discourse/config/nginx.sample.conf

# Additional MIME types that you'd like nginx to handle go in here
types {
    text/csv csv;
}

upstream discourse {
  server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
  server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
}

proxy_cache_path /var/nginx/cache keys_zone=one:10m max_size=200m;

# If you are going to use Puma, use these:
#
# upstream discourse {
#   server unix:/var/www/discourse/tmp/sockets/puma.sock;
# }


# attempt to preserve the proto, must be in http context
map $http_x_forwarded_proto $thescheme {
  default $scheme;
  https https;
}

log_format log_discourse '[$time_local] $remote_addr "$request" "$http_user_agent" "$sent_http_x_discourse_route" $status $bytes_sent "$http_referer" $upstream_response_time $request_time "$sent_http_x_discourse_username"';

server {

  access_log /var/log/nginx/access.log log_discourse;

  listen 80;
  gzip on;
  gzip_vary on;
  gzip_min_length 1000;
  gzip_comp_level 5;
  gzip_types application/json text/css application/x-javascript application/javascript;

  # Uncomment and configure this section for HTTPS support
  # NOTE: Put your ssl cert in your main nginx config directory (/etc/nginx)
  #
  # rewrite ^/(.*) https://enter.your.web.hostname.here/$1 permanent;
  #
  # listen 443 ssl;
  # ssl_certificate your-hostname-cert.pem;
  # ssl_certificate_key your-hostname-cert.key;
  # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ssl_ciphers HIGH:!aNULL:!MD5;
  #

  server_name enter.your.web.hostname.here;
  server_tokens off;

  sendfile on;

  keepalive_timeout 65;

  # maximum file upload size (keep up to date when changing the corresponding site setting)
  client_max_body_size 10m;

  # path to discourse's public directory
  set $public /var/www/discourse/public;

  # Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse.
  # If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode,
  # it may be used for this one too, unless you explicitly tell IE not to use it.  Alternatively,
  # some people have reported having compatibility mode "stuck" on for some reason.
  # (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway.
  add_header X-UA-Compatible "IE=edge";

  # without weak etags we get zero benefit from etags on dynamically compressed content
  # further more etags are based on the file in nginx not sha of data
  # use dates, it solves the problem fine even cross server
  etag off;

  # prevent direct download of backups
  location ^~ /backups/ {
    internal;
  }

  # bypass rails stack with a cheap 204 for favicon.ico requests
  location /favicon.ico {
    return 204;
    access_log off;
    log_not_found off;
  }

  location / {
    root $public;
    add_header ETag "";

    # auth_basic on;
    # auth_basic_user_file /etc/nginx/htpasswd;

    location ~* assets/.*\.(eot|ttf|woff|woff2|ico)$ {
      expires 1y;
      add_header Cache-Control public,immutable;
      add_header Access-Control-Allow-Origin *;
     }

    location = /srv/status {
      access_log off;
      log_not_found off;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $thescheme;
      proxy_pass http://discourse;
      break;
    }

    location ~ ^/assets/ {
      expires 1y;
      # asset pipeline enables this
      # brotli_static on;
      gzip_static on;
      add_header Cache-Control public,immutable;
      # TODO I don't think this break is needed, it just breaks out of rewrite
      break;
    }

    location ~ ^/plugins/ {
      expires 1y;
      add_header Cache-Control public,immutable;
    }

    # cache emojis
    location ~ /_?emoji.*\.(png|gif|jpg|jpeg)$/ {
      expires 1y;
      add_header Cache-Control public,immutable;
    }

    location ~ ^/uploads/ {

      # NOTE: it is really annoying that we can't just define headers
      # at the top level and inherit.
      #
      # proxy_set_header DOES NOT inherit, by design, we must repeat it,
      # otherwise headers are not set correctly
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $thescheme;
      proxy_set_header X-Sendfile-Type X-Accel-Redirect;
      proxy_set_header X-Accel-Mapping $public/=/downloads/;
      expires 1y;
      add_header Cache-Control public,immutable;

