deploy/ansible/nginx/templates/nginx.conf.j2
upstream rails_app {
server unix:///home/babywearing/app/shared/tmp/sockets/puma.sock fail_timeout=0;
}
server {
server_name {{ ansible_host }};
listen 80;
listen 443 ssl;
# define the public application root
root /home/babywearing/app/current/public;
ssl_certificate {{ fullchain }};
ssl_certificate_key {{ cert_key_path }};
index index.html;
# define where Nginx should write its logs
# access_log /home/babywearing/app/shared/log/nginx.access.log;
# error_log /home/babywearing/app/shared/log/nginx.error.log;
# deny requests for files that should never be accessed
location ~ /\. {
deny all;
}
location ~* ^.+\.(rb|log)$ {
deny all;
}
# serve static (compiled) assets directly if they exist (for rails production)
location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ {
try_files $uri @rails;
access_log off;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
# send non-static file requests to the app server
location / {
try_files $uri @rails;
}
location @rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_pass http://rails_app;
}
}