Anton Shestakov <av6@dwimlabs.net>, Wed, 06 Apr 2016 13:23:50 +0800
provision: gzip static files (.css and .js)
server unix:/home/{{ user }}/webapps/fruitbar/socket fail_timeout=0;
{% if project_pemfile.stat.exists and project_keyfile.stat.exists %}
server_name fruitbar.{{ umbrella }};
access_log /var/log/nginx/fruitbar.{{ umbrella }}.access.log;
error_log /var/log/nginx/fruitbar.{{ umbrella }}.error.log;
return 301 https://$host$request_uri;
server_name fruitbar.{{ umbrella }};
{% if project_pemfile.stat.exists and project_keyfile.stat.exists %}
listen [::]:443 ssl spdy;
{% if project_pemfile.stat.exists and project_keyfile.stat.exists %}
ssl_certificate /etc/ssl/local/fruitbar.{{ umbrella }}.pem;
ssl_certificate_key /etc/ssl/local/fruitbar.{{ umbrella }}.clean.key;
ssl_dhparam /etc/nginx/dh-2048.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
resolver {{ nginx_resolver }};
resolver_timeout {{ nginx_resolver_timeout }};
# HSTS: 31536000 = 365 days (set to 0 to expire and allow plain HTTP)
add_header Strict-Transport-Security 'max-age=31536000';
add_header Cache-Control private;
# access from <frame | iframe | object>: DENY | SAMEORIGIN | ALLOW-FROM uri
add_header X-Frame-Options 'SAMEORIGIN';
access_log /var/log/nginx/fruitbar.{{ umbrella }}.access.log;
error_log /var/log/nginx/fruitbar.{{ umbrella }}.error.log;
root /home/{{ user }}/webapps/fruitbar;
gzip_types text/css application/javascript application/x-javascript text/javascript;
proxy_pass http://fruitbar;
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;