# vi:syntax=nginx# These are some "magic" Nginx configuration options that a

1. # vi:syntax=nginx
2.  
3. # These are some "magic" Nginx configuration options that aid in making
4. # WebSockets work properly with Passenger Standalone. Please learn more
5. # at http://nginx.org/en/docs/http/websocket.html
6. map $http_upgrade $connection_upgrade {
7.   default upgrade;
8.   '' close;
9. }
10.  
11. server {
12.   listen      443;
13.   server_name ${SERVER_NAME};
14.  
15.   # Increase max upload
16.   client_max_body_size 500M;
17.  
18.   # ---------- SSL ----------
19.   # from https://github.com/MarvAmBass/docker-nginx-registry-proxy/blob/master/docker-registry.conf
20.   ssl on;
21.   ssl_certificate external/cert.pem;
22.   ssl_certificate_key external/key.pem;
23.  
24.   # set HSTS-Header because we only allow https traffic
25.   add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
26.  
27.   # ---------- PUBLIC FILES ----------
28.   root /public;
29.  
30.   location ${CARRIERWAVE_PUBLIC_UPLOAD_DIR_AND_URL} {
31.     alias /carrierwave_public_upload_dir;
32.   }
33.  
34.   location ${CARRIERWAVE_CACHE_DIR_AND_URL} {
35.     alias /carrierwave_cache_dir;
36.   }
37.  
38.   # TODO https://gist.github.com/ebeigarts/9410688
39.   # location ${CARRIERWAVE_PRIVATE_UPLOAD_DIR_AND_URL} {
40.   #   internal;
41.   #   alias /carrierwave_private_upload_dir;
42.   # }
43.  
44.   location ${FILEMANAGER_STATIC_DIR_AND_URL} {
45.     alias /filemanager_upload_dir;
46.   }
47.  
48.   # ---------- BACKEND ----------
49.   location / {
50.     proxy_pass     ${BACKEND_URL};
51.     proxy_http_version 1.1;
52.  
53.     proxy_set_header Host       $http_host;
54.     proxy_set_header Upgrade    $http_upgrade;
55.     proxy_set_header Connection $connection_upgrade;
56.  
57.     proxy_set_header X-Real-IP  $remote_addr;
58.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
59.     proxy_set_header X-Forwarded-Proto $scheme;
60.     proxy_set_header X-Forwarded-Ssl on; # Optional
61.     proxy_set_header X-Forwarded-Port $server_port;
62.     proxy_set_header X-Forwarded-Host $host;
63.  
64.     proxy_buffering  off;
65.   }
66.  
67.   # ---------- FILEMANAGER ----------
68.   # redirect to filemanager and prevent cors issue
69.   location /responsivefilemanager/ {
70.     proxy_pass       ${FILEMANAGER_URL}/;
71.     proxy_http_version 1.1;
72.  
73.     proxy_set_header Host      $host;
74.     proxy_set_header X-Real-IP $remote_addr;
75.  
76.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
77.     proxy_set_header X-Forwarded-Proto $scheme;
78.     proxy_set_header X-Forwarded-Ssl on; # Optional
79.     proxy_set_header X-Forwarded-Port $server_port;
80.     proxy_set_header X-Forwarded-Host $host;
81.   }
82.  
83.   # deny access to .htaccess files, for filemanager
84.   location ~ /\.ht {
85.     deny  all;
86.   }
87. }
88.  
89. server {
90.     listen 80;
91.  
92.     # Increase max upload
93.     client_max_body_size 500M;
94.  
95.     # Redirect http to https
96.     return 301 https://$host$request_uri;
97. }