Nginx inception

We’re running nginx inside our container. Knowing that we’re behind the aptible nginx proxy, I assume many of our traditional settings (such as gzip settings, proxy_buffers, client_body_buffer_size, timeouts, etc…) probably don’t apply.

Could anyone recommend a vanilla nginx.conf that would work well behind the proxy? I need to be able to:

  1. perform the http->https redirects
  2. intercept static requests [I can do this config]
  3. proxy everything else to an internal unicorn [I can do this part].

The main question is all of the other settings. Any suggestions?

I just don’t want the nginx’es to be fighting each other…

@hylas

Most of our customers running nginx at the app level use something like the following stripped-down version of our nginx config for their nginx.conf:

user nginx;
worker_processes 4;
pid /run/nginx.pid;

events {
  worker_connections 768;
}

http {
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  client_max_body_size 0;

  # http://stackoverflow.com/a/3710649
  proxy_buffers 8 16k;
  proxy_buffer_size 32k;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  access_log /dev/stdout;
  error_log /dev/stdout;

  gzip on;
  gzip_disable "msie6";

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

daemon off;

Any app-specific server/site configuration goes in conf.d and/or sites-enabled. I think that’s probably a good starting point for matching the important settings from our front-end NGiNX proxies.

While I know the above config works in production for some of our customers, it may still have some settings that aren’t strictly necessary for an app-level NGiNX (you mention a few in your original question like gzip settings, proxy_buffers, client_body_buffer_size). If you find any such settings that you can remove and still get a working app, I’d be interested to hear back so that we could pare this example down when recommending a starting point for app-level NGiNX proxies in the future.

:fireworks: :clap: awesome, thanks; will do.