Skip to content

Instantly share code, notes, and snippets.

@universal
Created May 31, 2017 09:43
Show Gist options
  • Save universal/c7cec92fb20dcf760b2d85bc65db3bee to your computer and use it in GitHub Desktop.
Save universal/c7cec92fb20dcf760b2d85bc65db3bee to your computer and use it in GitHub Desktop.
upstream dummy.us {
server unix:/home/dummyus/deploy/dummyus/tmp/puma.sock;
}
server {
listen 255.255.255.256:80;
listen [1111:1111:1111:1111::256]:80;
server_name dummy.us www.dummy.us;
add_header Strict-Transport-Security max-age=18144000;
location / {
return 301 https://dummy.us$request_uri;
}
}
server {
listen 255.255.255.256:443 ssl;
listen [1111:1111:1111:1111::256::256]:443 ssl;
server_name dummy.us www.dummy.us;
add_header Strict-Transport-Security max-age=31104000;
ssl on;
ssl_certificate /etc/letsencrypt/live/dummy.us/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dummy.us/privkey.pem; # managed by Certbot
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl_certs/letsencrypt.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
root /home/dummyus/deploy/dummyus/public;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
#all requests are sent to the UNIX socket
proxy_pass http://dummy.us;
}
location ~ ^/(assets|uploads)/ {
expires max;
add_header Cache-Control public;
add_header ETag "";
break;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment