nginx-web.conf.erb 1.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. worker_processes 1;
  2. daemon off;
  3. events {
  4. worker_connections 1024;
  5. }
  6. http {
  7. include /data/etc/nginx/mime.types;
  8. sendfile on;
  9. gzip on;
  10. gzip_http_version 1.0;
  11. gzip_proxied any;
  12. gzip_min_length 500;
  13. gzip_disable "MSIE [1-6]\.";
  14. gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
  15. # Proxy upstream to the puma process
  16. upstream rails {
  17. server 127.0.0.1:3000;
  18. }
  19. map $http_upgrade $connection_upgrade {
  20. default upgrade;
  21. '' close;
  22. }
  23. # Configuration for Nginx
  24. server {
  25. # Listen on port 8080
  26. listen 8080;
  27. add_header Strict-Transport-Security "max-age=31536000";
  28. add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
  29. root /app/public;
  30. client_max_body_size 8M;
  31. location / {
  32. try_files $uri @rails;
  33. }
  34. location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) {
  35. add_header Cache-Control "public, max-age=31536000, immutable";
  36. try_files $uri @rails;
  37. }
  38. # Proxy connections to rails
  39. location @rails {
  40. proxy_set_header Host $host;
  41. proxy_pass_header Server;
  42. proxy_pass http://rails;
  43. proxy_buffering off;
  44. proxy_redirect off;
  45. proxy_http_version 1.1;
  46. proxy_set_header Upgrade $http_upgrade;
  47. proxy_set_header Connection $connection_upgrade;
  48. tcp_nodelay on;
  49. }
  50. }
  51. error_page 500 501 502 503 504 /500.html;
  52. }