How to properly setup nginx as a reverse proxy for gunicorn and flask using subdomains, for both SSL and non-SSL configurations?

Question

Could someone please post an nginx configuration file that shows how to properly route the following URLs to to gunicorn:

1. http://www.example.com
2. https://www.example.com
3. http://testing.example.com
4. https://testing.example.com

Some questions:

1. why do some nginx configuration files contain an "upstream command?"
2. I am running 2N+1 gunicorn workers. Would I also need multiple nginx workers? by that, I mean should I even the "worker_processes" command since nginx is just supposed to serve static files?
3. how to setup buffering/caching?

Answer 1

server {
    listen        80 default_server deferred;
    listen        443 default_server deferred ssl;
    listen        [::]:80 ipv6only=on default_server deferred;
    listen        [::]:443 ipv6only=on default_server deferred ssl;
    server_name   example.com www.example.com testing.example.com;
    root          /path/to/static/files

    # Include SSL stuff

    location / {

        location ~* \.(css|gif|ico|jpe?g|js[on]?p?|png|svg|txt|xml)$ {
            access_log                off;
            add_header                Cache-Control   "public";
            add_header                Pragma          "public";
            expires                   365d;
            log_not_found             off;
            tcp_nodelay               off;
            open_file_cache           max=16 inactive=600s; # 10 minutes
            open_file_cache_errors    on;
            open_file_cache_min_uses  2;
            open_file_cache_valid     300s; # 5 minutes
        }

        try_files $uri @gunicorn;
    }

    location @gunicorn {
        add_header                X-Proxy-Cache $upstream_cache_status;
        expires                   epoch;
        proxy_cache               proxy;
        proxy_cache_bypass        $nocache;
        proxy_cache_key           "$request_method@$scheme://$server_name:$server_port$uri$args";
        proxy_cache_lock          on;
        proxy_cache_lock_timeout  2000;
        proxy_cache_use_stale     error timeout invalid_header updating http_500;
        proxy_cache_valid         200 302 1m;
        proxy_cache_valid         301 1D;
        proxy_cache_valid         any 5s;
        proxy_http_version        1.1;
        proxy_ignore_headers      Cache-Control Expires;
        proxy_max_temp_file_size  1m;
        proxy_no_cache            $nocache;
        proxy_redirect            off;
        proxy_set_header          Host $host;
        proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header          X-Real-IP $remote_addr;
        proxy_pass                http://gunicorn;
    }
}

And answering your other questions:

1. The upstream directive can be used to simplify any *_pass directives in your nginx configuration and for load balancing situations. If you have more than one gunicorn server you can do something like the following:

upstream gunicorn {
    server http://gunicorn1;
    server http://gunicorn2;
}

server {
    location {
        proxy_pass gunicorn;
    }
}

1. Set worker_processes of nginx to auto if your nginx version already has the auto option. The amount of worker processes of your nginx has nothing to do with the worker process of your gunicorn application. And yes, even if you are only serving static files, setting the correct amount of worker processes will increase the total amount of requests your nginx can handle and it's therefor recommended to set it up right. If your nginx version doesn't have the auto option simply set it to your real physical CPU count or real physical CPU core count.
2. I included a sample configuration for caching the responses from your gunicorn application server and the open files cache of UNIX based systems for the static files. I think it's pretty obvious how to set things up. If you want me to explain any special directive in great detail simply leave a comment and I'll edit my answer.