# This is example contains the bare mininum to get nginx going with # Gunicornservers. worker_processes 1; # # drop privileges, root is needed on most systems for binding to port 80 # # (or anything < 1024). Capability-based security may be available for # # your system and worth checking out so you won't need to be root to # # start nginx to bind on 80 user nobody nogroup; # for systems with a "nogroup" # user nobody nobody; # for systems with "nobody" as a group instead # Feel free to change all paths to suite your needs here, of course pid /tmp/nginx.pid; error_log /tmp/nginx.error.log; events { worker_connections 1024; # increase if you have lots of clients accept_mutex off; # "on" if nginx worker_processes > 1 # use epoll; # enable for Linux 2.6+ # use kqueue; # enable for FreeBSD, OSX } http { # nginx will find this file in the config directory set at nginx build time include mime.types; # fallback in case we can't determine a type default_type application/octet-stream; # click tracking! access_log /tmp/nginx.access.log combined; # you generally want to serve static files with nginx since neither # Unicorn nor Rainbows! is optimized for it at the moment sendfile on; tcp_nopush on; # off may be better for *some* Comet/long-poll stuff tcp_nodelay off; # on may be better for some Comet/long-poll stuff # we haven't checked to see if Rack::Deflate on the app server is # faster or not than doing compression via nginx. It's easier # to configure it all in one place here for static files and also # to disable gzip for clients who don't get gzip/deflate right. # There are other other gzip settings that may be needed used to deal with # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule gzip on; gzip_http_version 1.0; gzip_proxied any; gzip_min_length 500; gzip_disable "MSIE [1-6]\."; gzip_types text/plain text/html text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml; # this can be any application server, not just Unicorn/Rainbows! upstream app_server { # fail_timeout=0 means we always retry an upstream even if it failed # to return a good HTTP response (in case the Unicorn master nukes a # single worker for timing out). # for UNIX domain socket setups: server unix:/tmp/gunicorn.sock fail_timeout=0; # for TCP setups, point these to your backend servers # server 192.168.0.7:8080 fail_timeout=0; # server 192.168.0.8:8080 fail_timeout=0; # server 192.168.0.9:8080 fail_timeout=0; } server { # listen 80 default deferred; # for Linux # listen 80 default accept_filter=httpready; # for FreeBSD listen 80 default; client_max_body_size 4G; server_name _; # ~2 seconds is often enough for most folks to parse HTML/CSS and # retrieve needed images/icons/frames, connections are cheap in # nginx so increasing this is generally safe... keepalive_timeout 5; # path for static files root /path/to/app/current/public; location / { # an HTTP header important enough to have its own Wikipedia entry: # http://en.wikipedia.org/wiki/X-Forwarded-For proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # enable this if and only if you use HTTPS, this helps Rack # set the proper protocol for doing redirects: # proxy_set_header X-Forwarded-Proto https; # pass the Host: header from the client right along so redirects # can be set properly within the Rack application proxy_set_header Host $http_host; # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; # set "proxy_buffering off" *only* for Rainbows! when doing # Comet/long-poll stuff. It's also safe to set if you're # using only serving fast clients with Unicorn + nginx. # Otherwise you _want_ nginx to buffer responses to slow # clients, really. # proxy_buffering off; # Try to serve static files from nginx, no point in making an # *application* server like Unicorn/Rainbows! serve static files. if (!-f $request_filename) { proxy_pass http://app_server; break; } } # Error pages error_page 500 502 503 504 /500.html; location = /500.html { root /path/to/app/current/public; } } }