2013-08-13 14:00:20 -04:00
# Additional MIME types that you'd like nginx to handle go in here
types {
2014-05-14 12:08:29 +07:00
text/csv csv;
2013-08-13 14:00:20 -04:00
}
2013-02-05 14:16:51 -05:00
upstream discourse {
2013-08-07 00:06:40 -04:00
server unix:/var/www/discourse/tmp/sockets/thin.0.sock;
server unix:/var/www/discourse/tmp/sockets/thin.1.sock;
server unix:/var/www/discourse/tmp/sockets/thin.2.sock;
server unix:/var/www/discourse/tmp/sockets/thin.3.sock;
2013-02-05 14:16:51 -05:00
}
2014-07-15 10:30:27 +10:00
proxy_cache_path /var/nginx/cache keys_zone=one:10m max_size=200m;
2013-11-18 12:53:36 +08:00
# If you are going to use Puma, use these:
#
# upstream discourse {
2014-05-07 21:58:49 -04:00
# server unix:/var/www/discourse/tmp/sockets/puma.sock;
2013-11-18 12:53:36 +08:00
# }
2014-01-09 16:39:30 +11:00
# attempt to preserve the proto, must be in http context
map $http_x_forwarded_proto $thescheme {
default $scheme;
https https;
}
2015-06-16 19:30:15 +10:00
log_format log_discourse '[$time_local] $remote_addr "$request" "$http_user_agent" "$sent_http_x_discourse_route" $status $bytes_sent "$http_referer" $upstream_response_time $request_time "$sent_http_x_discourse_username"';
2015-06-16 11:37:08 +10:00
2013-02-05 14:16:51 -05:00
server {
2015-06-16 11:37:08 +10:00
access_log /var/log/nginx/access.log log_discourse;
2013-02-05 14:16:51 -05:00
listen 80;
gzip on;
2014-10-23 11:05:42 +11:00
gzip_vary on;
2013-02-05 14:16:51 -05:00
gzip_min_length 1000;
2014-07-08 16:45:18 +10:00
gzip_comp_level 5;
2014-05-19 08:46:09 +10:00
gzip_types application/json text/css application/x-javascript application/javascript;
2013-02-05 14:16:51 -05:00
2015-01-17 01:26:21 -08:00
# Uncomment and configure this section for HTTPS support
# NOTE: Put your ssl cert in your main nginx config directory (/etc/nginx)
#
# rewrite ^/(.*) https://enter.your.web.hostname.here/$1 permanent;
#
# listen 443 ssl;
# ssl_certificate your-hostname-cert.pem;
# ssl_certificate_key your-hostname-cert.key;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
#
2013-05-29 00:07:26 -04:00
server_name enter.your.web.hostname.here;
2014-05-14 12:08:29 +07:00
server_tokens off;
2013-02-28 11:24:03 -05:00
2013-02-05 14:16:51 -05:00
sendfile on;
keepalive_timeout 65;
2013-09-06 19:18:42 +02:00
# maximum file upload size (keep up to date when changing the corresponding site setting)
2015-02-23 10:50:09 +11:00
client_max_body_size 10m;
2013-02-05 14:16:51 -05:00
2013-09-06 19:18:42 +02:00
# path to discourse's public directory
set $public /var/www/discourse/public;
