-
Notifications
You must be signed in to change notification settings - Fork 2
nginx.conf
alexcwatt edited this page Oct 16, 2014
·
4 revisions
Copy of current nginx.conf
# redirect unencrypted to encrypted
server {
listen 80;
server_name www.memverse.com;
return 301 https://www.memverse.com$request_uri;
}
# redirect encrypted non-www to encrypted www
server {
listen 443 ssl;
server_name memverse.com;
return 301 https://www.memverse.com$request_uri;
ssl on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/localcerts/www.memverse.com.crt;
ssl_certificate_key /etc/ssl/localcerts/www.memverse.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
}
# encrypted www.memverse.com
server {
listen 443 ssl;
server_name www.memverse.com;
ssl on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/localcerts/www.memverse.com.crt;
ssl_certificate_key /etc/ssl/localcerts/www.memverse.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
root /home/avitus/memverse.com/current/public;
access_log /home/avitus/memverse.com/current/log/nginx_access.log main;
error_log /home/avitus/memverse.com/current/log/nginx_error.log error;
passenger_enabled on;
passenger_min_instances 2;
# need to compile in support for this
location ~ ^/(assets)/ {
root /home/avitus/memverse.com/current/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
}
server {
listen 80;
server_name origin.memverse.com;
root /home/avitus/memverse.com/current/public;
access_log /home/avitus/memverse.com/current/log/nginx_cdn_access.log main;
error_log /home/avitus/memverse.com/current/log/nginx_cdn_error.log error;
location / {
deny all;
# For CORS and mobile device access
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization"; # <- May not need this...it's for Basic Auth
add_header Access-Control-Allow-Credentials "true"; # <- Basic Auth stuff, again
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
# All static assets served by Amazon Cloudfront
location ^~ /assets/ {
allow all;
gzip_http_version 1.0;
gzip_static on;
expires 365d;
add_header Last-Modified "";
add_header Cache-Control public;
}
# This folder is needed to give access to ckeditor scripts
location ^~ /javascripts/ {
allow all;
gzip_http_version 1.0;
gzip_static on;
expires 365d;
add_header Last-Modified "";
add_header Cache-Control public;
}
location /robots.txt {
allow all;
}
location /favicon.ico {
allow all;
}
# Rails error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/avitus/memverse.com/current/public;
}
}