2 files changed, 62 insertions, 13 deletions

diff --git a/config/nginx-ssl.conf-example b/config/nginx-ssl.conf-example
new file mode 100644
index 000000000..c623c8e96
--- /dev/null
+++ b/config/nginx-ssl.conf-example
@@ -0,0 +1,32 @@
+upstream alaveteli {
+    server 127.0.0.1:3000;
+}
+
+server {
+    listen 443;
+    server_name www.example.com;
+    root /var/www/alaveteli/alaveteli/public;
+
+    server_tokens off;
+
+    try_files $uri/index.html $uri @alaveteli;
+
+    access_log /var/log/nginx/alaveteli_ssl_access.log;
+    error_log /var/log/nginx/alaveteli_ssl_error.log error;
+
+    ssl on;
+    ssl_certificate /etc/ssl/certs/www.example.com.cert;
+    ssl_certificate_key /etc/ssl/private/www.example.com.key;
+    ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
+
+    location @alaveteli {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Sendfile-Type X-Accel-Redirect;
+        proxy_set_header X-Accel-Mapping /var/www/alaveteli/alaveteli/cache/zips/production/download=/download;
+        proxy_redirect off;
+        proxy_pass http://alaveteli;
+    }
+}
diff --git a/config/nginx.conf.example b/config/nginx.conf.example
index 56e720abb..be937b7fd 100644
--- a/config/nginx.conf.example
+++ b/config/nginx.conf.example
@@ -1,29 +1,46 @@
 upstream alaveteli {
-    server 127.0.0.1:3300;
+    server 127.0.0.1:3000;
 }
 
+# Example to redirect other domains to the canonical URL. Also redirects the
+# unqualified domain to the FQDN www.example.com, which is recommended.
+#
+# server {
+#   server_name example.com example.org www.example.org;
+#   rewrite ^(.*) http://www.example.com$1 permanent;
+# }
+
 server {
     listen 80;
+    # Set the server name to your domain name if you have multiple nginx servers
+    # running on your machine
+    # server_name www.example.com;
     root /var/www/alaveteli/alaveteli/public;
 
-    location / {
-        proxy_set_header X-Real-IP  $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-Proto http;
-        proxy_redirect off;
-        try_files $uri @ruby;
-    }
+    server_tokens off;
+
+    access_log /var/log/nginx/alaveteli_access.log;
+    error_log /var/log/nginx/alaveteli_error.log error;
+
+    try_files $uri/index.html $uri @alaveteli;
+
+    error_page 500 502 503 504 /500.html;
+    error_page 404             /404.html;
+    error_page 422             /422.html;
 
     location /download {
         internal;
-        alias /var/www/alaveteli/alaveteli/cache/zips/development/download;
+        alias /var/www/alaveteli/alaveteli/cache/zips/production/download;
     }
 
-    location @ruby {
-        proxy_pass http://alaveteli;
+    location @alaveteli {
         proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto http;
         proxy_set_header X-Sendfile-Type X-Accel-Redirect;
-        proxy_set_header X-Accel-Mapping /var/www/alaveteli/alaveteli/cache/zips/development/download=/download;
+        proxy_set_header X-Accel-Mapping /var/www/alaveteli/alaveteli/cache/zips/production/download=/download;
+        proxy_redirect off;
+        proxy_pass http://alaveteli;
     }
 }