server { listen 80; server_name example.com; return 301 https://www.

1. server {
2. listen 80;
3. server_name example.com;
4. return 301 https://www.example.com$request_uri;
5. }
6.  
7. upstream app_server_ssl {
8. server unix:/tmp/unicorn.sock fail_timeout=0;
9. }
10.  
11. server {
12. server_name example.com;
13. return 301 https://www.example.com$request_uri
14. }
15. server {
16. server_name www.example.com;
17.  
18. listen 443;
19. root /home/app/myproject/current/public;
20. index index.html index.htm;
21.  
22. error_log /srv/www/example.com/logs/error.log info;
23. access_log /srv/www/example.com/logs/access.log combined;
24.  
25. ssl on;
26. ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
27. ssl_certificate /srv/www/example.com/keys/ssl.crt;
28. ssl_certificate_key /srv/www/example.com/keys/www.example.com.key;
29. ssl_ciphers AES128-SHA:RC4-MD5:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5:AES128-SHA;
30. ssl_prefer_server_ciphers on;
31.  
32. client_max_body_size 20M;
33.  
34.  
35. try_files $uri/index.html $uri.html $uri @app;
36.  
37.  
38. # CVE-2013-2028 http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
39. if ($http_transfer_encoding ~* chunked) {
40. return 444;
41. }
42.  
43. location @app {
44. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
45. proxy_set_header Host $http_host;
46. proxy_redirect off;
47. proxy_pass http://app_server_ssl;
48. }
49.  
50. error_page 500 502 503 504 /500.html;
51.  
52. location = /500.html {
53. root /home/app/example/current/public;
54. }
55. }