      ## optional upload anti-hotlinking rules
      #valid_referers none blocked mysite.com *.mysite.com;
      #if ($invalid_referer) { return 403; }

      # custom CSS
      location ~ /stylesheet-cache/ {
          try_files $uri =404;
      }
      # this allows us to bypass rails
      location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg)$ {
          try_files $uri =404;
      }
      # thumbnails & optimized images
      location ~ /_?optimized/ {
          try_files $uri =404;
      }

      proxy_pass http://discourse;
      break;
    }

    location ~ ^/admin/backups/ {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $thescheme;
      proxy_set_header X-Sendfile-Type X-Accel-Redirect;
      proxy_set_header X-Accel-Mapping $public/=/downloads/;
      proxy_pass http://discourse;
      break;
    }

    # This big block is needed so we can selectively enable
    # acceleration for backups and avatars
    # see note about repetition above
    location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied) {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $thescheme;

      # if Set-Cookie is in the response nothing gets cached
      # this is double bad cause we are not passing last modified in
      proxy_ignore_headers "Set-Cookie";
      proxy_hide_header "Set-Cookie";

      # note x-accel-redirect can not be used with proxy_cache
      proxy_cache one;
      proxy_cache_valid 200 301 302 7d;
      proxy_cache_valid any 1m;
      proxy_pass http://discourse;
      break;
    }

    location /letter_avatar_proxy/ {
      # Don't send any client headers to the avatars service
      proxy_method GET;
      proxy_pass_request_headers off;
      proxy_pass_request_body off;

      # Don't let cookies interrupt caching, and don't pass them to the
      # client
      proxy_ignore_headers "Set-Cookie";
      proxy_hide_header "Set-Cookie";

      proxy_cache one;
      proxy_cache_key $uri;
      proxy_cache_valid 200 7d;
      proxy_cache_valid 404 1m;
      proxy_set_header Connection "";

      proxy_pass https://avatars.discourse.org/;
      break;
    }

    # we need buffering off for message bus
    location /message-bus/ {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $thescheme;
      proxy_http_version 1.1;
      proxy_buffering off;
      proxy_pass http://discourse;
      break;
    }

    # this means every file in public is tried first
    try_files $uri @discourse;
  }

  location /downloads/ {
    internal;
    alias $public/;
  }

  location @discourse {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $thescheme;
    proxy_pass http://discourse;
  }

}
Add section for additional MIME in nginx 2013-08-13 14:00:20 -04:00			`# Additional MIME types that you'd like nginx to handle go in here`
			`types {`
Hide version of the web server 2014-05-14 01:08:29 -04:00			`text/csv csv;`
Add section for additional MIME in nginx 2013-08-13 14:00:20 -04:00			`}`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`upstream discourse {`
Update documentation * Change recommendation for install path to /var/www/discourse * Fix instructions for redis-server installation * Set yourself as system user during install * Clarify some instructions 2013-08-07 00:06:40 -04:00			`server unix:/var/www/discourse/tmp/sockets/thin.0.sock;`
			`server unix:/var/www/discourse/tmp/sockets/thin.1.sock;`
			`server unix:/var/www/discourse/tmp/sockets/thin.2.sock;`
			`server unix:/var/www/discourse/tmp/sockets/thin.3.sock;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`}`

FIX: cache avatars in NGINX 2014-07-14 20:30:27 -04:00			`proxy_cache_path /var/nginx/cache keys_zone=one:10m max_size=200m;`

