discourse/config/nginx.sample.conf

131 lines
3.7 KiB
Plaintext
Raw Normal View History

# Additional MIME types that you'd like nginx to handle go in here
types {
2014-05-14 01:08:29 -04:00
text/csv csv;
}
2013-02-05 14:16:51 -05:00
upstream discourse {
server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
2013-02-05 14:16:51 -05:00
}
2013-11-17 23:53:36 -05:00
# If you are going to use Puma, use these:
#
# upstream discourse {
# server unix:/var/www/discourse/tmp/sockets/puma.sock;
2013-11-17 23:53:36 -05:00
# }
2014-01-09 00:39:30 -05:00
# attempt to preserve the proto, must be in http context
map $http_x_forwarded_proto $thescheme {
default $scheme;
https https;
}
2013-02-05 14:16:51 -05:00
server {
listen 80;
gzip on;
gzip_min_length 1000;
gzip_types application/json text/css application/x-javascript application/javascript;
2013-02-05 14:16:51 -05:00
server_name enter.your.web.hostname.here;
2014-05-14 01:08:29 -04:00
server_tokens off;
2013-02-05 14:16:51 -05:00
sendfile on;
keepalive_timeout 65;
# maximum file upload size (keep up to date when changing the corresponding site setting)
2013-07-21 03:42:07 -04:00
client_max_body_size 2m;
2013-02-05 14:16:51 -05:00
# path to discourse's public directory
set $public /var/www/discourse/public;
# Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse.
# If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode,
# it may be used for this one too, unless you explicitly tell IE not to use it. Alternatively,
# some people have reported having compatibility mode "stuck" on for some reason.
# (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway.
add_header X-UA-Compatible "IE=edge";
2013-02-05 14:16:51 -05:00
location / {
root $public;
location ~* \.(eot|ttf|woff|ico)$ {
expires 1y;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
location ~ ^/assets/ {
expires 1y;
add_header ETag "";
add_header Cache-Control public;
break;
}
location ~ ^/uploads/ {
2013-02-05 14:16:51 -05:00
expires 1y;
add_header ETag "";
add_header Cache-Control public;
2013-02-05 14:16:51 -05:00
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
#if ($invalid_referer) { return 403; }
# custom CSS
2014-05-14 01:08:29 -04:00
location ~ /stylesheet-cache/ {
try_files $uri =404;
}
# images
2014-05-14 01:08:29 -04:00
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ {
try_files $uri =404;
}
# thumbnails & optimized images
2014-05-14 01:08:29 -04:00
location ~ /_optimized/ {
try_files $uri =404;
}
2013-02-05 14:16:51 -05:00
# attachments must go through the rails application to get the right content-disposition header
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
2013-02-05 14:16:51 -05:00
proxy_pass http://discourse;
break;
}
location ~ ^/backups/ {
# backups must go through the rails application to handle security
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
proxy_pass http://discourse;
break;
}
try_files $uri @discourse;
}
location /downloads/ {
internal;
alias $public/;
}
location @discourse {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
2013-02-05 14:16:51 -05:00
}
}