# Additional MIME types that you'd like nginx to handle go in here types { text/csv csv; } upstream discourse { server unix:/var/www/discourse/tmp/sockets/thin.0.sock; server unix:/var/www/discourse/tmp/sockets/thin.1.sock; server unix:/var/www/discourse/tmp/sockets/thin.2.sock; server unix:/var/www/discourse/tmp/sockets/thin.3.sock; } # If you are going to use Puma, use these: # # upstream discourse { # server unix:/var/www/discourse/tmp/sockets/puma.sock; # } # attempt to preserve the proto, must be in http context map $http_x_forwarded_proto $thescheme { default $scheme; https https; } server { listen 80; gzip on; gzip_min_length 1000; gzip_comp_level 5; gzip_types application/json text/css application/x-javascript application/javascript; server_name enter.your.web.hostname.here; server_tokens off; sendfile on; keepalive_timeout 65; # maximum file upload size (keep up to date when changing the corresponding site setting) client_max_body_size 2m; # path to discourse's public directory set $public /var/www/discourse/public; # Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse. # If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode, # it may be used for this one too, unless you explicitly tell IE not to use it. Alternatively, # some people have reported having compatibility mode "stuck" on for some reason. # (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway. add_header X-UA-Compatible "IE=edge"; # without weak etags we get zero benefit from etags on dynamically compressed content # further more etags are based on the file in nginx not sha of data # use dates, it solves the problem fine even cross server etag off; location / { root $public; add_header ETag ""; location ~* \.(eot|ttf|woff|ico)$ { expires 1y; add_header Cache-Control public; add_header Access-Control-Allow-Origin *; } location ~ ^/assets/ { expires 1y; # asset pipeline enables this gzip_static on; add_header Cache-Control public; break; } location ~ ^/uploads/ { proxy_set_header X-Sendfile-Type X-Accel-Redirect; proxy_set_header X-Accel-Mapping $public/=/downloads/; expires 1y; add_header Cache-Control public; ## optional upload anti-hotlinking rules #valid_referers none blocked mysite.com *.mysite.com; #if ($invalid_referer) { return 403; } # custom CSS location ~ /stylesheet-cache/ { try_files $uri =404; } # images location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ { try_files $uri =404; } # thumbnails & optimized images location ~ /_optimized/ { try_files $uri =404; } proxy_pass http://discourse; break; } # TODO test in multisite #location ~ ^/(backups|letter_avatar|user_avatar) { location ~ ^/backups/ { proxy_set_header X-Sendfile-Type X-Accel-Redirect; proxy_set_header X-Accel-Mapping $public/=/downloads/; proxy_pass http://discourse; break; } try_files $uri @discourse; } location /downloads/ { internal; alias $public/; } location @discourse { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $thescheme; proxy_pass http://discourse; } }