Skip to content

Instantly share code, notes, and snippets.

@zires
Forked from mikhailov/installation.sh
Created April 28, 2012 03:08
Show Gist options
  • Save zires/2515370 to your computer and use it in GitHub Desktop.
Save zires/2515370 to your computer and use it in GitHub Desktop.
Nginx+passenger application config: ssl redirection, http headers, passenger optimal settings. see details: http://mikhailov.posterous.com/nginx
$ cd /usr/src
$ wget http://nginx.org/download/nginx-0.8.52.tar.gz
$ tar xzvf ./nginx-0.8.52.tar.gz
$ rm ./nginx-0.8.52.tar.gz
$ gem install s3sync capistrano capistrano-ext passenger --no-ri --no-rdoc
$ passenger-install-nginx-module
# Automatically download and install Nginx? 2. No: I want to customize my Nginx installation
# Where is your Nginx source code located?: /usr/src/nginx-0.8.52
# Where do you want to install Nginx to?: /opt/nginx
# Extra Nginx configure options
--with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module
user app;
worker_processes 2;
worker_priority -5;
error_log /home/app/logs/nginx.error.log crit;
events {
worker_connections 1024;
}
http {
passenger_root /usr/local/lib/ruby/gems/1.8/gems/passenger-3.0.0;
passenger_ruby /usr/local/bin/ruby;
# Passenger never sleeps!
passenger_pool_idle_time 0;
# Use more instances if you have memory enough
passenger_max_pool_size 15;
include mime.types;
default_type application/octet-stream;
client_max_body_size 25m;
server_tokens off;
sendfile on;
keepalive_timeout 70;
gzip on;
gzip_http_version 1.1;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml;
# Limit requests
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
# SSL
ssl_certificate /opt/nginx/ssl_certs/cert.crt;
ssl_certificate_key /opt/nginx/ssl_certs/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
# Hosts
include /opt/nginx/conf/nginx_host.conf;
# Start application instantly
passenger_pre_start https://127.0.0.1/;
}
# HTTP server - permanent redirect to https by nginx side
server {
listen 80;
server_name *.host.com;
rewrite ^(.*) https://$host$1 permanent;
location ~ \.php$ {
deny all;
}
# use /dev/null, because 'off' is a file anyway
access_log /dev/null;
error_log /dev/null;
}
# HTTPS server
server {
ssl on;
listen 443 default ssl;
server_name *.host.com;
root /home/app/public_html/host_production/current/public;
error_page 500 502 504 /500.html;
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
error_page 503 @503;
location @503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
}
rewrite ^(.*)$ /503.html break;
}
try_files $uri /system/maintenance.html @passenger;
location @passenger {
passenger_enabled on;
passenger_min_instances 5;
rails_env production;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
# Limit requests
limit_req zone=one burst=2;
}
if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
return 405;
}
if (-f $document_root/system/maintenance.html) {
return 503;
}
location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location = /favicon.ico {
expires max;
add_header Cache-Control public;
}
location ~ \.php$ {
deny all;
}
access_log /dev/null;
error_log /dev/null;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment