joshuaob · May 26, 2017 15:36 · May 24, 2016 · Oct 14, 2014
diff --git a/nginx.conf b/nginx.conf
@@ -1,124 +1,93 @@
-# Puma upstream
-upstream puma {
-  # fail_timeout=0 means we always retry an upstream even if it failed
-  # to return a good HTTP response (in case the Unicorn master nukes a
-  # single worker for timing out).
-
-  # for UNIX domain socket setups:
-  server unix:/mnt/project/api/shared/tmp/sockets/puma.sock fail_timeout=0;
-}
-
-server {
-  listen 80 default_server;
-
-  server_name www.example.com example.com;
-  root /mnt/project/frontend/current;
-
-  # Optimize for versioned assets
-  location ~ ^/(styles|images|scripts|fonts)/ {
-    expires 1y;
-    add_header Cache-Control public;
-    gzip_static on; # to serve pre-gzipped version
+daemon off;
 
-    # Some browsers still send conditional-GET requests if there's a
-    # Last-Modified header or an ETag header even if they haven't
-    # reached the expiry date sent in the Expires header.
-    add_header Last-Modified "";
-    add_header ETag "";
-    break;
-  }
-
-  # Favicon
-  location ~* \.ico$ {
-    expires 1w;
-    add_header Cache-Control "public";
-    break;
-  }
+worker_processes 4;
 
-  # Force SSL
-  location / {
-    rewrite ^(.*)$ https://www.example.com$1 permanent;
-    break;
-  }
+events {
+  use epoll;
+  accept_mutex on;
+  multi_accept on;
+  worker_connections 1024;
 }
 