Locate the Puma config file. 2013-11-17 23:53:36 -05:00			`# If you are going to use Puma, use these:`
			`#`
			`# upstream discourse {`
Fix Puma socket name As mentioned in https://github.com/discourse/discourse/commit/f784a188c69ddfa329ec882cbfab9b216256d5fb#commitcomment-5277066 2014-05-07 21:58:49 -04:00			`# server unix:/var/www/discourse/tmp/sockets/puma.sock;`
Locate the Puma config file. 2013-11-17 23:53:36 -05:00			`# }`

correct nginx rule forwarding header 2014-01-09 00:39:30 -05:00
			`# attempt to preserve the proto, must be in http context`
			`map $http_x_forwarded_proto $thescheme {`
			`default $scheme;`
			`https https;`
			`}`

missing $ 2015-06-16 05:30:15 -04:00			`log_format log_discourse '[$time_local] $remote_addr "$request" "$http_user_agent" "$sent_http_x_discourse_route" $status $bytes_sent "$http_referer" $upstream_response_time $request_time "$sent_http_x_discourse_username"';`
FEATURE: add a custom log format for better analysis 2015-06-15 21:37:08 -04:00
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`server {`

FEATURE: add a custom log format for better analysis 2015-06-15 21:37:08 -04:00			`access_log /var/log/nginx/access.log log_discourse;`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`listen 80;`
			`gzip on;`
FIX: add vary encoding to gzip responses this ensures CDNs work correctly see: http://blog.maxcdn.com/accept-encoding-its-vary-important/ 2014-10-22 20:05:42 -04:00			`gzip_vary on;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`gzip_min_length 1000;`
FIX: serve statically compressed files when available PERF: default gzip to level 5 2014-07-08 02:45:18 -04:00			`gzip_comp_level 5;`
BUGFIX: re-enable CDN js debugging in a robust way May be disabled if needed via site setting 2014-05-18 18:46:09 -04:00			`gzip_types application/json text/css application/x-javascript application/javascript;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
add commented out SSL section to nginx config 2015-01-17 04:26:21 -05:00			`# Uncomment and configure this section for HTTPS support`
			`# NOTE: Put your ssl cert in your main nginx config directory (/etc/nginx)`
			`#`
			`# rewrite ^/(.*) https://enter.your.web.hostname.here/$1 permanent;`
			`#`
			`# listen 443 ssl;`
			`# ssl_certificate your-hostname-cert.pem;`
			`# ssl_certificate_key your-hostname-cert.key;`
			`# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`# ssl_ciphers HIGH:!aNULL:!MD5;`
			`#`

documentation: merge & adapt suggestions from baus 2013-05-29 00:07:26 -04:00			`server_name enter.your.web.hostname.here;`
Hide version of the web server 2014-05-14 01:08:29 -04:00			`server_tokens off;`
Add X-Forwarded-Proto to nginx config to support SSL. Fixes #293 2013-02-28 11:24:03 -05:00
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`sendfile on;`

			`keepalive_timeout 65;`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00
			`# maximum file upload size (keep up to date when changing the corresponding site setting)`
FEATURE: raise min body size to 10m 2015-02-22 18:50:09 -05:00			`client_max_body_size 10m;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`# path to discourse's public directory`
			`set $public /var/www/discourse/public;`

Prevent IE Compatibility Mode As discussed at https://meta.discourse.org/t/ie10-user-is-getting-your-browser-is-too-old/15289 2014-05-07 22:16:20 -04:00			`# Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse.`
FEATURE: get window.onerror working for CDNs 2014-05-14 22:59:26 -04:00			`# If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode,`
Prevent IE Compatibility Mode As discussed at https://meta.discourse.org/t/ie10-user-is-getting-your-browser-is-too-old/15289 2014-05-07 22:16:20 -04:00			`# it may be used for this one too, unless you explicitly tell IE not to use it. Alternatively,`
			`# some people have reported having compatibility mode "stuck" on for some reason.`
			`# (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway.`
			`add_header X-UA-Compatible "IE=edge";`

