Last active
February 17, 2023 15:58
-
-
Save sgrasso/2524169c575d298f63f62f9cb803d20d to your computer and use it in GitHub Desktop.
Reverse proxy Nginx config for Heroku app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| daemon off; | |
| worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| upstream my_nginx { | |
| server unix:/tmp/nginx.socket fail_timeout=0; | |
| } | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| keepalive_timeout 300; | |
| send_timeout 10; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| access_log logs/nginx/access.log; | |
| error_log logs/nginx/error.log; | |
| gzip on; | |
| gzip_disable "msie6"; | |
| gzip_min_length 256; | |
| gzip_proxied any; | |
| gzip_comp_level 5; | |
| gzip_buffers 16 8k; | |
| gzip_http_version 1.1; | |
| gzip_types application/ecmascript; | |
| gzip_types application/javascript; | |
| gzip_types application/json; | |
| gzip_types application/xml; | |
| gzip_types application/x-javascript; | |
| gzip_types image/svg+xml; | |
| gzip_types text/css; | |
| gzip_types text/javascript; | |
| gzip_types text/plain; | |
| gzip_types text/xml; | |
| server { | |
| listen <%= ENV["PORT"] %> default_server; | |
| client_max_body_size 30M; | |
| server_name _; | |
| root /app/; | |
| location / { | |
| expires epoch; | |
| proxy_pass http://my_nginx; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| } | |
| location ~ \.(css|js)$ { | |
| add_header Pragma "public"; | |
| add_header Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"; | |
| add_header Access-Control-Allow-Origin *; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| access_log off; | |
| } | |
| location ~ \.(gif|jpg|png|ico|woff|tff)$ { | |
| add_header Pragma "public"; | |
| add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate"; | |
| add_header Access-Control-Allow-Origin *; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| access_log off; | |
| } | |
| location ~ ^/(sitemap.xml) { | |
| root /app/public; | |
| } | |
| # Turn off logging for them | |
| location = /favicon.ico { log_not_found off; access_log off; } | |
| location = /robots.txt { log_not_found off; access_log off; } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment