Template Standard SSL
Es el más utilizado en todos los proyectos. Incluye configuración para manejar un dominio tanto con http como con https (y su correspondiente certificado ssl).
upstream appname_puma {
server unix:/tmp/puma.appname.sock fail_timeout=0;
}
server {
listen 80;
server_name appname.com.ar www.appname.com.ar;
return 301 https://www.appname.com.ar$request_uri;
}
server {
listen 443 ssl spdy;
server_name appname.com.ar;
ssl_certificate /etc/ssl/certs/appname_ssl_certificate.crt;
ssl_certificate_key /etc/ssl/certs/appname_ssl_certificate.key;
return 301 https://www.appname.com.ar$request_uri;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name www.appname.com.ar;
add_header Strict-Transport-Security "max-age=2592000;";
keepalive_timeout 70;
access_log /var/log/nginx/appname-access.log;
error_log /var/log/nginx/appname-error.log;
root /home/appname/app/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
# try to serve static file first
try_files $uri $uri/index.html $uri.html @unicorn;
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (application_unicorn)
location @unicorn {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://appname_puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 100M;
ssl on;
ssl_certificate /etc/ssl/certs/appname_ssl_certificate.crt;
ssl_certificate_key /etc/ssl/certs/appname_ssl_certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
}Last updated