nginx-conf-demo

##### lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                8
On-line CPU(s) list:   0-7
Thread(s) per core:    2
Core(s) per socket:    4
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 85
Model name:            Intel(R) Xeon(R) Platinum 8163 CPU @ 2.50GHz
Stepping:              4
CPU MHz:               2499.998
BogoMIPS:              4999.99
Hypervisor vendor:     KVM
Virtualization type:   full
L1d cache:             32K
L1i cache:             32K
L2 cache:              1024K
L3 cache:              33792K
NUMA node0 CPU(s):     0-7

/etc/nginx/nginx.conf

user www-data;
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;

events {
	worker_connections 65535;
	use epoll;
	multi_accept on;
}

http {

	##
	# Basic Settings
	##
	limit_req_zone $binary_remote_addr zone=by_uri:10m rate=2r/s;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 60;
	keepalive_requests 10000;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	client_header_buffer_size 4k;
	client_max_body_size 4M;
	open_file_cache max=65535 inactive=20s;
	open_file_cache_valid 30s;
	open_file_cache_min_uses 1; 

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	# gzip_proxied any;
	gzip_comp_level 2;
	gzip_buffers 4 16k;
	gzip_http_version 1.0;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

/etc/nginx/sites-enabled/default

upstream puma {
  server unix:///srv/xxxxxxxxx/shared/tmp/sockets/xxxx-puma.sock fail_timeout=0;
}

server {
  listen 80;
  server_name api.xxxx.com;
  return 301 https://api.xxxx.com$request_uri;
}


server {
	listen 443 ssl;
	root /srv/xxxxxxxx/current/public;
	server_name api.xxxx.com;

  ssl_certificate /etc/letsencrypt/live/api.xxxx.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/api.xxxx.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	location / {
    #limit_req zone=by_uri burst=5 nodelay;
    try_files $uri/index.html $uri @puma;
  }

  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  }
	
	location ~ /.well-known {
    allow all;
  }
}



server {
  listen 80;
  server_name xx.xx.xxx.xx;

	location / {
	  try_files $uri/index.html $uri @puma;
	}

  location @puma {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://puma;
  }
}