| 
									
										
										
										
											2013-08-13 14:00:20 -04:00
										 |  |  | # Additional MIME types that you'd like nginx to handle go in here | 
					
						
							|  |  |  | types { | 
					
						
							| 
									
										
										
										
											2014-05-14 12:08:29 +07:00
										 |  |  |     text/csv csv; | 
					
						
							| 
									
										
										
										
											2013-08-13 14:00:20 -04:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | upstream discourse { | 
					
						
							| 
									
										
										
										
											2013-08-07 00:06:40 -04:00
										 |  |  |   server unix:/var/www/discourse/tmp/sockets/thin.0.sock; | 
					
						
							|  |  |  |   server unix:/var/www/discourse/tmp/sockets/thin.1.sock; | 
					
						
							|  |  |  |   server unix:/var/www/discourse/tmp/sockets/thin.2.sock; | 
					
						
							|  |  |  |   server unix:/var/www/discourse/tmp/sockets/thin.3.sock; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-15 10:30:27 +10:00
										 |  |  | proxy_cache_path /var/nginx/cache keys_zone=one:10m max_size=200m; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-11-18 12:53:36 +08:00
										 |  |  | # If you are going to use Puma, use these: | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # upstream discourse { | 
					
						
							| 
									
										
										
										
											2014-05-07 21:58:49 -04:00
										 |  |  | #   server unix:/var/www/discourse/tmp/sockets/puma.sock; | 
					
						
							| 
									
										
										
										
											2013-11-18 12:53:36 +08:00
										 |  |  | # } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-09 16:39:30 +11:00
										 |  |  | 
 | 
					
						
							|  |  |  | # attempt to preserve the proto, must be in http context | 
					
						
							|  |  |  | map $http_x_forwarded_proto $thescheme { | 
					
						
							|  |  |  |   default $scheme; | 
					
						
							|  |  |  |   https https; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | server { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   listen 80; | 
					
						
							|  |  |  |   gzip on; | 
					
						
							| 
									
										
										
										
											2014-10-23 11:05:42 +11:00
										 |  |  |   gzip_vary on; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   gzip_min_length 1000; | 
					
						
							| 
									
										
										
										
											2014-07-08 16:45:18 +10:00
										 |  |  |   gzip_comp_level 5; | 
					
						
							| 
									
										
										
										
											2014-05-19 08:46:09 +10:00
										 |  |  |   gzip_types application/json text/css application/x-javascript application/javascript; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-01-17 01:26:21 -08:00
										 |  |  |   # Uncomment and configure this section for HTTPS support | 
					
						
							|  |  |  |   # NOTE: Put your ssl cert in your main nginx config directory (/etc/nginx) | 
					
						
							|  |  |  |   # | 
					
						
							|  |  |  |   # rewrite ^/(.*) https://enter.your.web.hostname.here/$1 permanent; | 
					
						
							|  |  |  |   # | 
					
						
							|  |  |  |   # listen 443 ssl; | 
					
						
							|  |  |  |   # ssl_certificate your-hostname-cert.pem; | 
					
						
							|  |  |  |   # ssl_certificate_key your-hostname-cert.key; | 
					
						
							|  |  |  |   # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 
					
						
							|  |  |  |   # ssl_ciphers HIGH:!aNULL:!MD5; | 
					
						
							|  |  |  |   # | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-29 00:07:26 -04:00
										 |  |  |   server_name enter.your.web.hostname.here; | 
					
						
							| 
									
										
										
										
											2014-05-14 12:08:29 +07:00
										 |  |  |   server_tokens off; | 
					
						
							| 
									
										
										
										
											2013-02-28 11:24:03 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   sendfile on; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   keepalive_timeout 65; | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   # maximum file upload size (keep up to date when changing the corresponding site setting) | 
					
						
							| 
									
										
										
										
											2014-07-14 14:32:55 +10:00
										 |  |  |   client_max_body_size 3m; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |   # path to discourse's public directory | 
					
						
							|  |  |  |   set $public /var/www/discourse/public; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-05-07 22:16:20 -04:00
										 |  |  |   # Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse. | 
					
						
							| 
									
										
										
										
											2014-05-15 12:59:26 +10:00
										 |  |  |   # If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode, | 
					
						
							| 
									
										
										
