upstream <%=fetch(:application)%> { server <%="#{fetch(:app_server_host)}:#{fetch(:app_server_port)}"%>; } <%- if fetch(:nginx_protocols,[]).map(&:to_s).include?('http') -%> <%- if fetch(:nginx_redirect_to_ssl, fetch(:nginx_use_ssl, false)) -%> server { listen <%= fetch(:nginx_http_port, 80) %>; server_name <%=fetch(:nginx_http_server_names,fetch(:nginx_server_names))%>; rewrite ^ https://$server_name$request_uri? permanent; } <%- else -%> server { listen <%= fetch(:nginx_http_port, 80) %>; server_name <%=fetch(:nginx_http_server_names,fetch(:nginx_server_names))%>; root <%=current_path%>/public; access_log <%=fetch(:nginx_access_log, "#{shared_path}/log/nginx-access.log") %>; error_log <%=fetch(:nginx_error_log, "#{shared_path}/log/nginx-error.log")%>; rewrite_log on; client_max_body_size <%=fetch(:nginx_max_body_size, '4G')%>; keepalive_timeout <%=fetch(:nginx_keepalive_timeout, '5')%>; if (-f $document_root/public/maintenance.html) { rewrite ^(.*)$ /public/maintenance.html; break; } location ~ ^/(assets)/ { root <%=current_path%>/public; gzip_static on; expires max; add_header Cache-Control public; break; } location / { try_files $uri/index.html $uri.html $uri @<%=fetch(:application)%>; error_page 404 /404.html; error_page 422 /422.html; error_page 500 502 503 504 /500.html; error_page 403 /403.html; break; } location @<%=fetch(:application)%> { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_headers_hash_bucket_size <%=fetch(:nginx_hash_bucket_size, 1024)%>; proxy_headers_hash_max_size <%=fetch(:nginx_hash_max_size, 512)%>; proxy_read_timeout <%=fetch(:nginx_read_timeout, 60)%>; proxy_send_timeout <%=fetch(:nginx_send_timeout, 60)%>; proxy_redirect off; proxy_pass http://<%=fetch(:application)%>; include proxy_params; break; } } <%- end -%> <%- end -%> <%- if fetch(:nginx_protocols,[]).map(&:to_s).include?('https') -%> server { listen <%= fetch(:nginx_https_port, 443) %>; ssl on; ssl_certificate <%=fetch(:nginx_ssl_certificate)%>; ssl_certificate_key <%=fetch(:nginx_ssl_private_key)%>; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; <%- if fetch(:nginx_ssl_ciphers,'') != '' -%> ssl_ciphers "<%= fetch(:nginx_ssl_ciphers) %>"; ssl_prefer_server_ciphers on; ssl_dhparam <%= fetch(:nginx_dhparams_path, '/etc/ssl/private/dhparams.pem') %>; <%- end -%> server_name <%=fetch(:nginx_https_server_names,fetch(:nginx_server_names))%>; root <%=current_path%>/public; access_log <%=fetch(:nginx_access_log, "#{shared_path}/log/nginx-access.log") %>; error_log <%=fetch(:nginx_error_log, "#{shared_path}/log/nginx-error.log")%>; rewrite_log on; client_max_body_size <%=fetch(:nginx_max_body_size, '4G')%>; keepalive_timeout <%=fetch(:nginx_keepalive_timeout, '5')%>; if (-f $document_root/public/maintenance.html) { rewrite ^(.*)$ /public/maintenance.html; break; } location ~ ^/(assets)/ { root <%=current_path%>/public; gzip_static on; expires max; add_header Cache-Control public; break; } location / { try_files $uri/index.html $uri.html $uri @<%=fetch(:application)%>; error_page 404 /404.html; error_page 422 /422.html; error_page 500 502 503 504 /500.html; error_page 403 /403.html; break; } location @<%=fetch(:application)%> { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_headers_hash_bucket_size <%=fetch(:nginx_hash_bucket_size, 1024)%>; proxy_headers_hash_max_size <%=fetch(:nginx_hash_max_size, 512)%>; proxy_read_timeout <%=fetch(:nginx_read_timeout, 60)%>; proxy_send_timeout <%=fetch(:nginx_send_timeout, 60)%>; proxy_redirect off; proxy_pass http://<%=fetch(:application)%>; include proxy_params; break; } } <%- end -%>