tmp/myapp.socket fail_timeout=0;
}

server {
    # if you're running multiple servers, instead of "default" you should
    # put your main domain name here
    listen 443;

    # you could put a list of other domain names this application answers
    server_name myapp.com;

    access_log /dev/null;
    rewrite_log on;

    ssl on;
    ssl_certificate /home/deploy/myapp/shared/ssl/myapp.com.bundle.crt;
    ssl_certificate_key /home/deploy/myapp/shared/ssl/myapp.com.key;

    location / {
        #all requests are sent to the UNIX socket
        proxy_pass  http://myapp_ssl;
        proxy_redirect     off;

        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;

        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }

    # if the request is for a static resource, nginx should serve it directly
    # and add a far future expires header to it, making the browser
    # cache the resource and navigate faster over the website
    # this probably needs some work with Rails 3.1's asset pipe_line
    location ~ ^/(images|javascripts|stylesheets|system|uploads)/  {
      root /home/deploy/myapp/current/public;
      expires max;
      break;
    }
}
	$ cat /etc/nginx/sites-enabled/ssl.myapp.com
	upstream evrmyapp_ssl {
	# fail_timeout=0 means we always retry an upstream even if it failed
	# to return a good HTTP response (in case the Unicorn master nukes a
	# single worker for timing out).

	# for UNIX domain socket setups:
	server unix:/tmp/myapp.socket fail_timeout=0;
	}

	server {
	# if you're running multiple servers, instead of "default" you should
	# put your main domain name here
	listen 443;

	# you could put a list of other domain names this application answers
	server_name myapp.com;

	access_log /dev/null;
	rewrite_log on;

	ssl on;
	ssl_certificate /home/deploy/myapp/shared/ssl/myapp.com.bundle.crt;
	ssl_certificate_key /home/deploy/myapp/shared/ssl/myapp.com.key;

	location / {
	#all requests are sent to the UNIX socket
	proxy_pass http://myapp_ssl;
	proxy_redirect off;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	client_max_body_size 10m;
	client_body_buffer_size 128k;

	proxy_connect_timeout 90;
	proxy_send_timeout 90;
	proxy_read_timeout 90;

	proxy_buffer_size 4k;
	proxy_buffers 4 32k;
	proxy_busy_buffers_size 64k;
	proxy_temp_file_write_size 64k;
	}

	# if the request is for a static resource, nginx should serve it directly
	# and add a far future expires header to it, making the browser
	# cache the resource and navigate faster over the website
	# this probably needs some work with Rails 3.1's asset pipe_line
	location ~ ^/(images\|javascripts\|stylesheets\|system\|uploads)/ {
	root /home/deploy/myapp/current/public;
	expires max;
	break;
	}
	}