										
											2014-05-07 22:16:20 -04:00
										 |  |  |   # it may be used for this one too, unless you explicitly tell IE not to use it.  Alternatively, | 
					
						
							|  |  |  |   # some people have reported having compatibility mode "stuck" on for some reason. | 
					
						
							|  |  |  |   # (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway. | 
					
						
							|  |  |  |   add_header X-UA-Compatible "IE=edge"; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-10 15:18:31 +10:00
										 |  |  |   # without weak etags we get zero benefit from etags on dynamically compressed content | 
					
						
							|  |  |  |   # further more etags are based on the file in nginx not sha of data | 
					
						
							|  |  |  |   # use dates, it solves the problem fine even cross server | 
					
						
							|  |  |  |   etag off; | 
					
						
							| 
									
										
										
										
											2014-12-09 14:49:02 +11:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-12-03 12:47:28 +01:00
										 |  |  |   # prevent direct download of backups | 
					
						
							|  |  |  |   location ^~ /backups/ { | 
					
						
							|  |  |  |     internal; | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2014-07-10 15:18:31 +10:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   location / { | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |     root $public; | 
					
						
							| 
									
										
										
										
											2014-07-10 15:18:31 +10:00
										 |  |  |     add_header ETag ""; | 
					
						
							| 
									
										
										
										
											2014-01-09 12:36:42 +11:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-01-23 10:40:58 -05:00
										 |  |  |     location ~* \.(eot|ttf|woff|ico)$ { | 
					
						
							| 
									
										
										
										
											2014-02-12 20:36:51 -08:00
										 |  |  |       expires 1y; | 
					
						
							|  |  |  |       add_header Cache-Control public; | 
					
						
							|  |  |  |       add_header Access-Control-Allow-Origin *; | 
					
						
							|  |  |  |      } | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     location ~ ^/assets/ { | 
					
						
							|  |  |  |       expires 1y; | 
					
						
							| 
									
										
										
										
											2014-07-10 15:18:31 +10:00
										 |  |  |       # asset pipeline enables this | 
					
						
							| 
									
										
										
										
											2014-07-08 16:45:18 +10:00
										 |  |  |       gzip_static on; | 
					
						
							| 
									
										
										
										
											2014-02-12 20:36:51 -08:00
										 |  |  |       add_header Cache-Control public; | 
					
						
							| 
									
										
										
										
											2014-12-09 14:49:02 +11:00
										 |  |  |       # TODO I don't think this break is needed, it just breaks out of rewrite | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |       break; | 
					
						
							| 
									
										
										
										
											2013-08-14 12:20:05 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-12-09 14:49:02 +11:00
										 |  |  |     location ~ ^/plugins/ { | 
					
						
							|  |  |  |       expires 1y; | 
					
						
							|  |  |  |       add_header Cache-Control public; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2015-01-17 01:26:21 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-12-28 11:10:03 +01:00
										 |  |  |     # cache emojis | 
					
						
							|  |  |  |     location ~ /_?emoji/ { | 
					
						
							|  |  |  |       expires 1y; | 
					
						
							|  |  |  |       add_header Cache-Control public; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2014-12-09 14:49:02 +11:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |     location ~ ^/uploads/ { | 
					
						
							| 
									
										
										
										
											2014-07-14 14:26:25 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  |       # NOTE: it is really annoying that we can't just define headers | 
					
						
							|  |  |  |       # at the top level and inherit. | 
					
						
							|  |  |  |       # | 
					
						
							|  |  |  |       # proxy_set_header DOES NOT inherit, by design, we must repeat it, | 
					
						
							|  |  |  |       # otherwise headers are not set correctly | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  |       proxy_set_header Host $http_host; | 
					
						
							|  |  |  |       proxy_set_header X-Real-IP $remote_addr; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-Proto $thescheme; | 
					
						
							| 
									
										
										
										
											2014-07-11 18:47:55 +10:00
										 |  |  |       proxy_set_header X-Sendfile-Type X-Accel-Redirect; | 
					
						
							|  |  |  |       proxy_set_header X-Accel-Mapping $public/=/downloads/; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |       expires 1y; | 
					
						
							| 
									
										
										
										
											2014-02-12 20:36:51 -08:00
										 |  |  |       add_header Cache-Control public; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |       ## optional upload anti-hotlinking rules | 
					
						
							|  |  |  |       #valid_referers none blocked mysite.com *.mysite.com; | 
					
						
							| 
									
										
										