FIX: properly support sendfile on all routes FIX: disable unused etags 2014-07-10 01:18:31 -04:00			`# without weak etags we get zero benefit from etags on dynamically compressed content`
			`# further more etags are based on the file in nginx not sha of data`
			`# use dates, it solves the problem fine even cross server`
			`etag off;`
FIX: cache all public resources registered by plugins. Plugins are responsible for expiry 2014-12-08 22:49:02 -05:00
SECURITY: prevent direct download of backups 2014-12-03 06:47:28 -05:00			`# prevent direct download of backups`
			`location ^~ /backups/ {`
			`internal;`
			`}`
FIX: properly support sendfile on all routes FIX: disable unused etags 2014-07-10 01:18:31 -04:00
Return 204 instead of 404 for favicon.ico requests 2015-12-21 07:13:56 -05:00			`# bypass rails stack with a cheap 204 for favicon.ico requests`
FIX: stop sending a blank /favicon.ico instead have nginx ship a 404 for it. 2015-11-17 03:34:05 -05:00			`location /favicon.ico {`
Return 204 instead of 404 for favicon.ico requests 2015-12-21 07:13:56 -05:00			`return 204;`
Do not log favicon.ico requests 2015-12-21 07:14:36 -05:00			`access_log off;`
			`log_not_found off;`
FIX: stop sending a blank /favicon.ico instead have nginx ship a 404 for it. 2015-11-17 03:34:05 -05:00			`}`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`location / {`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`root $public;`
FIX: properly support sendfile on all routes FIX: disable unused etags 2014-07-10 01:18:31 -04:00			`add_header ETag "";`
BUGFIX: attempt to forward on the protocol set by haproxy 2014-01-08 20:36:42 -05:00
Allow sites to set HTTP basic authentication through nginx. 2016-01-07 23:46:52 -05:00			`# auth_basic on;`
			`# auth_basic_user_file /etc/nginx/htpasswd;`

only do magic headers for local assets, don't muck with logster's stuff 2015-08-12 04:48:34 -04:00			`location ~* assets/.*\.(eot\|ttf\|woff\|woff2\|ico)$ {`
update NGINX sample to allow admin to download backups 2014-02-12 23:36:51 -05:00			`expires 1y;`
spaces matter 2017-02-23 17:37:53 -05:00			`add_header Cache-Control public,immutable;`
update NGINX sample to allow admin to download backups 2014-02-12 23:36:51 -05:00			`add_header Access-Control-Allow-Origin *;`
			`}`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00
Put back `/srv/status` non-logging but include proxy details 2015-07-03 11:43:33 -04:00			`location = /srv/status {`
			`access_log off;`
			`log_not_found off;`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
			`proxy_pass http://discourse;`
			`break;`
			`}`

proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`location ~ ^/assets/ {`
			`expires 1y;`
FIX: properly support sendfile on all routes FIX: disable unused etags 2014-07-10 01:18:31 -04:00			`# asset pipeline enables this`
added comment for brotli support 2016-06-07 02:58:36 -04:00			`# brotli_static on;`
FIX: serve statically compressed files when available PERF: default gzip to level 5 2014-07-08 02:45:18 -04:00			`gzip_static on;`
spaces matter 2017-02-23 17:37:53 -05:00			`add_header Cache-Control public,immutable;`
FIX: cache all public resources registered by plugins. Plugins are responsible for expiry 2014-12-08 22:49:02 -05:00			`# TODO I don't think this break is needed, it just breaks out of rewrite`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`break;`
FIX: avatars in quotes/oneboxes Avatars in quotes/oneboxes are still pointing to the old `/users/:username/avatar(/:size)` route. So, this adds back the old avatar route for the transition period. 2013-08-14 06:20:05 -04:00			`}`

