fab-manager/docker/nginx_with_ssl.conf.example

upstream puma {
  server fabmanager:3000;
}

server {
  listen 443 ssl;
  server_name MAIN_DOMAIN;
  root /usr/src/app/public;
  ssl on;
  ## with your ssl certificate
  #ssl_certificate /etc/nginx/conf.d/ssl/MAIN_DOMAIN.crt;
  #ssl_certificate_key /etc/nginx/conf.d/ssl/MAIN_DOMAIN.deprotected.key;
  ##
  ## with letsencrypt certificate (free)
  ssl_certificate_key /etc/letsencrypt/live/MAIN_DOMAIN/privkey.pem;
  ssl_certificate /etc/letsencrypt/live/MAIN_DOMAIN/fullchain.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/MAIN_DOMAIN/chain.pem;
  ##
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_session_timeout 1d;
  ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;


  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  ## required by letsencrypt to generate the certificat
  location /.well-known/acme-challenge {
    root /etc/letsencrypt/webrootauth;
    default_type "text/plain";
  }
  ##

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  }

  client_max_body_size 4G;
  keepalive_timeout 10;

  error_page 500 502 504 /500.html;
  error_page 503 @503;

  # Return a 503 error if the maintenance page exists.
  if (-f /usr/src/app/public/maintenance.html) {
    return 503;
  }

  location @503 {
    # Serve static assets if found.
    if (-f $request_filename) {
      break;
    }

    # Set root to the shared directory.
    root /usr/src/app/public/;
    rewrite ^(.*)$ /maintenance.html break;
  }

  # no spam bot
  if ($http_referer ~* (guardlink.org|free-share-buttons|social-buttons|buy-cheap-online.info|social-buttons.com|free-share-buttons.com|darodar.com|blackhatworth.com|hulfingtonpost.com|priceg.com|semalt.com|imaspammer.com|iedit.ilovevitaly.com|7makemoneyonline.com|iedit.ilovevitaly.com|7makemoneyonline.com|gamersyde.com|iloveitaly.com|econom.co|semalt.com|forum.topic44637676.darodar.com|darodar.com|iskalko.ru|ilovevitaly.ru|ilovevitaly.com|ilovevitaly.co|o-o-8-o-o.ru|o-o-6-o-o.ru|buttons-for-website.com|semalt.semalt.com|cenoval.ru|priceg.com|darodar.com|cenokos.ru|seoexperimenty.ru|gobongo.info|vodkoved.ru|adcash.com|websocial.me|cityadspix.com|luxup.ru|ykecwqlixx.ru|superiends.org|slftsdybbg.ru|edakgfvwql.ru|socialseet.ru|screentoolkit.com|econom.co|semalt.com|savetubevideo.com|shopping.ilovevitaly.com|iedit.ilovevitaly.com|forum.topic52548358.darodar.com|forum.topic53813291.darodar.com|share-buttons.com|event-tracking.com|success-seo.com|free-floating-buttons.com|get-free-social-traffic.com|chinese-amezon.com|get-free-traffic-now.com|free-social-buttons.com|videos-for-your-business.com)) { return 403; }

}


server {
  listen 80;
  server_name MAIN_DOMAIN ANOTHER_DOMAIN_1 ANOTHER_DOMAIN_2;
  rewrite ^ URL_WITH_PROTOCOL_HTTPS$request_uri? permanent;
}
release 2.0 rc 2016-03-23 18:39:41 +01:00			`upstream puma {`
separate nginx and app in docker 2016-09-06 12:19:47 +02:00			`server fabmanager:3000;`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`}`

