nginx.conf.example

# development config ('build' subdomain goes to /build, otherwise to /source)
map $subdomain $root_folder {
  default source;
  'build' build;
}


# production config ('debug' subdomain goes to /source, otherwise to /build)
#map $subdomain $root_folder {
#  default build;
#  'debug' source;
#}


# https://github.com/h5bp/server-configs-nginx
server {
  listen 80;
  server_name ~^(?P<subdomain>.+?)?\.?ngseed\.dev$;

  # @FIXME update this path with yours
  set $host_path "{{ABSOLUTE_PATH_TO_PROJECT_SOURCE}}";

  # Path for static files
  root $host_path/$root_folder;

  # Locations go before directives for easier reading

  location /build {
    root  $host_path;
  }

  location / {
    index  index.html index.htm;
  }

  location /coverage {
    autoindex on;
    root $host_path;
  }


  charset utf-8;


  # Hide nginx version information.
  server_tokens off;
  proxy_pass_header Server;


  # Force the latest IE version
  # Use ChromeFrame if it's installed for a better experience for the poor IE folk
  add_header "X-UA-Compatible" "IE=Edge";


  # How long to allow each connection to stay idle; longer values are better
  # for each individual client, particularly for SSL, but means that worker
  # connections are tied up longer. (Default: 65)
  keepalive_timeout 20;

  # Speed up file transfers by using sendfile() to copy directly
  # between descriptors rather than using read()/write().
  sendfile        on;

  # Tell Nginx not to send out partial frames; this increases throughput
  # since TCP frames are filled up before being sent out. (adds TCP_CORK)
  tcp_nopush      on;

  # Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
  # collates several smaller packets together into one larger packet, thus saving
  # bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
  tcp_nodelay     off;


  # Expire rules for static content

  # No default expire rule. However, rules are applied by location.
  # A consequence of this is that if you use no file extension in the url and serve html,
  # you'd get an expire header of one month in the future (if the default expire rule is 1 month).
  # Therefore, do not use a default expire rule unless your site is completely static

  # cache.appcache, your document html and data
  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
    access_log logs/static.log;
  }

  # Feed
  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  # Media: images, icons, video, audio, HTC
  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }

  # CSS and Javascript
  location ~* \.(?:css|js)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "public";
  }


  # Cross domain webfont access
  location ~* \.(?:ttf|ttc|otf|eot|woff)$ {
    add_header "Access-Control-Allow-Origin" "*";

    # Also, set cache rules for webfonts.
    #
    # See http://wiki.nginx.org/HttpCoreModule#location
    # And https://github.com/h5bp/server-configs/issues/85
    # And https://github.com/h5bp/server-configs/issues/86
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }


  # Compression

  # Enable Gzip compressed.
  gzip on;

  # Enable compression both for HTTP/1.0 and HTTP/1.1 (required for CloudFront).
  gzip_http_version  1.0;

  # Compression level (1-9).
  # 5 is a perfect compromise between size and cpu usage, offering about
  # 75% reduction for most ascii files (almost identical to level 9).
  gzip_comp_level    5;

  # Don't compress anything that's already small and unlikely to shrink much
  # if at all (the default is 20 bytes, which is bad as that usually leads to
  # larger files after gzipping).
  gzip_min_length    256;

  # Compress data even for clients that are connecting to us via proxies,
  # identified by the "Via" header (required for CloudFront).
  gzip_proxied       any;

  # Tell proxies to cache both the gzipped and regular version of a resource
  # whenever the client's Accept-Encoding capabilities header varies;
  # Avoids the issue where a non-gzip capable client (which is extremely rare
  # today) would display gibberish if their proxy gave them the gzipped version.
  gzip_vary          on;

  # Compress all output labeled with one of the following MIME-types.
  gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/rss+xml
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/svg+xml
    image/x-icon
    text/css
    text/plain
    text/x-component;
  # text/html is always compressed by HttpGzipModule


  # Define the MIME types for files.
  types {

  # Audio
    audio/midi                            mid midi kar;
    audio/mp4                             aac f4a f4b m4a;
    audio/mpeg                            mp3;
    audio/ogg                             oga ogg;
    audio/x-realaudio                     ra;
    audio/x-wav                           wav;

  # Images
    image/bmp                             bmp;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/webp                            webp;
    image/x-icon                          ico cur;
    image/x-jng                           jng;

  # JavaScript
    application/javascript                js;
    application/json                      json;

  # Manifest files
    application/x-web-app-manifest+json   webapp;
    text/cache-manifest                   manifest appcache;

  # Microsoft Office
    application/msword                                                         doc;
    application/vnd.ms-excel                                                   xls;
    application/vnd.ms-powerpoint                                              ppt;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

  # Video
    video/3gpp                            3gpp 3gp;
    video/mp4                             mp4 m4v f4v f4p;
    video/mpeg                            mpeg mpg;
    video/ogg                             ogv;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;

  # Web feeds
    application/xml                       atom rdf rss xml;

  # Web fonts
    application/font-woff                 woff;
    application/vnd.ms-fontobject         eot;
    application/x-font-ttf                ttc ttf;
    font/opentype                         otf;
    image/svg+xml                         svg svgz;

  # Other
    application/java-archive              jar war ear;
    application/mac-binhex40              hqx;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.wap.wmlc              wmlc;
    application/xhtml+xml                 xhtml;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-chrome-extension        crx;
    application/x-opera-extension         oex;
    application/x-xpinstall               xpi;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-bittorrent              torrent;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;
    application/octet-stream              safariextz;

    text/css                              css;
    text/html                             html htm shtml;
    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/vtt                              vtt;
    text/x-component                      htc;
    text/x-vcard                          vcf;

  }

  default_type  application/octet-stream;


  # Prevent mobile network providers from modifying your site
  # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5
  # http://stackoverflow.com/questions/20134257/any-reason-not-to-add-cache-control-no-transform-header-to-every-page
  # add_header "Cache-Control" "no-transform";


  # Cross domain AJAX requests
  # https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
  # add_header "Access-Control-Allow-Origin" "*";


  # This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
  # The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
  # and will also know to immediately send a 404 if a file is missing on disk, and so on.
  # However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
  # In the below configuration, inactive files are released from the cache after 20 seconds, whereas
  # active (recently requested) files are re-validated every 30 seconds.
  # Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
  # A maximum of the 1000 most recently used file descriptors can be cached at any time.
  # Production servers with stable file collections will definitely want to enable the cache.
  # open_file_cache          max=1000 inactive=20s;
  # open_file_cache_valid    30s;
  # open_file_cache_min_uses 2;
  # open_file_cache_errors   on;


  # Protect against the BEAST attack by preferring RC4-SHA when using SSLv3 and TLS protocols.
  # Note that TLSv1.1 and TLSv1.2 are immune to the beast attack but only work with OpenSSL v1.0.1 and higher and has limited client support.
  # ssl_protocols              SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  # ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
  # ssl_prefer_server_ciphers  on;


  # Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
  # The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
  # By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
  # Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
  # ssl_session_cache    shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
  # ssl_session_timeout  10m;
}