Do not duplicate nginx config files.

Fixes #1050
2026-01-14 11:09:11 +08:00 · 2015-09-26 11:33:12 +03:00 · 2015-09-26 11:33:12 +03:00 · 353f610c1e
commit 353f610c1e
parent ed9d5dd824
2 changed files with 17 additions and 138 deletions
--- a/docs/source/deploy.rst
+++ b/docs/source/deploy.rst
@ -13,68 +13,10 @@ buffers slow clients when you use default Gunicorn workers. Without this
 buffering Gunicorn will be easily susceptible to denial-of-service attacks.
 You can use slowloris_ to check if your proxy is behaving properly.
-An `example configuration`_ file for fast clients with Nginx_::
+An `example configuration`_ file for fast clients with Nginx_:
-    worker_processes 1;
+.. literalinclude:: ../../examples/nginx.conf
-
+   :language: nginx
    user nobody nogroup;
    pid /tmp/nginx.pid;
    error_log /tmp/nginx.error.log;
    events {
        worker_connections 1024;
        accept_mutex off;
    }
    http {
        include mime.types;
        default_type application/octet-stream;
        access_log /tmp/nginx.access.log combined;
        sendfile on;
        upstream app_server {
            server unix:/tmp/gunicorn.sock fail_timeout=0;
            # For a TCP configuration:
            # server 192.168.0.7:8000 fail_timeout=0;
        }
        server {
            # If no Host match, close the connection to prevent Host spoofing
            listen 80 default_server;
            return 444;
        }
        server {
            listen 80;
            client_max_body_size 4G;
            # set the correct host(s) for your site
            server_name example.com www.example.com;
            keepalive_timeout 5;
            # path for static files
            root /path/to/app/current/public;
            location / {
                # checks for static file, if not found proxy to app
                try_files $uri @proxy_to_app;
            }
            location @proxy_to_app {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass   http://app_server;
            }
            error_page 500 502 503 504 /500.html;
            location = /500.html {
                root /path/to/app/current/public;
            }
        }
    }
 If you want to be able to handle streaming request/responses or other fancy
 features like Comet, Long polling, or Web sockets, you need to turn off the
--- a/examples/nginx.conf
+++ b/examples/nginx.conf
@ -1,93 +1,50 @@
 # This is example contains the bare minimum to get nginx going with
 # Gunicornservers.
 worker_processes 1;
-# # drop privileges, root is needed on most systems for binding to port 80
+user nobody nogroup;
-# # (or anything < 1024).  Capability-based security may be available for
+# 'user nobody nobody;' for systems with 'nobody' as a group instead
 # # your system and worth checking out so you won't need to be root to
 # # start nginx to bind on 80
 user nobody nogroup; # for systems with a "nogroup"
 # user nobody nobody; # for systems with "nobody" as a group instead
 # Feel free to change all paths to suit your needs here, of course
 pid /tmp/nginx.pid;
 error_log /tmp/nginx.error.log;
 events {
  worker_connections 1024; # increase if you have lots of clients
-  accept_mutex off; # "on" if nginx worker_processes > 1
+  accept_mutex off; # set to 'on' if nginx worker_processes > 1
-  # use epoll; # enable for Linux 2.6+
+  # 'use epoll;' to enable for Linux 2.6+
-  # use kqueue; # enable for FreeBSD, OSX
+  # 'use kqueue;' to enable for FreeBSD, OSX
 }
 http {
  # nginx will find this file in the config directory set at nginx build time
  include mime.types;
  # fallback in case we can't determine a type
  default_type application/octet-stream;
  # click tracking!
  access_log /tmp/nginx.access.log combined;
  # you generally want to serve static files with nginx since neither
  # Unicorn nor Rainbows! is optimized for it at the moment
  sendfile on;
  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
  # we haven't checked to see if Rack::Deflate on the app server is
  # faster or not than doing compression via nginx.  It's easier
  # to configure it all in one place here for static files and also
  # to disable gzip for clients who don't get gzip/deflate right.
  # There are other other gzip settings that may be needed used to deal with
  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6]\.";
  gzip_types text/plain text/html text/xml text/css
             text/comma-separated-values
             text/javascript application/x-javascript
             application/atom+xml;
  # this can be any application server, not just Unicorn/Rainbows!
  upstream app_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
-    # to return a good HTTP response (in case the Unicorn master nukes a
+    # to return a good HTTP response
    # single worker for timing out).
-    # for UNIX domain socket setups:
+    # for UNIX domain socket setups
    server unix:/tmp/gunicorn.sock fail_timeout=0;
-    # for TCP setups, point these to your backend servers
+    # for a TCP configuration
-    # server 192.168.0.7:8080 fail_timeout=0;
+    # server 192.168.0.7:8000 fail_timeout=0;
    # server 192.168.0.8:8080 fail_timeout=0;
    # server 192.168.0.9:8080 fail_timeout=0;
  }
  server {
-    # If no Host match, close the connection to prevent Host spoofing
+    # if no Host match, close the connection to prevent host spoofing
    listen 80 default_server;
    return 444;
  }
  server {
-    # listen 80 deferred; # for Linux
+    # use 'listen 80 deferred;' for Linux
-    # listen 80 accept_filter=httpready; # for FreeBSD
+    # use 'listen 80 accept_filter=httpready;' for FreeBSD
    listen 80;
    client_max_body_size 4G;
    # set the correct host(s) for your site
    server_name example.com www.example.com;
    client_max_body_size 4G;
    # ~2 seconds is often enough for most folks to parse HTML/CSS and
    # retrieve needed images/icons/frames, connections are cheap in
    # nginx so increasing this is generally safe...
    keepalive_timeout 5;
    # path for static files
@ -99,36 +56,16 @@ http {
    }
    location @proxy_to_app {
      # an HTTP header important enough to have its own Wikipedia entry:
      #   http://en.wikipedia.org/wiki/X-Forwarded-For
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
+      # enable this if and only if you use HTTPS
      # enable this if and only if you use HTTPS, this helps Rack
      # set the proper protocol for doing redirects:
      # proxy_set_header X-Forwarded-Proto https;
      # pass the Host: header from the client right along so redirects
      # can be set properly within the Rack application
      proxy_set_header Host $http_host;
      # we don't want nginx trying to do something clever with
      # redirects, we set the Host: header above already.
      proxy_redirect off;
      # set "proxy_buffering off" *only* for Rainbows! when doing
      # Comet/long-poll stuff.  It's also safe to set if you're
      # using only serving fast clients with Unicorn + nginx.
      # Otherwise you _want_ nginx to buffer responses to slow
      # clients, really.
      # proxy_buffering off;
      # Try to serve static files from nginx, no point in making an
      # *application* server like Unicorn/Rainbows! serve static files.
      proxy_pass http://app_server;
    }
    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /path/to/app/current/public;