nginx setup via chef
Pull request Compare This branch is 65 commits behind gchef:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Installs nginx from package OR source code and sets up configuration handling similar to Debian's Apache2 scripts.


  • apt (for nginx::source)
  • build-essential (for nginx::source)


Debian or Ubuntu though may work where 'build-essential' works. Only tested on Ubuntu.


Take this SSL-only app being served by rainbows:

:nginx => {
  :apps => {
    :myapp_ssl => {
      :listen      => [443],
      :server_name => "",
      :public_path => "/home/myapp/app/public",
      :try_files   => "$uri @myapp_ruby",
      :locations   => [
          :path => "@myapp_ruby",
          :directives => [
            "proxy_set_header X-Forwarded-Proto $scheme;",
            "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;",
            "proxy_set_header X-Real-IP $remote_addr;",
            "proxy_set_header Host $host;",
            "proxy_redirect off;",
            "proxy_http_version 1.1;",
            "proxy_set_header Connection '';",
            "proxy_pass http://myapp_ruby;"
      :upstreams => [
          :name => "myapp_ruby", # defaults to your apps name (eg. myapp_ssl)
          :servers => [
            "unix:/home/myapp/app/tmp/web.sock max_fails=3 fail_timeout=1s",
            "failover-host:5000 max_fails=3 fail_timeout=1s backup"
      :custom_directives => [
        "ssl on;",
        "ssl_certificate /var/certs/myapp.crt;",
        "ssl_certificate_key /var/certs/myapp.key;",
        "ssl_session_cache shared:SSL:10m;"
        "ssl_session_timeout 10m;"

We're running the ruby app on the local host and we're using a unix socket to connect to it. If for whatever reason the local app is inaccessible, we're falling back to a different host and connecting on TCP socket 5000.

In a horizontally scalable environment, your front-end servers will only run nginx (so no chance of proxying to a unix socket). You will have multiple back-end servers to which nginx will connect via TCP sockets.

The proxy_set_header Connection directive is a hint that this cookbook supports nginx upstream keepalive. Default is 4 connections. This can be easily adjusted via the nginx_app provider.

If you find yourself specifying the proxy_set_header directives for multiple nginx apps, you can extract them into a common config file, eg. /etc/nginx/conf.d/proxy.conf. Same is true for ssl directives.

[More nginx load balancing and reverse proxying tips] 4.