Do not duplicate nginx config files.

Fixes #1050
2026-01-14 11:09:11 +08:00 · 2015-09-26 11:33:12 +03:00 · 2015-09-26 11:33:12 +03:00 · 353f610c1e
commit 353f610c1e
parent ed9d5dd824
2 changed files with 17 additions and 138 deletions
--- a/docs/source/deploy.rst
+++ b/docs/source/deploy.rst
@ -13,68 +13,10 @@ buffers slow clients when you use default Gunicorn workers. Without this
 buffering Gunicorn will be easily susceptible to denial-of-service attacks.
 You can use slowloris_ to check if your proxy is behaving properly.

-An `example configuration`_ file for fast clients with Nginx_::
+An `example configuration`_ file for fast clients with Nginx_:

-    worker_processes 1;
-
-    user nobody nogroup;
-    pid /tmp/nginx.pid;
-    error_log /tmp/nginx.error.log;
-
-    events {
-        worker_connections 1024;
-        accept_mutex off;
-    }
-
-    http {
-        include mime.types;
-        default_type application/octet-stream;
-        access_log /tmp/nginx.access.log combined;
-        sendfile on;
-
-        upstream app_server {
-            server unix:/tmp/gunicorn.sock fail_timeout=0;
-            # For a TCP configuration:
-            # server 192.168.0.7:8000 fail_timeout=0;
-        }
-
-        server {
-            # If no Host match, close the connection to prevent Host spoofing
-            listen 80 default_server;
-            return 444;
-        }
-
-        server {
-            listen 80;
-            client_max_body_size 4G;
-
-            # set the correct host(s) for your site
-            server_name example.com www.example.com;
-
-            keepalive_timeout 5;
-
-            # path for static files
-            root /path/to/app/current/public;
-
-            location / {
-                # checks for static file, if not found proxy to app
-                try_files $uri @proxy_to_app;
-            }
-
-            location @proxy_to_app {
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header Host $http_host;
-                proxy_redirect off;
-
-                proxy_pass   http://app_server;
-            }
-
-            error_page 500 502 503 504 /500.html;
-            location = /500.html {
-                root /path/to/app/current/public;
-            }
-        }
-    }
+.. literalinclude:: ../../examples/nginx.conf
+   :language: nginx

 If you want to be able to handle streaming request/responses or other fancy
 features like Comet, Long polling, or Web sockets, you need to turn off the
--- a/examples/nginx.conf
+++ b/examples/nginx.conf
@ -1,93 +1,50 @@
-# This is example contains the bare minimum to get nginx going with
-# Gunicornservers.
-
 worker_processes 1;

-# # drop privileges, root is needed on most systems for binding to port 80
-# # (or anything < 1024).  Capability-based security may be available for
-# # your system and worth checking out so you won't need to be root to
-# # start nginx to bind on 80
-user nobody nogroup; # for systems with a "nogroup"
-# user nobody nobody; # for systems with "nobody" as a group instead
-
-# Feel free to change all paths to suit your needs here, of course
+user nobody nogroup;
+# 'user nobody nobody;' for systems with 'nobody' as a group instead
 pid /tmp/nginx.pid;
 error_log /tmp/nginx.error.log;

 events {
  worker_connections 1024; # increase if you have lots of clients
-  accept_mutex off; # "on" if nginx worker_processes > 1
-  # use epoll; # enable for Linux 2.6+
-  # use kqueue; # enable for FreeBSD, OSX
+  accept_mutex off; # set to 'on' if nginx worker_processes > 1
+  # 'use epoll;' to enable for Linux 2.6+
+  # 'use kqueue;' to enable for FreeBSD, OSX
 }

 http {
-  # nginx will find this file in the config directory set at nginx build time
  include mime.types;
-
  # fallback in case we can't determine a type
  default_type application/octet-stream;
-
-  # click tracking!
  access_log /tmp/nginx.access.log combined;
-
-  # you generally want to serve static files with nginx since neither
-  # Unicorn nor Rainbows! is optimized for it at the moment
  sendfile on;

-  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
-  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
-
-  # we haven't checked to see if Rack::Deflate on the app server is
-  # faster or not than doing compression via nginx.  It's easier
-  # to configure it all in one place here for static files and also
-  # to disable gzip for clients who don't get gzip/deflate right.
-  # There are other other gzip settings that may be needed used to deal with
-  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
-  gzip on;
-  gzip_http_version 1.0;
-  gzip_proxied any;
-  gzip_min_length 500;
-  gzip_disable "MSIE [1-6]\.";
-  gzip_types text/plain text/html text/xml text/css
-             text/comma-separated-values
-             text/javascript application/x-javascript
-             application/atom+xml;
-
-  # this can be any application server, not just Unicorn/Rainbows!
  upstream app_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
-    # to return a good HTTP response (in case the Unicorn master nukes a
-    # single worker for timing out).
+    # to return a good HTTP response

-    # for UNIX domain socket setups:
+    # for UNIX domain socket setups
    server unix:/tmp/gunicorn.sock fail_timeout=0;

-    # for TCP setups, point these to your backend servers
-    # server 192.168.0.7:8080 fail_timeout=0;
-    # server 192.168.0.8:8080 fail_timeout=0;
-    # server 192.168.0.9:8080 fail_timeout=0;
+    # for a TCP configuration
+    # server 192.168.0.7:8000 fail_timeout=0;
  }

  server {
-    # If no Host match, close the connection to prevent Host spoofing
+    # if no Host match, close the connection to prevent host spoofing
    listen 80 default_server;
    return 444;
  }

  server {
-    # listen 80 deferred; # for Linux
-    # listen 80 accept_filter=httpready; # for FreeBSD
+    # use 'listen 80 deferred;' for Linux
+    # use 'listen 80 accept_filter=httpready;' for FreeBSD
    listen 80;
+    client_max_body_size 4G;

    # set the correct host(s) for your site
    server_name example.com www.example.com;

-    client_max_body_size 4G;
-
-    # ~2 seconds is often enough for most folks to parse HTML/CSS and
-    # retrieve needed images/icons/frames, connections are cheap in
-    # nginx so increasing this is generally safe...
    keepalive_timeout 5;

    # path for static files
@ -99,36 +56,16 @@ http {
    }

    location @proxy_to_app {
-      # an HTTP header important enough to have its own Wikipedia entry:
-      #   http://en.wikipedia.org/wiki/X-Forwarded-For
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-      # enable this if and only if you use HTTPS, this helps Rack
-      # set the proper protocol for doing redirects:
+      # enable this if and only if you use HTTPS
      # proxy_set_header X-Forwarded-Proto https;
-
-      # pass the Host: header from the client right along so redirects
-      # can be set properly within the Rack application
      proxy_set_header Host $http_host;
-
      # we don't want nginx trying to do something clever with
      # redirects, we set the Host: header above already.
      proxy_redirect off;
-
-      # set "proxy_buffering off" *only* for Rainbows! when doing
-      # Comet/long-poll stuff.  It's also safe to set if you're
-      # using only serving fast clients with Unicorn + nginx.
-      # Otherwise you _want_ nginx to buffer responses to slow
-      # clients, really.
-      # proxy_buffering off;
-
-      # Try to serve static files from nginx, no point in making an
-      # *application* server like Unicorn/Rainbows! serve static files.
      proxy_pass http://app_server;
-
    }

-    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /path/to/app/current/public;