-
Notifications
You must be signed in to change notification settings - Fork 16
Webserver Example configuration
Michael Whittaker edited this page May 9, 2016
·
1 revision
This config serves myPINGO via SSL (and forces https), has SPDY enabled and uses one Ruby-App-Server instance (e. g. Thin).
server {
listen 80;
listen [::]:80;
server_name mypingo.yourdomain.de;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name mypingo.yourdomain.de;
#root html;
#index index.html index.htm;
root /opt/PINGOWebApp/public;
ssl_certificate /etc/ssl/pingo_test/mypingo_cert.crt;
ssl_certificate_key /etc/ssl/pingo_test/mypingo_key.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
access_log /var/log/pingo/mypingo-access.log;
error_log /var/log/pingo/mypingo-error.log error;
location / {
try_files $uri @backend;
}
location @backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://127.0.0.1:5000; # use this if served on a http port
proxy_pass http://unix:/tmp/mypingo.sock:; # use this if served on a unix socket
}
}
This only contains the important parts: Setting the webroot (= /public) and enabling the reverse proxy for all requests for which no file was found on the file system.
...
DocumentRoot "/Users/services/Sites/mypingo/public"
<Directory "/Users/services/Sites/mypingo/public">
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options FollowSymLinks
#MultiviewsMatch Any
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# proxies requests to Rails server
#
<Proxy balancer://thin>
BalancerMember http://127.0.0.1:5000
</Proxy>
# Redirect all non-static requests to thin
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://thin%{REQUEST_URI} [P,QSA,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
ProxyPass / balancer://thin/
ProxyPassReverse / balancer://thin/
ProxyPreserveHost on
...