gabriel
/
nextcloud_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge pull request #354 from YunoHost-Apps/update-nginx-20 

Update nginx conf for nextcloud 20
pull/358/head
Kayou 5 years ago
committed by GitHub
parent
249398f097 00b04039ea
commit
cd5d5bde60
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 82 additions and 101 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 183
      conf/nginx.conf

183
conf/nginx.conf
View File

@ -1,27 +1,20 @@
location = /.well-known/carddav {
return 301 https://$server_name__PATH__/remote.php/dav;
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/\.well-known/host-meta\.json __PATH__/public.php?service=host-meta-json last;
#rewrite ^/\.well-known/host-meta __PATH__/public.php?service=host-meta last;
# The following 2 rules are only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/\.well-known/webfinger __PATH__/public.php?service=webfinger last;
#rewrite ^/\.well-known/nodeinfo __PATH__/public.php?service=nodeinfo last;
location = /.well-known/carddav { return 301 __PATH__/remote.php/dav/; }
location = /.well-known/caldav { return 301 __PATH__/remote.php/dav/; }
try_files $uri $uri/ =404;
} }
location = /.well-known/caldav {
return 301 https://$server_name__PATH__/remote.php/dav;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#location = /.well-known/host-meta {
# return 301 $scheme://$host:$server_port__PATH__/public.php?service=host-meta;
#}
#location = /.well-known/host-meta.json {
# return 301 $scheme://$host:$server_port__PATH__/public.php?service=host-meta-json;
#}
# The following 2 rules are only needed for the Social app.
# Uncomment it if you're planning to use this app.
#location = /.well-known/webfinger {
# return 301 $scheme://$host:$server_port__PATH__/public.php?service=webfinger;
#}
#location = /.well-known/nodeinfo {
# return 301 $scheme://$host:$server_port__PATH__/public.php?service=nodeinfo;
#}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location ^~ __PATH__/ { location ^~ __PATH__/ {
@ -36,33 +29,53 @@ location ^~ __PATH__/ {
# Add headers to serve security related headers # Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-Download-Options: noopen"; more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none"; more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Set max upload size # Set max upload size
client_max_body_size 10G; client_max_body_size 10G;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# Extend timeouts
client_body_timeout 60m;
proxy_read_timeout 60m;
fastcgi_read_timeout 60m;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Errors pages
error_page 403 __PATH__/core/templates/403.php;
# Don't set custom 404 error page, as nextcloud uses 404 codes with meaningful payload.
# Setting custom 404 page clears the payload and creates UI bugs
# error_page 404 __PATH__/core/templates/404.php;
location __PATH__/ {
rewrite ^ __PATH__/index.php;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /nextcloud/index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html __PATH__/index.php$request_uri;
# Default Cache-Control policy
expires 1m;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = __PATH__/ {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 __PATH__/remote.php/webdav/$is_args$args;
}
} }
location = __PATH__/robots.txt { location = __PATH__/robots.txt {
@ -71,15 +84,16 @@ location ^~ __PATH__/ {
access_log off; access_log off;
} }
location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ ^__PATH__/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends
# `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404; try_files $fastcgi_script_name =404;
include fastcgi_params; include fastcgi_params;
@ -87,66 +101,33 @@ location ^~ __PATH__/ {
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $path_info; fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on; fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
} }
location ~ ^__PATH__/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri / __PATH__/index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
} }
location = __PATH__/core/js/oc.js {
rewrite ^ __PATH__/index.php$request_uri;
location ~ \.woff2?$ {
try_files $uri / __PATH__/index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
} }
location = __PATH__/core/preview.png {
rewrite ^ __PATH__/index.php$request_uri;
}
location ~* ^__PATH__/(?:css|js)/ {
rewrite ^ __PATH__/index.php$request_uri;
}
location ~* ^__PATH__/apps/theming/img/core/filetypes/ {
rewrite ^ __PATH__/index.php$request_uri;
}
location ~* ^__PATH__/apps/documentserver_community/ {
rewrite ^ __PATH__/index.php$request_uri;
}
location ~* ^__PATH__/apps/riotchat/riot/ {
rewrite ^ __PATH__/index.php$request_uri;
}
# Adding the cache control header for js, css and map files
location ~ ^__PATH__/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri __PATH__/index.php$request_uri;
more_set_headers "Cache-Control: public, max-age=15778463";
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "Referrer-Policy: no-referrer";
# Optional: Don't log access to assets
access_log off;
}
location ~ ^__PATH__/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri __PATH__/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
location ~ / {
if ($request_method ~ ^PUT$) {
rewrite ^ __PATH__/index.php$request_uri last;
}
if ($request_method ~ ^DELETE$) {
rewrite ^ __PATH__/index.php$request_uri last;
}
try_files $uri / __PATH__/index.php$request_uri;
} }
# show YunoHost panel access # show YunoHost panel access

Write Preview
Loading…
Cancel
Save