-
Notifications
You must be signed in to change notification settings - Fork 5
/
muvee.nginx.conf.erb
108 lines (86 loc) · 3.16 KB
/
muvee.nginx.conf.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Graciously stolen from https://www.exratione.com/2014/03/running-nginx-as-a-non-root-user/
# and modified to work
#
# A very simple example configuration showing how to launch Nginx as a non-root
# user without sudo access.
#
# Adjust the paths and other settings for your specific circumstances. They are
# currently configured for transient usage - you'd want to pick more permanent
# locations in the filesystem if intending this to run for a while.
#
# Note that as Nginx is not launched as root, it cannot bind to privileged
# ports lower than 1024.
#
# Usage: nginx -c /path/to/this/file.conf
#
# This error log will be written regardless of server scope error_log
# definitions, so we have to set this here in the main scope.
#
# Even doing this, Nginx will still try to create the default error file, and
# log a non-fatal error when it fails. After that things will work, however.
error_log <%= @app_root %>/tmp/error.log;
# The pidfile will be written to /var/run unless this is set.
pid <%= @app_root %>/tmp/muvee.pid;
worker_processes 1;
events {
worker_connections 1024;
}
http {
upstream unicorns {
# server unix:/srv/APPLICATION/tmp/sockets/unicorn.sock;
# If you're not using unicorn with UNIX domain sockets, you'd do something like this:
server 127.0.0.1:3000;
}
# Set an array of temp and cache file options that will otherwise default to
# restricted locations accessible only to root.
client_body_temp_path /tmp/client_body;
fastcgi_temp_path /tmp/fastcgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
index index.html index.htm index.php;
#log_format main '$remote_addr - $remote_user [$time_local] $status '
# '"$request" $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
default_type application/octet-stream;
server {
listen 8080;
listen [::]:8080 default ipv6only=on;
access_log <%= @app_root %>/tmp/access.log;
error_log <%= @app_root %>/tmp/error.log;
root <%= @app_root %>/public;
index index.html index.htm;
server_name watch.muv localhost;
location /protected/ {
alias /$1;
internal;
}
location ~ ^/(fonts|fanart|banners|posters|thumbnails|profiles) {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
root <%= @app_root %>/public;
}
location ~ ^/videos/[0-9]*/source/[0-9]*/stream {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping ^/*=/protected/;
proxy_pass http://unicorns;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://unicorns;
}
}
}