user root; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 8096; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 15; upstream backend { server web:3000 fail_timeout=0; } server { listen 80 deferred; add_header Strict-Transport-Security max-age=15768000; server_tokens off; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 default_server ssl; server_tokens off; root /var/www/public; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options "DENY"; try_files $uri/index.html $uri @application; location ^~ /assets/ { gzip_static on; expires max; add_header Cache-Control public; } location /cable { proxy_pass https://backend; proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HOST $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location @application { proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HOST $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_redirect off; proxy_pass https://backend; } error_page 500 502 503 504 /500.html; keepalive_timeout 10; } }