upstream puma { server fabmanager:3000; } server { listen 443 ssl; server_name MAIN_DOMAIN; root /usr/src/app/public; ssl on; ## with your ssl certificate # ssl_certificate /etc/nginx/conf.d/ssl/MAIN_DOMAIN.crt; # ssl_certificate_key /etc/nginx/conf.d/ssl/MAIN_DOMAIN.deprotected.key; ## ## with letsencrypt certificate (free) ssl_certificate_key /etc/letsencrypt/live/MAIN_DOMAIN/privkey.pem; ssl_certificate /etc/letsencrypt/live/MAIN_DOMAIN/fullchain.pem; ssl_trusted_certificate /etc/letsencrypt/live/MAIN_DOMAIN/chain.pem; ## ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED'; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_session_timeout 1d; ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; location ^~ /assets/ { gzip_static on; expires max; add_header Cache-Control public; } ## required by letsencrypt to generate the certificat location /.well-known/acme-challenge { root /etc/letsencrypt/webrootauth; default_type "text/plain"; } ## try_files $uri/index.html $uri @puma; location @puma { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://puma; } client_max_body_size 4G; keepalive_timeout 10; error_page 500 502 504 /500.html; error_page 503 @503; # Return a 503 error if the maintenance page exists. if (-f /usr/src/app/public/maintenance.html) { return 503; } location @503 { # Serve static assets if found. if (-f $request_filename) { break; } # Set root to the shared directory. root /usr/src/app/public/; rewrite ^(.*)$ /maintenance.html break; } # no spam bot if ($http_referer ~* (guardlink.org|free-share-buttons|social-buttons|buy-cheap-online.info|social-buttons.com|free-share-buttons.com|darodar.com|blackhatworth.com|hulfingtonpost.com|priceg.com|semalt.com|imaspammer.com|iedit.ilovevitaly.com|7makemoneyonline.com|iedit.ilovevitaly.com|7makemoneyonline.com|gamersyde.com|iloveitaly.com|econom.co|semalt.com|forum.topic44637676.darodar.com|darodar.com|iskalko.ru|ilovevitaly.ru|ilovevitaly.com|ilovevitaly.co|o-o-8-o-o.ru|o-o-6-o-o.ru|buttons-for-website.com|semalt.semalt.com|cenoval.ru|priceg.com|darodar.com|cenokos.ru|seoexperimenty.ru|gobongo.info|vodkoved.ru|adcash.com|websocial.me|cityadspix.com|luxup.ru|ykecwqlixx.ru|superiends.org|slftsdybbg.ru|edakgfvwql.ru|socialseet.ru|screentoolkit.com|econom.co|semalt.com|savetubevideo.com|shopping.ilovevitaly.com|iedit.ilovevitaly.com|forum.topic52548358.darodar.com|forum.topic53813291.darodar.com|share-buttons.com|event-tracking.com|success-seo.com|free-floating-buttons.com|get-free-social-traffic.com|chinese-amezon.com|get-free-traffic-now.com|free-social-buttons.com|videos-for-your-business.com)) { return 403; } } server { listen 80; server_name MAIN_DOMAIN ANOTHER_DOMAIN_1; rewrite ^ URL_WITH_PROTOCOL_HTTPS$request_uri? permanent; }