upstream unicorn_<%= fetch(:nginx_config_name) %> { server unix:/tmp/unicorn.<%= fetch(:nginx_config_name) %>.sock fail_timeout=0; } <% if fetch(:nginx_use_ssl) %> server { listen 80; rewrite ^(.*) https://$host$1 permanent; } <% end %> server { <% if fetch(:nginx_use_ssl) %> listen 443; ssl on; ssl_certificate /etc/ssl/certs/<%= fetch(:nginx_ssl_certificate) %>; ssl_certificate_key /etc/ssl/private/<%= fetch(:nginx_ssl_certificate_key) %>; <% else %> listen 80; <% end %> client_max_body_size 4G; keepalive_timeout 10; error_page 500 502 504 /500.html; error_page 503 @503; server_name <%= fetch(:nginx_server_name) %>; root <%= current_path %>/public; try_files $uri/index.html $uri @unicorn_<%= fetch(:nginx_config_name) %>; location @unicorn_<%= fetch(:nginx_config_name) %> { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; <% if fetch(:nginx_use_ssl) %> proxy_set_header X-Forwarded-Proto https; <% end %> proxy_pass http://unicorn_<%= fetch(:nginx_config_name) %>; # limit_req zone=one; access_log <%= shared_path %>/log/nginx.access.log; error_log <%= shared_path %>/log/nginx.error.log; } location ^~ /assets/ { gzip_static on; expires max; add_header Cache-Control public; } location = /50x.html { root html; } location = /404.html { root html; } location @503 { error_page 405 = /system/maintenance.html; if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html break; } rewrite ^(.*)$ /503.html break; } if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){ return 405; } if (-f $document_root/system/maintenance.html) { return 503; } location ~ \.(php|html)$ { return 405; } }