-
-
Save shanna/1035959 to your computer and use it in GitHub Desktop.
Nginx+passenger application config: ssl redirection, http headers, passenger optimal settings. see details: http://mikhailov.posterous.com/nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cd /usr/src | |
$ wget http://nginx.org/download/nginx-0.8.52.tar.gz | |
$ tar xzvf ./nginx-0.8.52.tar.gz | |
$ rm ./nginx-0.8.52.tar.gz | |
$ gem install s3sync capistrano capistrano-ext passenger --no-ri --no-rdoc | |
$ passenger-install-nginx-module | |
# Automatically download and install Nginx? 2. No: I want to customize my Nginx installation | |
# Where is your Nginx source code located?: /usr/src/nginx-0.8.52 | |
# Where do you want to install Nginx to?: /opt/nginx | |
# Extra Nginx configure options | |
--with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user app; | |
worker_processes 2; | |
error_log /home/app/logs/nginx.error.log crit; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0; | |
passenger_ruby /usr/local/bin/ruby; | |
# Passenger never sleeps! | |
passenger_pool_idle_time 0; | |
# Use more instances if you have memory enough | |
passenger_max_pool_size 15; | |
include mime.types; | |
default_type application/octet-stream; | |
client_max_body_size 25m; | |
gzip on; | |
gzip_http_version 1.1; | |
gzip_disable "msie6"; | |
# Don't forget to gzip your assets before you run | |
# gzip -c -n -3 application.css > application.css.gz | |
gzip_static on; | |
gzip_vary on; | |
gzip_min_length 512; | |
gzip_buffers 256 8k; | |
gzip_comp_level 3; | |
gzip_proxied any; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml; | |
server_tokens off; | |
sendfile on; | |
keepalive_timeout 65; | |
# Limit requests | |
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s; | |
# Hosts | |
include /opt/nginx/conf/nginx_host.conf; | |
# Start application instantly | |
passenger_pre_start https://127.0.0.1/; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HTTP server - permanent redirect to https by nginx side | |
server { | |
listen 80; | |
server_name *.host.com; | |
rewrite ^(.*) https://$host$1 permanent; | |
location ~ \.php$ { | |
deny all; | |
} | |
# use /dev/null, because 'off' is a file anyway | |
access_log /dev/null; | |
error_log /dev/null; | |
} | |
# HTTPS server | |
server { | |
listen 443 default ssl; | |
server_name *.host.com; | |
ssl on; | |
ssl_certificate /opt/nginx/ssl_certs/cert.crt; | |
ssl_certificate_key /opt/nginx/ssl_certs/server.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
ssl_prefer_server_ciphers on; | |
root /home/app/public_html/host_production/current/public; | |
error_page 500 502 504 /500.html; | |
location = /50x.html { | |
root html; | |
} | |
location = /404.html { | |
root html; | |
} | |
error_page 503 @503; | |
location @503 { | |
error_page 405 = /system/maintenance.html; | |
if (-f $document_root/system/maintenance.html) { | |
rewrite ^(.*)$ /system/maintenance.html break; | |
} | |
rewrite ^(.*)$ /503.html break; | |
} | |
try_files $uri /system/maintenance.html @passenger; | |
location @passenger { | |
passenger_enabled on; | |
passenger_min_instances 5; | |
rails_env production; | |
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme; | |
# Limit requests | |
limit_req zone=one burst=2; | |
} | |
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){ | |
return 405; | |
} | |
if (-f $document_root/system/maintenance.html) { | |
return 503; | |
} | |
location ~ ^/(images|javascripts|stylesheets|swfs|system)/ { | |
expires max; | |
add_header Cache-Control public; | |
} | |
location ~ \.php$ { | |
deny all; | |
} | |
access_log /dev/null; | |
error_log /dev/null; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment