Template Standard SSL

Es el más utilizado en todos los proyectos. Incluye configuración para manejar un dominio tanto con http como con https (y su correspondiente certificado ssl).

upstream appname_puma {                                          
  server unix:/tmp/puma.appname.sock fail_timeout=0;
}

server {
  listen 80;
  server_name appname.com.ar www.appname.com.ar;
  return 301 https://www.appname.com.ar$request_uri;
}

server {
  listen 443 ssl spdy;
  server_name appname.com.ar;
  ssl_certificate         /etc/ssl/certs/appname_ssl_certificate.crt;
  ssl_certificate_key     /etc/ssl/certs/appname_ssl_certificate.key;
  return 301 https://www.appname.com.ar$request_uri;
}

server {
  listen 443 ssl spdy;
  listen [::]:443 ssl spdy;
  server_name www.appname.com.ar;
  add_header Strict-Transport-Security "max-age=2592000;";

  keepalive_timeout 70;

  access_log  /var/log/nginx/appname-access.log;
  error_log  /var/log/nginx/appname-error.log;

  root /home/appname/app/public;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  # try to serve static file first
  try_files $uri $uri/index.html $uri.html @unicorn;

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (application_unicorn)
  location @unicorn {
    proxy_redirect off;

    proxy_set_header Host $http_host;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    proxy_pass http://appname_puma;
  }

  error_page  500 502 503 504 /500.html;
  client_max_body_size 100M;

  ssl on;
  ssl_certificate         /etc/ssl/certs/appname_ssl_certificate.crt;
  ssl_certificate_key     /etc/ssl/certs/appname_ssl_certificate.key;


  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers  HIGH:!aNULL:!MD5:!DSS:!RC4;
}