# Nginx configuration # <%= "#{fetch(:application)} running as #{fetch(:user)} in environment #{environment}" %> # <% upstream_name = "#{fetch(:application)}_#{environment}_app_server" upstream_name_ssl = "#{fetch(:application)}_#{environment}_app_server_ssl" %> # upstream <%= upstream_name %> { server <%= fetch(:nginx_puma_server_url) %> <%= fetch(:nginx_puma_server_timeout) %>; } <% if fetch(:nginx_uses_http) %> # # HTTP server configuration # server { listen <%= fetch(:nginx_port) %>; client_max_body_size <%= fetch(:nginx_client_max_body_size) %>; server_name <%= fetch(:server_names) %>; # ~2 seconds is often enough for most folks to parse HTML/CSS and # retrieve needed images/icons/frames, connections are cheap in # nginx so increasing this is generally safe... # 8 seconds might be needed for some mobile devs keepalive_timeout 8; # path for static files root <%= fetch(:deploy_to) %>/current/public; access_log <%= fetch(:nginx_app_log_path) %>/<%= environment %>.access.log; error_log <%= fetch(:nginx_app_log_path) %>/<%= environment %>.error.log info; # this rewrites all the requests to the maintenance.html # page if it exists in the doc root. This is for capistrano's # disable web task if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html last; break; } location / { <% if fetch(:nginx_use_simple_auth) %> auth_basic "<%= fetch(:nginx_simple_auth_message) %>"; auth_basic_user_file <%= fetch(:nginx_remote_htpasswd) %>; <% end %> # needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; # if the request is for a static resource, nginx should serve it directly # and add a far future expires header to it, making the browser # cache the resource and navigate faster over the website. location ~ ^/(assets)/.+-([0-9a-zA-Z])+\. { gzip_static on; expires max; add_header Cache-Control public; } # Serve images outside the asset path # Now this supposedly should work as it gets the filenames with querystrings that Rails provides. # BUT there's a chance it could break the ajax calls. location ~* \.(ico|css|gif|jpe?g|png)(\?[0-9]+)?$ { expires max; } # Serve javascript outside the asset path location ~ ^/javascripts/.*\.js(\?[0-9]+)?$ { expires max; } # If the file exists as a static file serve it directly without # running all the other rewrite tests on it if (-f $request_filename) { break; } <%= fetch(:nginx_extra_rules) unless fetch(:nginx_extra_rules).nil? %> if (!-f $request_filename) { proxy_pass http://<%= upstream_name %>; break; } } # Rails error pages error_page 500 502 503 504 /500.html; location = /500.html { root <%= fetch(:deploy_to) %>/current/public; } } <% end %> <% if fetch(:nginx_uses_ssl) %> # # HTTPs server configuration # upstream <%= upstream_name_ssl %> { server <%= fetch(:nginx_puma_server_url) %> <%= fetch(:nginx_puma_server_timeout) %>; } # This server is setup for ssl. Uncomment if # you are using ssl as well as port 80. server { listen <%= fetch(:nginx_ssl_port) %>; server_name <%= fetch(:server_names) %>; ssl on; ssl_certificate <%= fetch(:nginx_ssl_public_crt) %>; ssl_certificate_key <%= fetch(:nginx_ssl_private_key) %>; ssl_session_timeout 5m; client_max_body_size <%= fetch(:nginx_ssl_client_max_body_size) %>; root <%= fetch(:deploy_to) %>/current/public; access_log <%= fetch(:nginx_app_log_path) %>/<%= environment %>_ssl.access.log; error_log <%= fetch(:nginx_app_log_path) %>/<%= environment %>_ssl.error.log info; # this rewrites all the requests to the maintenance.html # page if it exists in the doc root. This is for capistrano's # disable web task if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html last; break; } location / { <% if fetch(:nginx_ssl_use_simple_auth) %> auth_basic "<%= fetch(:nginx_simple_auth_message) %>"; auth_basic_user_file <%= fetch(:nginx_remote_htpasswd) %>; <% end %> # needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr; # needed for HTTPS proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_max_temp_file_size 0; # if the request is for a static resource, nginx should serve it directly # and add a far future expires header to it, making the browser # cache the resource and navigate faster over the website. location ~ ^/(assets)/.+-([0-9a-zA-Z])+\. { gzip_static on; expires max; add_header Cache-Control public; } # Serve images outside the asset path # Now this supposedly should work as it gets the filenames with querystrings that Rails provides. # BUT there's a chance it could break the ajax calls. location ~* \.(ico|css|gif|jpe?g|png)(\?[0-9]+)?$ { expires max; } # Serve javascript outside the asset path location ~ ^/javascripts/.*\.js(\?[0-9]+)?$ { expires max; } # If the file exists as a static file serve it directly without # running all the other rewite tests on it if (-f $request_filename) { break; } <%= fetch(:nginx_extra_rules_ssl) unless fetch(:nginx_extra_rules_ssl).nil? %> if (!-f $request_filename) { proxy_pass http://<%= upstream_name_ssl %>; break; } } error_page 500 502 503 504 /500.html; location = /500.html { root <%= fetch(:deploy_to) %>/current/public; } } <% end %>