-server {
-  listen 443 ssl default_server;
-
-  ssl_certificate /etc/nginx/ssl/project.crt;
-  ssl_certificate_key /etc/nginx/ssl/project.key;
-  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
-  ssl_prefer_server_ciphers on;
-
-  server_name www.example.com;
-
-  # For the ELB health checks
-  location /elb-status {
-    access_log off;
-    return 200;
-    break;
-  }
-
-  location / {
-    return 301 $scheme://www.example.com$request_uri;
+http {
+  gzip on;
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+  gzip_comp_level 2;
+  gzip_min_length 512;
+  gzip_proxied any;
+  gzip_vary on;
+  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+  server_tokens off;
+
+  tcp_nopush on;
+  tcp_nodelay on;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log  /var/log/nginx/access.log  main;
+  error_log /var/log/nginx/error.log;
+
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+
+  resolver NGINX_RESOLVER;
+  resolver_timeout 5s;
+
+  server {
+    server_name _;
+    listen 80;
+    keepalive_timeout 5;
+    root /var/www;
+    index index.html;
+    port_in_redirect off;
+
+    # client_max_body_size <%= ENV["CLIENT_MAX_BODY_SIZE"] %>;
+
+    location ~ ^/(api|oauth)/ {
+      # Use a variable so that nginx keeps resolving the hostname
+      set $backend "backend.example.com";
+
+      proxy_pass http://$backend:3000;
+      proxy_set_header Real-IP $remote_addr;
+      proxy_set_header Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header NginX-Proxy true;
+      proxy_ssl_session_reuse off;
+      proxy_redirect off;
+    }
+
+    location ~* \index.html$ {
+      expires -1;
+    }
+
+    location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
+      expires max;
+      log_not_found off;
+      access_log off;
+      add_header Cache-Control public;
+      fastcgi_hide_header Set-Cookie;
+    }
+
+    location ~* \.(eot|oft|svg|ttf|woff)$ {
+      add_header Access-Control-Allow-Origin *;
+      expires max;
+      log_not_found off;
+      access_log off;
+      add_header Cache-Control public;
+      fastcgi_hide_header Set-Cookie;
+    }
+
+    location ~ /\. {
+      deny all;
+    }
+
+    location / {
+      expires -1;
+
+      try_files $uri $uri/ /index.html =404;
+    }
   }
-}
-
-server {
-  listen 443 ssl;
-
-  ssl_certificate /etc/nginx/ssl/project.crt;
-  ssl_certificate_key /etc/nginx/ssl/project.key;
-  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
-  ssl_prefer_server_ciphers on;
-
-  server_name www.example.com;
-  root /mnt/project/frontend/current;
-
-  # Optimize for versioned assets
-  location ~ ^/(styles|images|scripts|fonts)/ {
-    expires 1y;
-    add_header Cache-Control public;
-    gzip_static on; # to serve pre-gzipped version
-
-    # Some browsers still send conditional-GET requests if there's a
-    # Last-Modified header or an ETag header even if they haven't
-    # reached the expiry date sent in the Expires header.
-    add_header Last-Modified "";
-    add_header ETag "";
-    break;
-  }
-
-  # Favicon
-  location ~* \.ico$ {
-    expires 1w;
-    add_header Cache-Control "public";
-    break;
-  }
-
-  # Proxy to our API
-  location ~ ^/(api|oauth|assets)/ {
-    proxy_pass  http://puma;
-    proxy_redirect     off;
-
-    proxy_set_header   Host              $host;
-    proxy_set_header   X-Real-IP         $remote_addr;
-    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header   X-Request-Start   "t=${msec}000";
-    proxy_set_header   X-Forwarded-Proto $scheme;
-
-    client_max_body_size       10m;
-    client_body_buffer_size    128k;
-
-    proxy_connect_timeout      120s;
-    proxy_send_timeout         120s;
-    proxy_read_timeout         120s;
-
-    proxy_buffer_size          4k;
-    proxy_buffers              4 32k;
-    proxy_busy_buffers_size    64k;
-    proxy_temp_file_write_size 64k;
-  }
-}
+}
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,124 @@
+# Puma upstream
+upstream puma {
+  # fail_timeout=0 means we always retry an upstream even if it failed
+  # to return a good HTTP response (in case the Unicorn master nukes a
+  # single worker for timing out).
+
+  # for UNIX domain socket setups:
+  server unix:/mnt/project/api/shared/tmp/sockets/puma.sock fail_timeout=0;
+}
+
+server {
+  listen 80 default_server;
+
+  server_name www.example.com example.com;
+  root /mnt/project/frontend/current;
+
+  # Optimize for versioned assets
+  location ~ ^/(styles|images|scripts|fonts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    gzip_static on; # to serve pre-gzipped version
+
+    # Some browsers still send conditional-GET requests if there's a
+    # Last-Modified header or an ETag header even if they haven't
+    # reached the expiry date sent in the Expires header.
+    add_header Last-Modified "";
+    add_header ETag "";
+    break;
+  }
+
+  # Favicon
+  location ~* \.ico$ {
+    expires 1w;
+    add_header Cache-Control "public";
+    break;
+  }
+
+  # Force SSL
+  location / {
+    rewrite ^(.*)$ https://www.example.com$1 permanent;
+    break;
+  }
+}
+
+server {
+  listen 443 ssl default_server;
+
+  ssl_certificate /etc/nginx/ssl/project.crt;
+  ssl_certificate_key /etc/nginx/ssl/project.key;
+  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers on;
+
+  server_name www.example.com;
+
+  # For the ELB health checks
+  location /elb-status {
+    access_log off;
+    return 200;
+    break;
+  }
+
+  location / {
+    return 301 $scheme://www.example.com$request_uri;
+  }
+}
+
+server {
+  listen 443 ssl;
+
+  ssl_certificate /etc/nginx/ssl/project.crt;
+  ssl_certificate_key /etc/nginx/ssl/project.key;
+  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers on;
+
+  server_name www.example.com;
+  root /mnt/project/frontend/current;
+
+  # Optimize for versioned assets
+  location ~ ^/(styles|images|scripts|fonts)/ {
+    expires 1y;
+    add_header Cache-Control public;
+    gzip_static on; # to serve pre-gzipped version
+
+    # Some browsers still send conditional-GET requests if there's a
+    # Last-Modified header or an ETag header even if they haven't
+    # reached the expiry date sent in the Expires header.
+    add_header Last-Modified "";
+    add_header ETag "";
+    break;
+  }
+
+  # Favicon
+  location ~* \.ico$ {
+    expires 1w;
+    add_header Cache-Control "public";
+    break;
+  }
+
+  # Proxy to our API
+  location ~ ^/(api|oauth|assets)/ {
+    proxy_pass  http://puma;
+    proxy_redirect     off;
+
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Request-Start   "t=${msec}000";
+    proxy_set_header   X-Forwarded-Proto $scheme;
+
+    client_max_body_size       10m;
+    client_body_buffer_size    128k;
+
+    proxy_connect_timeout      120s;
+    proxy_send_timeout         120s;
+    proxy_read_timeout         120s;
+
+    proxy_buffer_size          4k;
+    proxy_buffers              4 32k;
+    proxy_busy_buffers_size    64k;
+    proxy_temp_file_write_size 64k;
+  }
+}