<% if with_upstream_server %> upstream <%= application %>_<%= stage %>_<%= protocol %>_server { # fail_timeout=0 means we always retry an upstream even if it failed # to return a good HTTP response (in case the Unicorn master nukes a # single worker for timing out). # This is the socket we configured in unicorn.rb server unix:/tmp/socket.<%= application %>_<%= stage %>.sock fail_timeout=0; # for TCP setups, point these to your backend servers # server 127.0.0.1:8080 fail_timeout=0; # server 192.168.0.8:8080 fail_timeout=0; # server 192.168.0.9:8080 fail_timeout=0; } <% end %> <%= optional_nginx_http_content if protocol == 'http' %> <%= optional_nginx_https_content if protocol == 'https' %> server { server_name <%= domain %>; <% if protocol == 'https' %> listen 443 ssl; ssl_certificate <%= nginx_cert_dir %>/<%= application %>_cert.<%= cert_type %>; ssl_certificate_key <%= nginx_cert_dir %>/<%= application %>_cert.<%= key_type %>; #ssl_ciphers SSLv3+HIGH:RC4+MEDIUM:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; #ssl_prefer_server_ciphers on; #ssl_protocols SSLv3; #ssl_session_cache shared:SSL:10m; keepalive_timeout 70; <% else %> listen 80; # ~2 seconds is often enough for most folks to parse HTML/CSS and # retrieve needed images/icons/frames, connections are cheap in # nginx so increasing this is generally safe... #keepalive_timeout 5; <% end %> client_max_body_size 4G; <% if serve_static_files %> # path for static files root <%= project_root %>/public; <% if with_file_expire_max %> location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ { expires max; break; } <% end %> <% end %> <%= optional_http_content if protocol == 'http' %> <%= optional_https_content if protocol == 'https' %> # Prefer to serve static files directly from nginx to avoid unnecessary # data copies from the application server. # # try_files directive appeared in in nginx 0.7.27 and has stabilized # over time. Older versions of nginx (e.g. 0.6.x) requires # "if (!-f $request_filename)" which was less efficient: # http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127 try_files $uri/index.html $uri.html $uri @app; location / { # an HTTP header important enough to have its own Wikipedia entry: # http://en.wikipedia.org/wiki/X-Forwarded-For proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # enable this if and only if you use HTTPS, this helps Rack # set the proper protocol for doing redirects: # proxy_set_header X-Forwarded-Proto https; # pass the Host: header from the client right along so redirects # can be set properly within the Rack application proxy_set_header Host $http_host; # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; # set "proxy_buffering off" *only* for Rainbows! when doing # Comet/long-poll/streaming. It's also safe to set if you're using # only serving fast clients with Unicorn + nginx, but not slow # clients. You normally want nginx to buffer responses to slow # clients, even with Rails 3.1 streaming because otherwise a slow # client can become a bottleneck of Unicorn. # # The Rack application may also set "X-Accel-Buffering (yes|no)" # in the response headers do disable/enable buffering on a # per-response basis. # proxy_buffering off; <% if protocol == 'https' %> # This makes sure that Rack::SslEnforcer knows it's being accessed over SSL. proxy_set_header X-Forwarded-Proto https; <% end %> if (!-f $request_filename) { proxy_pass http://<%= application %>_<%= stage %>_<%= protocol %>_server; break; } <% if auth_basic_title %> auth_basic "<%= auth_basic_title %>"; auth_basic_user_file <%= auth_basic_password_file %>; <% end %> } # Rails error pages error_page 500 502 503 504 /500.html; location = /500.html { root <%= project_root %>/public; } }