Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Nginx HTTPS proxy for Rails
FROM alpine:3.2
RUN apk add --update nginx openssl && rm -rf /var/cache/apk/*
COPY ./nginx.conf /etc/nginx/nginx.conf
# Generate certificates
ENV CERTIFICATE_DIR=/usr/local/app/certs
# The hostname used in the certificate. For OSX/Windows you can use the VM IP.
# For Linux, localhost works fine.
RUN mkdir -p /usr/local/app/certs
RUN openssl req -new -x509 -nodes -subj "/CN=${DOCKER_HOSTNAME}/O=Your Company Name/C=UK" -keyout $CERTIFICATE_DIR/server.key -out $CERTIFICATE_DIR/server.crt
VOLUME /var/log/nginx/
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
user nobody nogroup;
pid /tmp/;
error_log stderr;
# error_log /var/log/nginx/error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # "on" if nginx worker_processes > 1
# use epoll; # enable for Linux 2.6+
# use kqueue; # enable for FreeBSD, OSX
http {
include mime.types;
default_type application/octet-stream;
# access_log /var/log/nginx/access.log combined;
access_log /dev/stdout;
sendfile on;
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
tcp_nodelay off; # on may be better for some Comet/long-poll stuff
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
# So Rails can be aware of whether it's HTTP/HTTPS
proxy_set_header X-Forwarded-Proto $scheme;
upstream app_server {
server rails:3000 fail_timeout=0;
# global certs per ip but a cert can sign *
ssl_certificate /usr/local/app/certs/server.crt;
ssl_certificate_key /usr/local/app/certs/server.key;
server {
listen 80;
return 301 https://$server_name$request_uri;
server {
listen 443 ssl;
ssl on;
client_max_body_size 4G;
keepalive_timeout 5;
root /usr/src/app/;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://app_server;
# Rails error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /usr/src/app/public;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment