Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user nginx nginx;
- error_log stderr;
- daemon off;
- events {
- }
- http {
- include /nix/store/0ywid6mci24w8v7l7k7w4pkp7mbkxgsl-nginx-1.12.2/conf/mime.types;
- include /nix/store/0ywid6mci24w8v7l7k7w4pkp7mbkxgsl-nginx-1.12.2/conf/fastcgi.conf;
- include /nix/store/0ywid6mci24w8v7l7k7w4pkp7mbkxgsl-nginx-1.12.2/conf/uwsgi_params;
- # optimisation
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- ssl_protocols TLSv1.2;
- ssl_ciphers EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL;
- ssl_dhparam /nix/store/lxxnrmf9dv4ya8gfnfcrma5ryb3n33pc-dhparams.pem;
- ssl_session_cache shared:SSL:42m;
- ssl_session_timeout 23m;
- ssl_ecdh_curve secp384r1;
- ssl_prefer_server_ciphers on;
- ssl_stapling on;
- ssl_stapling_verify on;
- gzip on;
- gzip_disable "msie6";
- gzip_proxied any;
- gzip_comp_level 9;
- gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- gzip_vary on;
- proxy_redirect off;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_http_version 1.0;
- include /nix/store/avmqrlsy7dfh6bz1r6yzw3wvrvb0wzf1-nginx-recommended-proxy-headers.conf;
- # $connection_upgrade is used for websocket proxying
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- client_max_body_size 10m;
- server_tokens off;
- server {
- listen 0.0.0.0:80 ;
- listen [::]:80 ;
- server_name rails-stage-new.XXXXX.com ;
- location /.well-known/acme-challenge {
- root /var/lib/acme/acme-challenge;
- auth_basic off;
- }
- location / {
- return 301 https://$host$request_uri;
- }
- }
- server {
- listen 0.0.0.0:443 ssl http2 ;
- listen [::]:443 ssl http2 ;
- server_name rails-stage-new.XXXXX.com ;
- location /.well-known/acme-challenge {
- root /var/lib/acme/acme-challenge;
- auth_basic off;
- }
- ssl_certificate /var/lib/acme/rails-stage-new.XXXXX.com/fullchain.pem;
- ssl_certificate_key /var/lib/acme/rails-stage-new.XXXXX.com/key.pem;
- auth_basic secured;
- auth_basic_user_file /nix/store/ms9dwd60f4dij7n53nddfgzhcr1s3cy9-rails-stage-new.XXXXX.com.htpasswd;
- location / {
- proxy_pass http://127.0.0.1:23000;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Forwarded-Protocol https;
- proxy_set_header X-Url-Scheme https;
- proxy_set_header X-Forwarded-Host $host:$server_port;
- proxy_set_header X-Real_IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-NginX-Proxy true;
- proxy_set_header Host $http_host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_pass_header Set-Cookie;
- proxy_buffering off;
- proxy_ssl_session_reuse off;
- include /nix/store/avmqrlsy7dfh6bz1r6yzw3wvrvb0wzf1-nginx-recommended-proxy-headers.conf;
- }
- location /robots.txt {
- add_header Content-Type text/plain;
- return 200 "User-agent: *\nDisallow: /\n";
- }
- }
- server {
- listen 80;
- listen [::]:80;
- server_name localhost;
- location /nginx_status {
- stub_status on;
- access_log off;
- allow 127.0.0.1;
- allow ::1;
- deny all;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement