# Nginx configuration file for WebYaST

user  webyast webyast;
worker_processes  1;
error_log  /var/log/webyast/error.log  info;
pid        /var/run/webyast.pid;

# keep $PATH variable
env PATH;

events {
    worker_connections  1024;
}

http {
    # read passenger_root option from external file (in rubygem-passenger-nginx package)
    include /etc/nginx/conf.d/passenger_root.include;

    passenger_ruby /usr/bin/ruby;
    passenger_pool_idle_time 300;
    passenger_min_instances 0;
    passenger_default_user webyast;
    passenger_user webyast;
    passenger_max_pool_size 1;
    passenger_max_instances_per_app 1;
    passenger_spawn_method conservative;

    client_body_temp_path  /srv/www/webyast/tmp/tmp_webyast 1 2;
    fastcgi_temp_path  /srv/www/webyast/tmp/fastcgi_webyast 1 2;
    proxy_temp_path  /srv/www/webyast/tmp/proxy_webyast 1 2;

    include       mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/webyast/access.log;
    passenger_log_level 0;
    passenger_debug_log_file /var/log/webyast/passenger.log;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip              on;
    gzip_static       on;
    gzip_buffers      16 8k;
    gzip_comp_level   9;
    gzip_http_version 1.0;
    gzip_proxied      any;
    gzip_min_length   0;
    gzip_types        text/plain text/css image/x-icon image/png image/gif image/jpeg application/x-javascript text/javascript;
    gzip_vary         on;

    server {
      listen 4984;
      underscores_in_headers on;
      server_name localhost;
      root /srv/www/webyast/public;
      passenger_enabled on;
      rails_framework_spawner_idle_time 300;
      rails_app_spawner_idle_time 300;

      ssl                  on;
      ssl_certificate      /etc/nginx/certs/webyast.pem;
      ssl_certificate_key  /etc/nginx/certs/webyast.key;

      ssl_session_timeout  5m;
      ssl_protocols TLSv1;
      ssl_ciphers ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH;
      ssl_prefer_server_ciphers   on;

      # redirect HTTP requests to HTTPS
      # Error 497 is internal code for Error 400 "The plain HTTP request was sent to HTTPS port"
      error_page 497 https://$host:4984$request_uri;

      location ~* \.(png|gif|jpg|jpeg|css|js|swf|ico)(\?[0-9]+)?$ {
        passenger_enabled on;
        access_log off;
        expires max;
        add_header Cache-Control public;
      }
    }

}