1 files changed, 78 insertions, 0 deletions

diff --git a/config/nginx.conf b/config/nginx.conf
new file mode 100644
index 00000000..029b0c48
--- /dev/null
+++ b/config/nginx.conf
@@ -0,0 +1,78 @@
+user  root;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+  worker_connections  8096;
+  multi_accept        on;
+  use                 epoll;
+}
+
+http {
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log /var/log/nginx/access.log  main;
+
+  sendfile           on;
+  tcp_nopush         on;
+  tcp_nodelay        on;
+  keepalive_timeout  15;
+
+  upstream backend {
+    server web:3000 fail_timeout=0;
+  }
+
+  server {
+    listen 80 deferred;
+    add_header Strict-Transport-Security max-age=15768000;
+    server_tokens off;
+    rewrite ^ https://$server_name$request_uri? permanent;
+  }
+
+  server {
+    listen 443 default_server ssl;
+    server_tokens off;
+    root /var/www/public;
+    ssl_certificate /etc/nginx/server.crt;
+    ssl_certificate_key /etc/nginx/server.key;
+
+    ssl_session_timeout 5m;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+    add_header X-Frame-Options "DENY";
+
+    try_files $uri/index.html $uri @application;
+    location ^~ /assets/ {
+      gzip_static on;
+      expires max;
+      add_header Cache-Control public;
+    }
+    location /cable {
+      proxy_pass https://backend;
+      proxy_set_header X_FORWARDED_PROTO https;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header HOST $http_host;
+      proxy_set_header X-Url-Scheme $scheme;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+    }
+    location @application {
+      proxy_set_header X_FORWARDED_PROTO https;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header HOST $http_host;
+      proxy_set_header X-Url-Scheme $scheme;
+      proxy_redirect off;
+      proxy_pass https://backend;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    keepalive_timeout 10;
+  }
+}