										
											2014-02-12 20:36:51 -08:00
										 |  |  |       #if ($invalid_referer) { return 403; } | 
					
						
							| 
									
										
										
										
											2013-02-28 11:24:03 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-01 17:52:04 +02:00
										 |  |  |       # custom CSS | 
					
						
							| 
									
										
										
										
											2014-05-14 12:08:29 +07:00
										 |  |  |       location ~ /stylesheet-cache/ { | 
					
						
							|  |  |  |           try_files $uri =404; | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2014-07-14 14:26:25 +10:00
										 |  |  |       # this allows us to bypass rails | 
					
						
							| 
									
										
										
										
											2014-05-14 12:08:29 +07:00
										 |  |  |       location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ { | 
					
						
							|  |  |  |           try_files $uri =404; | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2013-10-01 17:52:04 +02:00
										 |  |  |       # thumbnails & optimized images | 
					
						
							| 
									
										
										
										
											2014-05-14 12:08:29 +07:00
										 |  |  |       location ~ /_optimized/ { | 
					
						
							|  |  |  |           try_files $uri =404; | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  | 
 | 
					
						
							|  |  |  |       proxy_pass http://discourse; | 
					
						
							|  |  |  |       break; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2013-02-28 11:24:03 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-09-24 16:51:14 +10:00
										 |  |  |     location ~ ^/admin/backups/ { | 
					
						
							| 
									
										
										
										
											2014-07-15 10:30:27 +10:00
										 |  |  |       proxy_set_header Host $http_host; | 
					
						
							|  |  |  |       proxy_set_header X-Real-IP $remote_addr; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-Proto $thescheme; | 
					
						
							|  |  |  |       proxy_set_header X-Sendfile-Type X-Accel-Redirect; | 
					
						
							|  |  |  |       proxy_set_header X-Accel-Mapping $public/=/downloads/; | 
					
						
							|  |  |  |       proxy_pass http://discourse; | 
					
						
							|  |  |  |       break; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-14 14:26:25 +10:00
										 |  |  |     # This big block is needed so we can selectively enable | 
					
						
							|  |  |  |     # acceleration for backups and avatars | 
					
						
							|  |  |  |     # see note about repetition above | 
					
						
							| 
									
										
										
										
											2014-07-15 10:30:27 +10:00
										 |  |  |     location ~ ^/(letter_avatar|user_avatar) { | 
					
						
							| 
									
										
										
										
											2014-07-14 14:26:25 +10:00
										 |  |  |       proxy_set_header Host $http_host; | 
					
						
							|  |  |  |       proxy_set_header X-Real-IP $remote_addr; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 
					
						
							|  |  |  |       proxy_set_header X-Forwarded-Proto $thescheme; | 
					
						
							| 
									
										
										
										
											2014-07-15 10:30:27 +10:00
										 |  |  |       # note x-accel-redirect can not be used with proxy_cache | 
					
						
							|  |  |  |       proxy_cache one; | 
					
						
							|  |  |  |       proxy_cache_valid any 1m; | 
					
						
							|  |  |  |       proxy_cache_valid 200 301 302 7d; | 
					
						
							| 
									
										
										
										
											2014-02-12 20:36:51 -08:00
										 |  |  |       proxy_pass http://discourse; | 
					
						
							|  |  |  |       break; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-14 14:26:25 +10:00
										 |  |  |     # this means every file in public is tried first | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |     try_files $uri @discourse; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   location /downloads/ { | 
					
						
							|  |  |  |     internal; | 
					
						
							|  |  |  |     alias $public/; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   location @discourse { | 
					
						
							| 
									
										
										
										
											2014-03-25 17:06:15 +11:00
										 |  |  |     proxy_set_header Host $http_host; | 
					
						
							|  |  |  |     proxy_set_header X-Real-IP $remote_addr; | 
					
						
							|  |  |  |     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 
					
						
							|  |  |  |     proxy_set_header X-Forwarded-Proto $thescheme; | 
					
						
							| 
									
										
										
										
											2013-09-06 19:18:42 +02:00
										 |  |  |     proxy_pass http://discourse; | 
					
						
							| 
									
										
										
										
											2013-02-05 14:16:51 -05:00
										 |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | } |