provisions/nginx/default.conf from datahuborg/datahub

provisions/nginx/default.conf
Summary

Maintainability

Test Coverage

Issues
upstream datahub {
    # `app` is the hostname of DataHub's container running gunicorn. Docker
    # adds it to /etc/hosts when the nginx container is created with
    # --link app:app.
    #
    # `fail_timeout=0` makes nginx keep retrying the proxy in case gunicorn's
    # workers reset for some reason.
    server app:8000 fail_timeout=0;
}

# If your host exposes forwards something else to ports 80 and 443, uncomment
# and customize this map call to fit your configuration.
# 
# When uncommenting this map, also uncomment the proxy_set_header X-Forwarded-*
# directives below.

# map $scheme $port_to_forward {
#     default 18080;
#     https   18081;
# }

server {
    listen 80 default_server;
    listen 443 ssl;

    server_name datahub.csail.mit.edu;

    # The certificate and key need to be added to the nginx container as a
    # volume at run time, e.g. `-v /local/path/to/ssl:/etc/nginx/ssl`.
    ssl_certificate     /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    location /static {
        # Look for static files on disk in /static/.
        alias /static/;
        
        # Add "Cache-Control: max-age=86400" to the response header for
        # static files.
        expires 1d;
    }

    location / {
        proxy_pass http://datahub;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Uncomment these proxy_set_header calls as well as the map call above
        # and customize the map to fit your configuration when forwarding to
        # ports 80 and 443.

        # proxy_set_header X-Forwarded-Host $host:$port_to_forward;
        # proxy_set_header X-Forwarded-Server $server_name;
        # proxy_set_header X-Forwarded-Port $port_to_forward;

        # Hide "Connection: keep-alive" from gunicorn so it closes requests
        # properly. The current setup of gunicorn does not handle keep-alive
        # requests and leaves clients hanging, expecting more data.
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        # End a request if gunicorn pauses for more than 30 seconds while
        # sending a response. Note that this doesn't mean the entire request
        # has to finish in 30 seconds.
        proxy_read_timeout 30;
    }
}