roman-wb · March 10, 2019 19:08
diff --git a/app.conf b/app.conf
 upstream puma_app_production { 
  server unix:/home/user/app/shared/tmp/sockets/puma.sock fail_timeout=0;
 }

 server {
  listen 80;
  listen 443 ssl spdy;
  server_name app.com www.app.com;
  
  ssl_stapling on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;
  ssl_dhparam /etc/nginx/dhparam.pem;
  ssl_session_timeout 24h;
  ssl_session_cache shared:SSL:2m;
  ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
  ssl_prefer_server_ciphers on;
  
  add_header Strict-Transport-Security "max-age=31536000;";
  add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
  
  if ($ssl_protocol = "") {                                
    rewrite ^/(.*) https://$server_name/$1 permanent;
  }

  client_max_body_size 1G;
  keepalive_timeout 10;

  error_page 500 502 504 /500.html;
  error_page 503 @503;

  root /home/user/app/current/public;
  try_files $uri/index.html $uri @puma_app_production;

  location @puma_app_production {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;

    proxy_pass http://puma_app_production;
    # limit_req zone=one;
    access_log /home/user/app/shared/log/nginx.access.log;
    error_log /home/user/app/shared/log/nginx.error.log;
  }
  
  location ~ ^/(fonts|assets|static)/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
  
  location = /favicon.ico {
    log_not_found off;
  }

  location = /50x.html {
    root html;
  }

  location = /404.html {
    root html;
  }

  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }

  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  if (-f $document_root/system/maintenance.html) {
    return 503;
  }
  
  location ^~ /.well-known/ {
    access_log off;
    log_not_found off;
    root /home/user/letsencrypt;
    autoindex off;
    index index.html;
    try_files $uri $uri/ =404;
  }

  location ~ \.(php)$ {
    return 405;
  }
  
  location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
  }
 }
	upstream puma_app_production {
	server unix:/home/user/app/shared/tmp/sockets/puma.sock fail_timeout=0;
	}

	server {
	listen 80;
	listen 443 ssl spdy;
	server_name app.com www.app.com;

	ssl_stapling on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;
	ssl_dhparam /etc/nginx/dhparam.pem;
	ssl_session_timeout 24h;
	ssl_session_cache shared:SSL:2m;
	ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
	ssl_prefer_server_ciphers on;

	add_header Strict-Transport-Security "max-age=31536000;";
	add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";

	if ($ssl_protocol = "") {
	rewrite ^/(.*) https://$server_name/$1 permanent;
	}

	client_max_body_size 1G;
	keepalive_timeout 10;

	error_page 500 502 504 /500.html;
	error_page 503 @503;

	root /home/user/app/current/public;
	try_files $uri/index.html $uri @puma_app_production;

	location @puma_app_production {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_redirect off;

	proxy_pass http://puma_app_production;
	# limit_req zone=one;
	access_log /home/user/app/shared/log/nginx.access.log;
	error_log /home/user/app/shared/log/nginx.error.log;
	}

	location ~ ^/(fonts\|assets\|static)/ {
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	}

	location = /favicon.ico {
	log_not_found off;
	}

	location = /50x.html {
	root html;
	}

	location = /404.html {
	root html;
	}

	location @503 {
	error_page 405 = /system/maintenance.html;
	if (-f $document_root/system/maintenance.html) {
	rewrite ^(.*)$ /system/maintenance.html break;
	}
	rewrite ^(.*)$ /503.html break;
	}

	if ($request_method !~ ^(GET\|HEAD\|PUT\|PATCH\|POST\|DELETE\|OPTIONS)$ ){
	return 405;
	}

	if (-f $document_root/system/maintenance.html) {
	return 503;
	}

	location ^~ /.well-known/ {
	access_log off;
	log_not_found off;
	root /home/user/letsencrypt;
	autoindex off;
	index index.html;
	try_files $uri $uri/ =404;
	}

	location ~ \.(php)$ {
	return 405;
	}

	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}
	}
No results found