Possible to serve a single insecure file (apple-touch-icon) on nginx for a Meteor app?

February 23, 2015 1.6k views

I have a Meteor app setup following this basic procedure: https://www.digitalocean.com/community/tutorials/how-to-deploy-a-meteor-js-application-on-ubuntu-14-04-with-nginx

The one problem I am currently having is that, on iOS when I open the site in Safari and then choose to "Add to Home Screen", Safari does not seem to find the "apple-touch-icon" and use this icon for the home screen. This works when the app is deployed to meteor.com and when run locally on my development machine.

There appear to be two primary differences from those and this deployment:

  1. On Digital Ocean nginx is sitting in front of the Meteor app.
  2. On Digital Ocean things are setup to run over SSL.

At first I thought it might be an issue of using the temporary/fake certificate as suggested in the tutorial above. However this problem persists even after installing a legitimate certificate.

So now my theory is that, for some reason, iOS Safari doesn't like accessing the apple-touch-icon over HTTPS at all, so I want to try serving that icon over HTTP.

Is it possible to modify the configuration offered in that tutorial do try that?

  • Did you try setting everything over HTTP in order to test that your theory is correct?

  • I haven't. Good thinking. Should just be able to change the "location" rule for HTTP:

                location / {
                    rewrite     ^ https://$server_name$request_uri? permanent;

    To be what is being done for HTTPS:

                location / {
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade; # allow websockets
                    proxy_set_header Connection $connection_upgrade;
                    proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
                    # this setting allows the browser to cache the application in a way compatible with Meteor
                    # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
                    # the root path (/) MUST NOT be cached
                    if ($uri != '/') {
                        expires 30d;

    And bypass the non-SSL to SSL redirect. I'll give that a try. Thanks.

  • The problem with a permanent direct is exactly that - they are permanent. So it's likely that your testing has been biased due to that.

    You will want to remove the redirect, make it a temporary one during testing, and find out how to empty your browser cache so that those previous redirects aren't taken into account. Then, you will be able to test over HTTP.

1 Answer

I would first try redirecting http -> https

server { server_name xxx; return 301 https://$host$request_uri; }

If that doesn't work you can serve the single file as needed:

server {
    server_name xxx;
    location = /apple-touch-icon.png { root /var/www/xxx/; }
    location / { return 444; }
Have another answer? Share your knowledge.