2014-05-07 22:16:20 -04:00
# Prevent Internet Explorer 10 "compatibility mode", which breaks Discourse.
2014-05-15 12:59:26 +10:00
# If other subdomains under your domain are supposed to use Internet Explorer Compatibility mode,
2014-05-07 22:16:20 -04:00
# it may be used for this one too, unless you explicitly tell IE not to use it. Alternatively,
# some people have reported having compatibility mode "stuck" on for some reason.
# (This will also prevent compatibility mode in IE 8 and 9, but those browsers aren't supported anyway.
add_header X-UA-Compatible "IE=edge";
2014-07-10 15:18:31 +10:00
# without weak etags we get zero benefit from etags on dynamically compressed content
# further more etags are based on the file in nginx not sha of data
# use dates, it solves the problem fine even cross server
etag off;
2014-12-09 14:49:02 +11:00
2014-12-03 12:47:28 +01:00
# prevent direct download of backups
location ^~ /backups/ {
internal;
}
2014-07-10 15:18:31 +10:00
2013-02-05 14:16:51 -05:00
location / {
2013-09-06 19:18:42 +02:00
root $public;
2014-07-10 15:18:31 +10:00
add_header ETag "";
2014-01-09 12:36:42 +11:00
2015-08-12 18:48:34 +10:00
location ~* assets/.*\.(eot|ttf|woff|woff2|ico)$ {
2014-02-12 20:36:51 -08:00
expires 1y;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}
2013-09-06 19:18:42 +02:00
2015-07-03 11:43:33 -04:00
location = /srv/status {
access_log off;
log_not_found off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
break;
}
2013-09-06 19:18:42 +02:00
location ~ ^/assets/ {
expires 1y;
2014-07-10 15:18:31 +10:00
# asset pipeline enables this
2014-07-08 16:45:18 +10:00
gzip_static on;
2014-02-12 20:36:51 -08:00
add_header Cache-Control public;
2014-12-09 14:49:02 +11:00
# TODO I don't think this break is needed, it just breaks out of rewrite
2013-09-06 19:18:42 +02:00
break;
2013-08-14 12:20:05 +02:00
}
2014-12-09 14:49:02 +11:00
location ~ ^/plugins/ {
expires 1y;
add_header Cache-Control public;
}
2015-01-17 01:26:21 -08:00
2014-12-28 11:10:03 +01:00
# cache emojis
2015-09-08 13:12:11 -04:00
location ~ /_?emoji.*\.(png|gif|jpg|jpeg)$/ {
2014-12-28 11:10:03 +01:00
expires 1y;
add_header Cache-Control public;
}
2014-12-09 14:49:02 +11:00
2013-09-06 19:18:42 +02:00
location ~ ^/uploads/ {
2014-07-14 14:26:25 +10:00
# NOTE: it is really annoying that we can't just define headers
# at the top level and inherit.
#
# proxy_set_header DOES NOT inherit, by design, we must repeat it,
# otherwise headers are not set correctly
#
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
2014-07-11 18:47:55 +10:00
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
2013-02-05 14:16:51 -05:00
expires 1y;
2014-02-12 20:36:51 -08:00
add_header Cache-Control public;
2013-02-05 14:16:51 -05:00
2013-09-06 19:18:42 +02:00
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
2014-02-12 20:36:51 -08:00
#if ($invalid_referer) { return 403; }
2013-02-28 11:24:03 -05:00
2013-10-01 17:52:04 +02:00
# custom CSS
2014-05-14 12:08:29 +07:00
location ~ /stylesheet-cache/ {
try_files $uri =404;
}
2014-07-14 14:26:25 +10:00
# this allows us to bypass rails
2014-05-14 12:08:29 +07:00
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff)$ {
try_files $uri =404;
}
2013-10-01 17:52:04 +02:00
# thumbnails & optimized images
2015-05-19 12:31:12 +02:00
location ~ /_?optimized/ {
2014-05-14 12:08:29 +07:00
try_files $uri =404;
}
2013-02-05 14:16:51 -05:00
proxy_pass http://discourse;
break;
}
2013-02-28 11:24:03 -05:00
2014-09-24 16:51:14 +10:00
location ~ ^/admin/backups/ {
2014-07-15 10:30:27 +10:00
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
proxy_pass http://discourse;
break;
}
2014-07-14 14:26:25 +10:00
# This big block is needed so we can selectively enable
# acceleration for backups and avatars
# see note about repetition above
2015-08-25 11:54:23 +10:00
location ~ ^/(letter_avatar|user_avatar|highlight-js|stylesheets|favicon/proxied) {
2014-07-14 14:26:25 +10:00
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
2015-05-22 14:23:47 +10:00
# if Set-Cookie is in the response nothing gets cached
# this is double bad cause we are not passing last modified in
proxy_ignore_headers "Set-Cookie";
2015-05-22 15:57:32 +10:00
proxy_hide_header "Set-Cookie";
2015-05-22 14:23:47 +10:00
2014-07-15 10:30:27 +10:00
# note x-accel-redirect can not be used with proxy_cache
proxy_cache one;
proxy_cache_valid 200 301 302 7d;
2015-05-22 14:23:47 +10:00
proxy_cache_valid any 1m;
2014-02-12 20:36:51 -08:00
proxy_pass http://discourse;
break;
}
2014-07-14 14:26:25 +10:00
# this means every file in public is tried first
2013-09-06 19:18:42 +02:00
try_files $uri @discourse;
}
location /downloads/ {
internal;
alias $public/;
}
location @discourse {
2014-03-25 17:06:15 +11:00
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
2013-09-06 19:18:42 +02:00
proxy_pass http://discourse;
2013-02-05 14:16:51 -05:00
}
}