2013-08-13 13:00:20 -05:00
|
|
|
# Additional MIME types that you'd like nginx to handle go in here
|
|
|
|
types {
|
2014-05-14 00:08:29 -05:00
|
|
|
text/csv csv;
|
2013-08-13 13:00:20 -05:00
|
|
|
}
|
|
|
|
|
2013-02-05 13:16:51 -06:00
|
|
|
upstream discourse {
|
2013-08-06 23:06:40 -05:00
|
|
|
server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
|
|
|
|
server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
|
|
|
|
server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
|
|
|
|
server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
|
2013-02-05 13:16:51 -06:00
|
|
|
}
|
|
|
|
|
2013-11-17 22:53:36 -06:00
|
|
|
# If you are going to use Puma, use these:
|
|
|
|
#
|
|
|
|
# upstream discourse {
|
2014-05-07 20:58:49 -05:00
|
|
|
# server unix:/var/www/discourse/tmp/sockets/puma.sock;
|
2013-11-17 22:53:36 -06:00
|
|
|
# }
|
|
|
|
|
2014-01-08 23:39:30 -06:00
|
|
|
|
|
|
|
# attempt to preserve the proto, must be in http context
|
|
|
|
map $http_x_forwarded_proto $thescheme {
|
|
|
|
default $scheme;
|
|
|
|
https https;
|
|
|
|
}
|
|
|
|
|
2013-02-05 13:16:51 -06:00
|
|
|
server {
|
|
|
|
|
|
|
|
listen 80;
|
|
|
|
gzip on;
|
|
|
|
gzip_min_length 1000;
|
2014-07-08 01:45:18 -05:00
|
|
|
gzip_comp_level 5;
|
2014-05-18 17:46:09 -05:00
|
|
|
gzip_types application/json text/css application/x-javascript application/javascript;
|
2013-02-05 13:16:51 -06:00
|
|
|
|
2013-05-28 23:07:26 -05:00
|
|
|
server_name enter.your.web.hostname.here;
|
2014-05-14 00:08:29 -05:00
|
|
|
server_tokens off;
|
2013-02-28 10:24:03 -06:00
|
|
|
|
2013-02-05 13:16:51 -06:00
|
|
|
sendfile on;
|
|
|
|
|
|
|
|
keepalive_timeout 65;
|
2013-09-06 12:18:42 -05:00
|
|
|
|
|
|
|
# maximum file upload size (keep up to date when changing the corresponding site setting)
|
2014-07-13 23:32:55 -05:00
|
|
|
client_max_body_size 3m;
|
2013-02-05 13:16:51 -06:00
|
|
|
|
2013-09-06 12:18:42 -05:00
|
|
|
# path to discourse's public directory
|
|
|
|
set $public /var/www/discourse/public;
|
|
|
|
|
2014-05-07 21:16:20 -05:00
|
|
|
# Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse.
