Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80;
- server_name example.com;
- return 301 https://www.example.com$request_uri;
- }
- upstream app_server_ssl {
- server unix:/tmp/unicorn.sock fail_timeout=0;
- }
- server {
- server_name example.com;
- return 301 https://www.example.com$request_uri
- }
- server {
- server_name www.example.com;
- listen 443;
- root /home/app/myproject/current/public;
- index index.html index.htm;
- error_log /srv/www/example.com/logs/error.log info;
- access_log /srv/www/example.com/logs/access.log combined;
- ssl on;
- ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /srv/www/example.com/keys/ssl.crt;
- ssl_certificate_key /srv/www/example.com/keys/www.example.com.key;
- ssl_ciphers AES128-SHA:RC4-MD5:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5:AES128-SHA;
- ssl_prefer_server_ciphers on;
- client_max_body_size 20M;
- try_files $uri/index.html $uri.html $uri @app;
- # CVE-2013-2028 http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
- if ($http_transfer_encoding ~* chunked) {
- return 444;
- }
- location @app {
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://app_server_ssl;
- }
- error_page 500 502 503 504 /500.html;
- location = /500.html {
- root /home/app/example/current/public;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement