gabriel
/
nextcloud_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

[enh] Update NGINX configuration to fit ownCloud manual one

pull/4/head
Jérôme Lebleu 10 years ago
parent
ce57c268fc
commit
7e84973334
2 changed files with 79 additions and 47 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      README.md
  2. 125
      conf/nginx.conf

1
README.md
View File

@ -28,7 +28,6 @@ or from the Web administration:
## TODO ## TODO
* Update NGINX configuration to fix security issues
* Rewrite the upgrade script and update backup/restore too * Rewrite the upgrade script and update backup/restore too
* Test the upgrade from the current official package * Test the upgrade from the current official package
* Develop an app to integrate SSOwat logout - see * Develop an app to integrate SSOwat logout - see

125
conf/nginx.conf
View File

@ -1,58 +1,91 @@
location #LOCATION# { location #LOCATION# {
alias #DESTDIR#;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
#fastcgi_buffers 64 4K;
rewrite ^#PATH#/caldav(.*)$ #PATH#/remote.php/caldav$1 redirect;
rewrite ^#PATH#/carddav(.*)$ #PATH#/remote.php/carddav$1 redirect;
rewrite ^#PATH#/webdav(.*)$ #PATH#/remote.php/webdav$1 redirect;
error_page 403 #PATH#/core/templates/403.php;
error_page 404 #PATH#/core/templates/404.php;
rewrite ^#PATH#/.well-known/host-meta #PATH#/public.php?service=host-meta last;
rewrite ^#PATH#/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;
rewrite ^#PATH#/.well-known/carddav #PATH#/remote.php/carddav/ redirect;
rewrite ^#PATH#/.well-known/caldav #PATH#/remote.php/caldav/ redirect;
rewrite ^(#PATH#/core/doc/[^\/]+/)$ $1/index.html;
client_max_body_size 10G;
index index.php;
try_files $uri $uri/ /index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-#APP#.sock;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param modHeadersAvailable true;
fastcgi_buffers 64 4K;
}
location ~ robots\.txt {
allow all;
log_not_found off;
access_log off;
}
gzip off;
alias #DESTDIR#;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Set max upload size
client_max_body_size 10G;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Index and errors pages
index index.php;
error_page 403 #PATH#/core/templates/403.php;
error_page 404 #PATH#/core/templates/404.php;
# Rules for served well-known paths
rewrite ^#PATH#/.well-known/carddav #PATH#/remote.php/dav/ permanent;
rewrite ^#PATH#/.well-known/caldav #PATH#/remote.php/dav/ permanent;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^#PATH#/.well-known/host-meta #PATH#/public.php?service=host-meta last;
#rewrite ^#PATH#/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;
# Other rewrite rules
rewrite ^#PATH#/remote/(.*) /remote.php last;
rewrite ^(#PATH#/core/doc/[^\/]+/)$ $1/index.html;
# Catch unknown files
try_files $uri $uri/ =404;
location = #PATH#/robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_buffers 64 4K;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/php5-fpm-#APP#.sock;
}
# Adding the cache control header for js and css files
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;"; add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# show YunoHost panel access
include conf.d/yunohost_panel.conf.inc;
# show YunoHost panel access
include conf.d/yunohost_panel.conf.inc;
} }
location ~ ^#PATH#/(data|config|\.ht|db_structure\.xml|README) {
deny all;
location ~ ^#PATH#/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^#PATH#/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
} }
Write Preview
Loading…
Cancel
Save