|
2014-05-14 21:59:26 -05:00
|
|
|
# If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode,
|
2014-05-07 21:16:20 -05:00
|
|
|
# it may be used for this one too, unless you explicitly tell IE not to use it. Alternatively,
|
|
|
|
# some people have reported having compatibility mode "stuck" on for some reason.
|
|
|
|
# (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway.
|
|
|
|
add_header X-UA-Compatible "IE=edge";
|
|
|
|
|
2014-07-10 00:18:31 -05:00
|
|
|
# without weak etags we get zero benefit from etags on dynamically compressed content
|
|
|
|
# further more etags are based on the file in nginx not sha of data
|
|
|
|
# use dates, it solves the problem fine even cross server
|
|
|
|
etag off;
|
|
|
|
|
2013-02-05 13:16:51 -06:00
|
|
|
location / {
|
2013-09-06 12:18:42 -05:00
|
|
|
root $public;
|
2014-07-10 00:18:31 -05:00
|
|
|
add_header ETag "";
|
2014-01-08 19:36:42 -06:00
|
|
|
|
2014-01-23 09:40:58 -06:00
|
|
|
location ~* \.(eot|ttf|woff|ico)$ {
|
2014-02-12 22:36:51 -06:00
|
|
|
expires 1y;
|
|
|
|
add_header Cache-Control public;
|
|
|
|
add_header Access-Control-Allow-Origin *;
|
|
|
|
}
|
2013-09-06 12:18:42 -05:00
|
|
|
|
|
|
|
location ~ ^/assets/ {
|
|
|
|
expires 1y;
|
2014-07-10 00:18:31 -05:00
|
|
|
# asset pipeline enables this
|
2014-07-08 01:45:18 -05:00
|
|
|
gzip_static on;
|
2014-02-12 22:36:51 -06:00
|
|
|
add_header Cache-Control public;
|
2013-09-06 12:18:42 -05:00
|
|
|
break;
|
2013-08-14 05:20:05 -05:00
|
|
|
}
|
|
|
|
|
2013-09-06 12:18:42 -05:00
|
|
|
location ~ ^/uploads/ {
|
2014-07-13 23:26:25 -05:00
|
|
|
|
|
|
|
# NOTE: it is really annoying that we can't just define headers
|
|
|
|
# at the top level and inherit.
|
|
|
|
#
|
|
|
|
# proxy_set_header DOES NOT inherit, by design, we must repeat it,
|
|
|
|
# otherwise headers are not set correctly
|
|
|
|
#
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $thescheme;
|
2014-07-11 03:47:55 -05:00
|
|
|
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
|
|
|
|
proxy_set_header X-Accel-Mapping $public/=/downloads/;
|
2013-02-05 13:16:51 -06:00
|
|
|
expires 1y;
|
2014-02-12 22:36:51 -06:00
|
|
|
add_header Cache-Control public;
|
2013-02-05 13:16:51 -06:00
|
|
|
|
2013-09-06 12:18:42 -05:00
|
|
|
## optional upload anti-hotlinking rules
|
|
|
|
#valid_referers none blocked mysite.com *.mysite.com;
|
2014-02-12 22:36:51 -06:00
|
|
|
#if ($invalid_referer) { return 403; }
|
2013-02-28 10:24:03 -06:00
|
|
|
|
2013-10-01 10:52:04 -05:00
|
|
|
# custom CSS
|
2014-05-14 00:08:29 -05:00
|
|
|
location ~ /stylesheet-cache/ {
|
|
|
|
try_files $uri =404;
|
|
|
|
}
|
2014-07-13 23:26:25 -05:00
|
|
|
# this allows us to bypass rails
|
2014-05-14 00:08:29 -05:00
|
|
|
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ {
|
|
|
|
try_files $uri =404;
|
|
|
|
}
|
2013-10-01 10:52:04 -05:00
|
|
|
# thumbnails & optimized images
|
2014-05-14 00:08:29 -05:00
|
|
|
location ~ /_optimized/ {
|
|
|
|
try_files $uri =404;
|
|
|
|
}
|
2013-02-05 13:16:51 -06:00
|
|
|
|
|
|
|
proxy_pass http://discourse;
|
|
|
|
break;
|
|
|
|
}
|
2013-02-28 10:24:03 -06:00
|
|
|
|
2014-07-13 23:26:25 -05:00
|
|
|
# This big block is needed so we can selectively enable
|
|
|
|
# acceleration for backups and avatars
|
|
|
|
# see note about repetition above
|
|
|
|
location ~ ^/(backups|letter_avatar|user_avatar) {
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $thescheme;
|
2014-07-11 03:47:55 -05:00
|
|
|
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
|
|
|
|
proxy_set_header X-Accel-Mapping $public/=/downloads/;
|
2014-02-12 22:36:51 -06:00
|
|
|
proxy_pass http://discourse;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2014-07-13 23:26:25 -05:00
|
|
|
# this means every file in public is tried first
|
2013-09-06 12:18:42 -05:00
|
|
|
try_files $uri @discourse;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /downloads/ {
|
|
|
|
internal;
|
|
|
|
alias $public/;
|
|
|
|
}
|
|
|
|
|
|
|
|
location @discourse {
|
2014-03-25 01:06:15 -05:00
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $thescheme;
|
2013-09-06 12:18:42 -05:00
|
|
|
proxy_pass http://discourse;
|
2013-02-05 13:16:51 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|