Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Procfile
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
release: bundle exec rake db:migrate
web: bundle exec puma -C config/puma.rb
web: bin/start-nginx bundle exec puma -C config/puma.rb
4 changes: 2 additions & 2 deletions app/views/layouts/application.html.haml
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@
= csp_meta_tag

<!-- Privacy-friendly analytics by Plausible -->
%script{ async: true, src: 'https://plausible.io/js/pa-PFruVsE_br97UUCRXE_6f.js' }
%script{ async: true, src: '/js/script.js' }
%script
window.plausible = window.plausible || function() { (plausible.q = plausible.q || []).push(arguments) }, plausible.init = plausible.init || function(i) { plausible.o = i || {} };
plausible.init()
plausible.init({ endpoint: '/api/event' })

%body.no-js{ 'class': "#{params[:controller]}-#{params[:action]}", 'data-bs-no-jquery': 'true' }
#top
Expand Down
77 changes: 77 additions & 0 deletions config/nginx.conf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
daemon off;
Comment thread
till marked this conversation as resolved.
worker_processes auto;

events {
worker_connections 1024;
}

http {
charset utf-8;
server_tokens off;

# DNS resolver for proxy_pass
resolver 9.9.9.9 valid=30s;

# Proxy cache in /dev/shm (tmpfs, persists across dyno restarts)
proxy_cache_path /dev/shm/nginx_cache levels=1:2 keys_zone=plausible_cache:1m max_size=100m inactive=5m use_temp_path=off;

# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;

# Logs to stdout/stderr for Heroku
access_log /dev/stdout;
error_log /dev/stderr;

# Proxy settings
proxy_http_version 1.1;
proxy_buffering on;

upstream app_server {
server unix:/tmp/nginx.socket fail_timeout=0;
}

server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;

# Plausible endpoints (set inside server context)
set $plausible_script_url https://plausible.io/js/pa-PFruVsE_br97UUCRXE_6f.js;
set $plausible_event_url https://plausible.io/api/event;

# Plausible: Proxy script.js (cached)
location = /js/script.js {
proxy_cache plausible_cache;
proxy_cache_valid 200 5m;
proxy_cache_key "$host$uri";
proxy_pass $plausible_script_url;
proxy_set_header Host plausible.io;
proxy_buffering on;

# Cache response headers
add_header X-Cache $upstream_cache_status;
}

# Plausible: Proxy event API
location = /api/event {
proxy_pass $plausible_event_url;
proxy_set_header Host plausible.io;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $host;
proxy_buffering on;
}

# Rails: All other requests
location / {
proxy_pass http://app_server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
}
15 changes: 13 additions & 2 deletions config/puma.rb
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# This configuration file will be evaluated by Puma. The top-level methods that
# are invoked here are part of Puma's configuration DSL. For more information
# about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
#

require 'fileutils'

# Puma starts a configurable number of processes (workers) and each process
# serves each request in a thread from an internal thread pool.
#
Expand Down Expand Up @@ -29,7 +31,16 @@
threads threads_count, threads_count

# Specifies the `port` that Puma will listen on to receive requests; default is 3000.
port ENV.fetch("PORT", 3000)
# Use Unix socket when nginx config exists (from heroku-community/nginx buildpack)
# Falls back to port if nginx config not present
if File.exist?("config/nginx.conf.erb")
bind "unix:///tmp/nginx.socket?umask=0077" # Restrict socket permissions to owner only

# Signal to nginx buildpack that app is ready (required for nginx to start)
FileUtils.touch("/tmp/app-initialized")
else
port ENV.fetch("PORT", 3000)
end

# Allow puma to be restarted by `bin/rails restart` command.
plugin :tmp_restart
Expand Down