72 lines
1.8 KiB
Plaintext
72 lines
1.8 KiB
Plaintext
upstream wblog {
|
|
server unix:///data/www/wblog/shared/tmp/sockets/puma.sock fail_timeout=0;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
# FIXME: update your domain here
|
|
server_name example.com;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
# FIXME: update your domain here
|
|
server_name example.com;
|
|
root /data/www/wblog/current/public;
|
|
|
|
ssl on;
|
|
|
|
# FIXME: update your domain here
|
|
ssl_certificate /etc/nginx/sslkeys/yourdomain.com.key.pem;
|
|
ssl_certificate_key /etc/nginx/sslkeys/yourdomain.com.key;
|
|
ssl_dhparam /etc/nginx/sslkeys/dhparam.pem;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
# ssl optimizations
|
|
ssl_session_cache shared:SSL:30m;
|
|
ssl_session_timeout 30m;
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
|
|
location ^~ /assets/ {
|
|
gzip_static on;
|
|
expires max;
|
|
add_header Cache-Control public;
|
|
}
|
|
|
|
location ~ ^/(uploads)/ {
|
|
expires max;
|
|
break;
|
|
}
|
|
|
|
location /cable {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://wblog;
|
|
}
|
|
|
|
try_files $uri/index.html $uri @wblog;
|
|
location @wblog {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_redirect off;
|
|
proxy_pass http://wblog;
|
|
}
|
|
|
|
error_page 500 502 503 504 /500;
|
|
error_page 404 /404;
|
|
client_max_body_size 20M;
|
|
keepalive_timeout 10;
|
|
}
|