			`server {`
			`listen 443 ssl;`
update readme and docker readme 2016-04-11 20:24:09 +02:00			`server_name MAIN_DOMAIN;`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`root /usr/src/app/public;`
			`ssl on;`
adding documentation to configure letsencrpyt SSL with docker 2016-07-21 15:11:08 +02:00			`## with your ssl certificate`
			`#ssl_certificate /etc/nginx/conf.d/ssl/MAIN_DOMAIN.crt;`
			`#ssl_certificate_key /etc/nginx/conf.d/ssl/MAIN_DOMAIN.deprotected.key;`
			`##`
			`## with letsencrypt certificate (free)`
			`ssl_certificate_key /etc/letsencrypt/live/MAIN_DOMAIN/privkey.pem;`
			`ssl_certificate /etc/letsencrypt/live/MAIN_DOMAIN/fullchain.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/MAIN_DOMAIN/chain.pem;`
			`##`
			`ssl_protocols TLSv1.2 TLSv1.1 TLSv1;`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`ssl_prefer_server_ciphers on;`
adding documentation to configure letsencrpyt SSL with docker 2016-07-21 15:11:08 +02:00			`ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';`
			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_tickets off;`
			`ssl_session_timeout 1d;`
			`ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;`
			`add_header Strict-Transport-Security max-age=15768000;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

release 2.0 rc 2016-03-23 18:39:41 +01:00
			`location ^~ /assets/ {`
			`gzip_static on;`
			`expires max;`
			`add_header Cache-Control public;`
			`}`

adding documentation to configure letsencrpyt SSL with docker 2016-07-21 15:11:08 +02:00			`## required by letsencrypt to generate the certificat`
			`location /.well-known/acme-challenge {`
			`root /etc/letsencrypt/webrootauth;`
			`default_type "text/plain";`
			`}`
			`##`

release 2.0 rc 2016-03-23 18:39:41 +01:00			`try_files $uri/index.html $uri @puma;`
			`location @puma {`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header Host $http_host;`
			`proxy_redirect off;`
			`proxy_pass http://puma;`
			`}`

			`client_max_body_size 4G;`
			`keepalive_timeout 10;`

			`error_page 500 502 504 /500.html;`
			`error_page 503 @503;`

			`# Return a 503 error if the maintenance page exists.`
			`if (-f /usr/src/app/public/maintenance.html) {`
			`return 503;`
			`}`

			`location @503 {`
			`# Serve static assets if found.`
			`if (-f $request_filename) {`
			`break;`
			`}`

			`# Set root to the shared directory.`
			`root /usr/src/app/public/;`
			`rewrite ^(.*)$ /maintenance.html break;`
			`}`

			`# no spam bot`
			if ($http_referer ~* (guardlink.org\|free-share-buttons\|social-buttons\|buy-cheap-online.info\|social-buttons.com\|free-share-buttons.com\|darodar.com\|blackhatworth.com\|hulfingtonpost.com\|priceg.com\|semalt.com\|imaspammer.com\|iedit.ilovevitaly.com\|7makemoneyonline.com\|iedit.ilovevitaly.com\|7makemoneyonline.com\|gamersyde.com\|iloveitaly.com\|econom.co\|semalt.com\|forum.topic44637676.darodar.com\|darodar.com\|iskalko.ru\|ilovevitaly.ru\|ilovevitaly.com\|ilovevitaly.co\|o-o-8-o-o.ru\|o-o-6-o-o.ru\|buttons-for-website.com\|semalt.semalt.com\|cenoval.ru\|priceg.com\|darodar.com\|cenokos.ru\|seoexperimenty.ru\|gobongo.info\|vodkoved.ru\|adcash.com\|websocial.me\|cityadspix.com\|luxup.ru\|ykecwqlixx.ru\|superiends.org\|slftsdybbg.ru\|edakgfvwql.ru\|socialseet.ru\|screentoolkit.com\|econom.co\|semalt.com\|savetubevideo.com\|shopping.ilovevitaly.com\|iedit.ilovevitaly.com\|forum.topic52548358.darodar.com\|forum.topic53813291.darodar.com\|share-buttons.com\|event-tracking.com\|success-seo.com\|free-floating-buttons.com\|get-free-social-traffic.com\|chinese-amezon.com\|get-free-traffic-now.com\|free-social-buttons.com\|videos-for-your-business.com)) { return 403; }

			`}`


			`server {`
			`listen 80;`
update readme and docker readme 2016-04-11 20:24:09 +02:00			`server_name MAIN_DOMAIN ANOTHER_DOMAIN_1 ANOTHER_DOMAIN_2;`
			`rewrite ^ URL_WITH_PROTOCOL_HTTPS$request_uri? permanent;`
release 2.0 rc 2016-03-23 18:39:41 +01:00			`}`