nginx.conf

#*****************************
# Enviroment Variables
#*****************************
env DATABASE_URL;
env REDIS_URL;
env AWS_BUCKET;
env AWS_ACCESS_KEY_ID;
env AWS_SECRET_ACCESS_KEY;
env NEW_RELIC_APP_NAME;
env NEW_RELIC_HIGH_SECURITY;
env NEW_RELIC_LICENSE_KEY;
env SENTRY_DSN;

#*****************************
# Process configuration
#*****************************
user root;
worker_processes 4;
pid /run/nginx.pid;
daemon off;
worker_rlimit_nofile 8192;

events {
	worker_connections  4096;
}

http {
	#*****************************
	# Request Processing Settings
	#*****************************
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	include /etc/nginx/conf.d/*.conf;
	server_names_hash_bucket_size 64;
	include /opt/nginx/conf/mime.types;
	default_type application/octet-stream;
	# This must be increased should the application ever be used to upload large files
	client_max_body_size 30m;

	#*****************************
	# Logging Settings
	#*****************************
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	#*****************************
	# Gzip Settings
	#*****************************
	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/x-json application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	#*****************************
	# Passenger settings
	#*****************************
	passenger_root "PASSENGER_ROOT";
	passenger_ruby /usr/local/bin/ruby;
	passenger_max_pool_size 4;
	passenger_min_instances 4;
	passenger_pool_idle_time 300;
	# This should be a lesser privileged user but its being run as root due to issues with docker and volumes
	passenger_user_switching off;
	passenger_default_user root;

	server {
		listen 80 default_server;
		server_name _;
		root /usr/src/app/public;
		passenger_enabled on;

		#*****************************
		# Adds CORS headers
		#*****************************
		# The application does not insert CORS headers, so it must be set by the web server
		location / {
			if ($request_method != 'OPTIONS') {
				add_header 'Access-Control-Allow-Origin' '*' always;
				add_header 'Access-Control-Allow-Credentials' 'true' always;
				add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT, DELETE' always;
				# These should be changed should the application remove or add another reader
				add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-App-Token,total,per-page' always;
				add_header 'Access-Control-Expose-Headers' 'X-App-Token,total,per-page' always;
            }

			if ($request_method = 'OPTIONS') {
				add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Credentials' 'true';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT, DELETE';
				# These should be changed should the application remove or add another reader
                add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-App-Token,total,per-page';
                add_header 'Access-Control-Expose-Headers' 'X-App-Token,total,per-page';
				add_header 'Access-Control-Max-Age' 1728000;
				add_header 'Content-Type' 'text/plain charset=UTF-8';
				add_header 'Content-Length' 0;
				return 204;
			}
		}


		location = /favicon.ico {
		    expires    max;
		    add_header Cache-Control public;
		}

		location ~ ^/(uploads|assets|images|javascripts|stylesheets|swfs|system)/ {
		    gzip_static on;
		    expires     max;
		    add_header  Cache-Control public;
		    add_header  Last-Modified "";
		    add_header  ETag "";
		    break;
	  	}
	}
}