Possible to serve a single insecure file (apple-touch-icon) on nginx for a Meteor app?

  • Posted February 23, 2015

I have a Meteor app setup following this basic procedure:

The one problem I am currently having is that, on iOS when I open the site in Safari and then choose to “Add to Home Screen”, Safari does not seem to find the “apple-touch-icon” and use this icon for the home screen. This works when the app is deployed to and when run locally on my development machine.

There appear to be two primary differences from those and this deployment:

  1. On Digital Ocean nginx is sitting in front of the Meteor app.
  2. On Digital Ocean things are setup to run over SSL.

At first I thought it might be an issue of using the temporary/fake certificate as suggested in the tutorial above. However this problem persists even after installing a legitimate certificate.

So now my theory is that, for some reason, iOS Safari doesn’t like accessing the apple-touch-icon over HTTPS at all, so I want to try serving that icon over HTTP.

Is it possible to modify the configuration offered in that tutorial do try that?


The problem with a permanent direct is exactly that - they are permanent. So it’s likely that your testing has been biased due to that.

You will want to remove the redirect, make it a temporary one during testing, and find out how to empty your browser cache so that those previous redirects aren’t taken into account. Then, you will be able to test over HTTP.

I haven’t. Good thinking. Should just be able to change the “location” rule for HTTP:

            location / {
                rewrite     ^ https://$server_name$request_uri? permanent;

To be what is being done for HTTPS:

            location / {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade; # allow websockets
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

                # this setting allows the browser to cache the application in a way compatible with Meteor
                # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
                # the root path (/) MUST NOT be cached
                if ($uri != '/') {
                    expires 30d;

And bypass the non-SSL to SSL redirect. I’ll give that a try. Thanks.

Did you try setting everything over HTTP in order to test that your theory is correct?

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I would first try redirecting http -> https

server { server_name xxx; return 301 https://$host$request_uri; }

If that doesn’t work you can serve the single file as needed:

server {
	server_name xxx;
	location = /apple-touch-icon.png { root /var/www/xxx/; }
	location / { return 444; }