FIX: cache all public resources registered by plugins. Plugins are responsible for expiry 2014-12-08 22:49:02 -05:00			`location ~ ^/plugins/ {`
			`expires 1y;`
spaces matter 2017-02-23 17:37:53 -05:00			`add_header Cache-Control public,immutable;`
FIX: cache all public resources registered by plugins. Plugins are responsible for expiry 2014-12-08 22:49:02 -05:00			`}`
add commented out SSL section to nginx config 2015-01-17 04:26:21 -05:00
FIX: cache emojis for 1 year 2014-12-28 05:10:03 -05:00			`# cache emojis`
Don't cache urls with `emoji` in them unless they are images 2015-09-08 13:12:11 -04:00			`location ~ /_?emoji.*\.(png\|gif\|jpg\|jpeg)$/ {`
FIX: cache emojis for 1 year 2014-12-28 05:10:03 -05:00			`expires 1y;`
spaces matter 2017-02-23 17:37:53 -05:00			`add_header Cache-Control public,immutable;`
FIX: cache emojis for 1 year 2014-12-28 05:10:03 -05:00			`}`
FIX: cache all public resources registered by plugins. Plugins are responsible for expiry 2014-12-08 22:49:02 -05:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`location ~ ^/uploads/ {`
FIX: multisite uploads broken 2014-07-14 00:26:25 -04:00
			`# NOTE: it is really annoying that we can't just define headers`
			`# at the top level and inherit.`
			`#`
			`# proxy_set_header DOES NOT inherit, by design, we must repeat it,`
			`# otherwise headers are not set correctly`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
FIX: pretending to support too many accelerated files This broke sidekiq web (sidekiq serves resources out of /vendor/ path) 2014-07-11 04:47:55 -04:00			`proxy_set_header X-Sendfile-Type X-Accel-Redirect;`
			`proxy_set_header X-Accel-Mapping $public/=/downloads/;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`expires 1y;`
spaces matter 2017-02-23 17:37:53 -05:00			`add_header Cache-Control public,immutable;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`## optional upload anti-hotlinking rules`
			`#valid_referers none blocked mysite.com *.mysite.com;`
update NGINX sample to allow admin to download backups 2014-02-12 23:36:51 -05:00			`#if ($invalid_referer) { return 403; }`
Add X-Forwarded-Proto to nginx config to support SSL. Fixes #293 2013-02-28 11:24:03 -05:00
Update nginx.config.sample to allow custom CSS cf. http://meta.discourse.org/t/changing-css-in-customize-section-has-no-effect/10036 2013-10-01 11:52:04 -04:00			`# custom CSS`
Hide version of the web server 2014-05-14 01:08:29 -04:00			`location ~ /stylesheet-cache/ {`
			`try_files $uri =404;`
			`}`
FIX: multisite uploads broken 2014-07-14 00:26:25 -04:00			`# this allows us to bypass rails`
FEATURE: improve support for (whitelisted) SVGs as images 2016-06-20 04:22:13 -04:00			`location ~* \.(gif\|png\|jpg\|jpeg\|bmp\|tif\|tiff\|svg)$ {`
Hide version of the web server 2014-05-14 01:08:29 -04:00			`try_files $uri =404;`
			`}`
Update nginx.config.sample to allow custom CSS cf. http://meta.discourse.org/t/changing-css-in-customize-section-has-no-effect/10036 2013-10-01 11:52:04 -04:00			`# thumbnails & optimized images`
FIX: consistent and future-proof upload storage pattern 2015-05-19 06:31:12 -04:00			`location ~ /_?optimized/ {`
Hide version of the web server 2014-05-14 01:08:29 -04:00			`try_files $uri =404;`
			`}`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`proxy_pass http://discourse;`
			`break;`
			`}`
Add X-Forwarded-Proto to nginx config to support SSL. Fixes #293 2013-02-28 11:24:03 -05:00
FIX: backups not using x accl redirect 2014-09-24 02:51:14 -04:00			`location ~ ^/admin/backups/ {`
FIX: cache avatars in NGINX 2014-07-14 20:30:27 -04:00			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
			`proxy_set_header X-Sendfile-Type X-Accel-Redirect;`
			`proxy_set_header X-Accel-Mapping $public/=/downloads/;`
			`proxy_pass http://discourse;`
			`break;`
			`}`

