diff --git a/conf/mime.types b/conf/mime.types new file mode 100644 index 0000000000..3f486a2843 --- /dev/null +++ b/conf/mime.types @@ -0,0 +1,98 @@ +types { + text/html html htm shtml; + text/css css; + text/cache-manifest manifest appcache; + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + text/x-vcard vcf; + + # JavaScript + application/javascript js jsonp; + application/json json; + + # Images + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/bmp bmp; + image/gif gif; + image/jpeg jpeg jpg; + + application/xml rss atom xml rdf; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.wap.wmlc wmlc; + application/xhtml+xml xhtml; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-chrome-extension crx; + application/x-opera-extension oex; + application/x-xpinstall xpi; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + application/octet-stream safariextz; + + # Audio + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg oga ogg; + audio/mp4 m4a f4a f4b aac; + audio/x-realaudio ra; + audio/x-wav wav; + + # Video + video/3gpp 3gpp 3gp; + video/mp4 mp4 m4v f4v f4p; + video/mpeg mpeg mpg; + video/ogg ogv; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + + # Webfonts + application/font-woff woff; + application/vnd.ms-fontobject eot; + application/x-font-ttf ttf ttc; + application/x-font-opentype otf; + + # Microsoft Office + application/msword doc; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; +} diff --git a/conf/nginx.conf.erb b/conf/nginx.conf.erb new file mode 100644 index 0000000000..ceaccc42ba --- /dev/null +++ b/conf/nginx.conf.erb @@ -0,0 +1,180 @@ +# Set another default user than root for security reasons +user www www; + +# As a thumb rule: One per CPU. If you are serving a large amount +# of static files, which requires blocking disk reads, you may want +# to increase this from the number of cpu_cores available on your +# system. +# +# The maximum number of connections for Nginx is calculated by: +# max_clients = worker_processes * worker_connections +worker_processes 3; +daemon off; + +# Maximum file descriptors that can be opened per process +# This should be > worker_connections +worker_rlimit_nofile 8192; + +events { + # When you need > 8000 * cpu_cores connections, you start optimizing + # your OS, and this is probably the point at where you hire people + # who are smarter than you, this is *a lot* of requests. + worker_connections 8000; +} + +http { + # Set the mime-types via the mime.types external file + include mime.types; + + # And the fallback mime-type + default_type application/octet-stream; + + # Hide nginx version + server_tokens off; + + # ~2 seconds is often enough for HTML/CSS, but connections in + # Nginx are cheap, so generally it's safe to increase it + keepalive_timeout 20; + + sendfile on; + + tcp_nopush on; # off may be better for Comet/long-poll stuff + tcp_nodelay off; # on may be better for Comet/long-poll stuff + + # Enable Gzip: + gzip on; + gzip_http_version 1.0; + gzip_comp_level 5; + gzip_min_length 512; + gzip_buffers 4 8k; + gzip_proxied any; + gzip_types + # text/html is always compressed by HttpGzipModule + text/css + text/plain + text/x-component + application/javascript + application/json + application/xml + application/xhtml+xml + application/x-font-ttf + application/x-font-opentype + application/vnd.ms-fontobject + image/svg+xml + image/x-icon; + + # This should be turned on if you are going to have pre-compressed copies (.gz) of + # static files available. If not it should be left off as it will cause extra I/O + # for the check. It would be better to enable this in a location {} block for + # a specific directory: + # gzip_static on; + + gzip_disable "msie6"; + gzip_vary on; + + server { + listen <%= ENV['PORT'] %>; + + # The host name to respond to + server_name dev.ripple.com; + + # Path for static files + root www; + + #Specify a charset + charset utf-8; + + # Custom 404 page + error_page 404 /404.html; + + if ($http_x_forwarded_proto != "https") { + rewrite ^(.*)$ https://$server_name$1 permanent; + } + + # Expire rules for static content + + # Built-in filename-based cache busting + + # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403 + # This will route all requests for /css/style.20120716.css to /css/style.css + # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting + # This is not included by default, because it'd be better if you use the build + # script to manage the file names. + location ~* (.+)\.(\d+)\.(js|css|png|jpg|jpeg|gif)$ { + try_files $uri $1.$3; + } + + # No default expire rule. This config mirrors that of apache as outlined in the + # html5-boilerplate .htaccess file. However, nginx applies rules by location, + # the apache rules are defined by type. A concequence of this difference is that + # if you use no file extension in the url and serve html, with apache you get an + # expire time of 0s, with nginx you'd get an expire header of one month in the + # future (if the default expire rule is 1 month). Therefore, do not use a + # default expire rule with nginx unless your site is completely static + + # cache.appcache, your document html and data + location ~* \.(?:manifest|appcache|html|xml|json)$ { + expires -1; + access_log logs/static.log; + } + + # Feed + location ~* \.(?:rss|atom)$ { + expires 1h; + add_header Cache-Control "public"; + } + + # Favicon + location ~* \.ico$ { + expires 1w; + access_log off; + add_header Cache-Control "public"; + } + + # Media: images, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm)$ { + expires 1M; + access_log off; + add_header Cache-Control "public"; + } + + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + add_header Cache-Control "public"; + } + + # Cross domain webfont access + location ~* \.(ttf|ttc|otf|eot|woff|font.css)$ { + add_header "Access-Control-Allow-Origin" "*"; + + # Also, set cache rules for webfonts. + # + # See http://wiki.nginx.org/HttpCoreModule#location + # And https://github.com/h5bp/server-configs/issues/85 + # And https://github.com/h5bp/server-configs/issues/86 + expires 1M; + access_log off; + add_header Cache-Control "public"; + } + + # Force the latest IE version + # Use ChromeFrame if it's installed for a better experience for the poor IE folk + add_header "X-UA-Compatible" "IE=Edge,chrome=1"; + + # Prevent clients from accessing hidden files (starting with a dot) + location ~* (^|/)\. { + return 403; + } + + # Prevent clients from accessing to backup/config/source files + location ~* (\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { + return 403; + } + + # Prevent mobile network providers from modifying your site + add_header "Cache-Control" "no-transform"; + + } +}