chef/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb

# Generated by Chef
upstream _sockethub {
  server   localhost:<%= @sockethub_port %>;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen 80; # For Let's Encrypt
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen <%= @sockethub_external_port %> ssl spdy;
  add_header Strict-Transport-Security "max-age=15768000";
  <% end -%>

  server_name <%= @server_name %>;

  access_log <%= node[:nginx][:log_dir] %>/sockethub.access.log json;
  error_log <%= node[:nginx][:log_dir] %>/sockethub.error.log warn;

  # We might need real ETags, disable those for now
  gzip off;

  location /.well-known {
    root "/var/www/sockethub";
  }

  location / {
    # an HTTP header important enough to have its own Wikipedia entry:
    #  http://en.wikipedia.org/wiki/X-Forwarded-For
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # enable this if and only if you use HTTPS, this helps Rack
    # set the proper protocol for doing redirects:
    proxy_set_header X-Forwarded-Proto https;

    # pass the Host: header from the client right along so redirects
    # can be set properly within the Rack application
    proxy_set_header Host $http_host;

    # we don't want nginx trying to do something clever with
    # redirects, we set the Host: header above already.
    proxy_redirect off;

    # Increase number of buffers. Default is 8
    proxy_buffers 1024 8k;

    proxy_pass http://_sockethub;
    proxy_http_version 1.1;
    # Enable WebSockets
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
   }

  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
  <% end -%>
}