FIX: multisite uploads broken 2014-07-14 00:26:25 -04:00			`# This big block is needed so we can selectively enable`
			`# acceleration for backups and avatars`
			`# see note about repetition above`
Revert "cache cdn assets and strip cookies" This reverts commit 18abf4f0d6a24140f72c6703dad203ec07c35cc2. 2015-11-21 08:59:26 -05:00			`location ~ ^/(letter_avatar/\|user_avatar\|highlight-js\|stylesheets\|favicon/proxied) {`
FIX: multisite uploads broken 2014-07-14 00:26:25 -04:00			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
PERF: NGINX caching invalid when server sets cookies 2015-05-22 00:23:47 -04:00
			`# if Set-Cookie is in the response nothing gets cached`
			`# this is double bad cause we are not passing last modified in`
			`proxy_ignore_headers "Set-Cookie";`
must also hide header so its not cached 2015-05-22 01:57:32 -04:00			`proxy_hide_header "Set-Cookie";`
PERF: NGINX caching invalid when server sets cookies 2015-05-22 00:23:47 -04:00
FIX: cache avatars in NGINX 2014-07-14 20:30:27 -04:00			`# note x-accel-redirect can not be used with proxy_cache`
			`proxy_cache one;`
			`proxy_cache_valid 200 301 302 7d;`
PERF: NGINX caching invalid when server sets cookies 2015-05-22 00:23:47 -04:00			`proxy_cache_valid any 1m;`
update NGINX sample to allow admin to download backups 2014-02-12 23:36:51 -05:00			`proxy_pass http://discourse;`
			`break;`
			`}`

More tweaks for the letter avatar proxy config 2015-10-08 17:45:09 -04:00			`location /letter_avatar_proxy/ {`
			`# Don't send any client headers to the avatars service`
			`proxy_method GET;`
			`proxy_pass_request_headers off;`
			`proxy_pass_request_body off;`

			`# Don't let cookies interrupt caching, and don't pass them to the`
			`# client`
			`proxy_ignore_headers "Set-Cookie";`
			`proxy_hide_header "Set-Cookie";`

			`proxy_cache one;`
			`proxy_cache_key $uri;`
			`proxy_cache_valid 200 7d;`
			`proxy_cache_valid 404 1m;`
allow http 1.1 via proxy 2016-01-03 17:52:11 -05:00			`proxy_set_header Connection "";`
More tweaks for the letter avatar proxy config 2015-10-08 17:45:09 -04:00
			`proxy_pass https://avatars.discourse.org/;`
clean up config file 2016-01-04 00:13:44 -05:00			`break;`
Proxy letter avatars by default On sites that don't otherwise configure an avatar fallback, Discourse will now tell the client to get its letter avatars from a location which nginx proxies to the centralised `avatars.discourse.org` service. This alleviates privacy concerns, whilst still providing some degree of performance benefit (no need for every site to delay avatar response by 300ms for image rendering). It is still possible to gain the benefits of global image caching and the lower latency of requesting directly from a CDN, by explicitly changing the `external_system_avatars_url` site setting to `https://avatars.discourse.org/letter/{first_letter}/{color}/{size}.png`. 2015-09-28 07:41:57 -04:00			`}`

clean up config file 2016-01-04 00:13:44 -05:00			`# we need buffering off for message bus`
Don't buffer message bus, this allows us to stream 2016-01-03 17:56:30 -05:00			`location /message-bus/ {`
clean up config file 2016-01-04 00:13:44 -05:00			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
			`proxy_http_version 1.1;`
Don't buffer message bus, this allows us to stream 2016-01-03 17:56:30 -05:00			`proxy_buffering off;`
			`proxy_pass http://discourse;`
			`break;`
			`}`

FIX: multisite uploads broken 2014-07-14 00:26:25 -04:00			`# this means every file in public is tried first`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`try_files $uri @discourse;`
			`}`

			`location /downloads/ {`
			`internal;`
			`alias $public/;`
			`}`

			`location @discourse {`
BUGFIX: proxy_set_header is weird in particular no inheritance IF proxy_set_header is specified in child 2014-03-25 02:06:15 -04:00			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $thescheme;`
proper content-disposition header when downloading attachments 2013-09-06 13:18:42 -04:00			`proxy_pass http://discourse;`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`}`

			`}`