rails向けのnginxコンフの一例

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

server {
    listen 80;
    server_name www.example.com;

    return 301 https://$host$request_uri;
}

server {
    ssl on;
    listen       443;
    server_name  www.example.com;
    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;

    include /etc/nginx/default.d/*.conf;

    root /path/to/public;

    location ^~ /.well-known/acme-challenge {
        return 200;
    }
    location ^~ /.well-known/assetlinks.json {
        return 404;
    }
    # apple-touch-icon-57x57.png の対策
    location ~ ^/apple-touch-icon-(.*)\.png$ {
        rewrite ^(.*)$ /apple-touch-icon.png last;
    }
    location ~ ^/android-chrome-(.*)\.png$ {
        rewrite ^(.*)$ /android-chrome.png last;
    }

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect                         off;
        proxy_set_header Host                  $host;
        proxy_set_header X-Real-IP             $remote_addr;
        proxy_set_header X-Forwarded-Host      $host;
        proxy_set_header X-Forwarded-Server    $host;
        proxy_set_header X-Forwarded-For       $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto     $scheme;
    }
}