Correct NGINX conf

1. upstream php-handler {
2.     server unix:/run/php/php8.1-fpm.sock;
3. }
4.  
5. server {
6.     listen 80 default_server;
7.     listen [::]:80 default_server;
8.     server_name nc.ru;
9.     fastcgi_hide_header X-Powered-By;
10.     fastcgi_read_timeout 3600;
11.     fastcgi_send_timeout 3600;
12.     fastcgi_connect_timeout 3600;
13.     fastcgi_intercept_errors off;
14.  
15.     server_tokens off;
16.  
17.     proxy_set_header X-Forwarded-Host $http_host;
18.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
19.     proxy_set_header X-Forwarded-Proto $scheme;
20.     proxy_buffers 8 64k;
21.     proxy_busy_buffers_size 128k;
22.     proxy_buffer_size 64k;
23.  
24.  
25.     root /var/www/nextcloud;
26.  
27.     location = /robots.txt {
28.         allow all;
29.         log_not_found off;
30.         access_log off;
31.     }
32.  
33.  
34.     location = /.well-known/carddav { return 301 https://nc.ru/remote.php/dav; }
35.     location = /.well-known/caldav { return 301 https://nc.ru/remote.php/dav; }
36.  
37.         location = /.well-known/webfinger   { return 301 https://nc.ru/index.php$uri; }
38.         location = /.well-known/nodeinfo   { return 301 https://nc.ru/index.php$uri; }
39.  
40.     client_max_body_size 30G;
41.     client_body_timeout 3600s;
42.     fastcgi_buffers 64 4K;
43.     gzip on;
44.     gzip_vary on;
45.     gzip_comp_level 4;
46.     gzip_min_length 256;
47.     gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
48.     gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
49.     add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
50.     add_header Permissions-Policy                   "interest-cohort=()";
51.     add_header Referrer-Policy                      "no-referrer"   always;
52.     add_header X-Content-Type-Options               "nosniff"       always;
53.     add_header X-Download-Options                   "noopen"        always;
54.     add_header X-Frame-Options                      "SAMEORIGIN"    always;
55.     add_header X-Permitted-Cross-Domain-Policies    "none"          always;
56.     add_header X-Robots-Tag                         "none"          always;
57.     add_header X-XSS-Protection                     "1; mode=block" always;
58.     fastcgi_hide_header X-Powered-By;
59.  
60.     location / {
61.         rewrite ^ /index.php;
62.     }
63.  
64.     location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
65.         deny all;
66.     }
67.  
68.     location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
69.         deny all;
70.     }
71.  
72. location /netdata {
73. return 301 /netdata/;
74. }
75. location ~ /netdata/(?<ndpath>.*) {
76. auth_basic "Bitte Zugangsdaten eingeben";
77. auth_basic_user_file /etc/nginx/netdata-access;
78. proxy_http_version 1.1;
79. proxy_pass_request_headers on;
80. proxy_set_header Connection "keep-alive";
81. proxy_store off;
82. proxy_pass http://netdata/$ndpath$is_args$args;
83. gzip on;
84. gzip_proxied any;
85. gzip_types *;
86. }
87.  
88.  
89.     location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
90.  
91.     location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
92.  
93.     location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
94.         fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
95.         set $path_info $fastcgi_path_info;
96.         try_files $fastcgi_script_name =404;
97.         include fastcgi_params;
98.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
99.         fastcgi_param PATH_INFO $path_info;
100.         fastcgi_param HTTPS on;
101.         fastcgi_param modHeadersAvailable true;
102.         fastcgi_param front_controller_active true;
103.         fastcgi_pass php-handler;
104.         fastcgi_intercept_errors on;
105.         fastcgi_request_buffering off;
106.     }
107.  
108.     location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
109.         try_files $uri/ =404;
110.         index index.php;
111.     }
112.  
113.     location ~ \.(?:html|ttf|css|js|svg|gif|png|jpg|jpeg|psd|psb|eps|pdf|ai|tif|ico|wasm|tflite|map|bcmap|mp4|webm)$ {
114.         try_files $uri /index.php$request_uri;
115.         add_header Cache-Control "public, max-age=15778463";
116.         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
117.         expires 6M;
118.         access_log off;
119.     }
120.  
121.     location ~ \.woff2?$ {
122.         try_files $uri /index.php$request_uri;
123.         expires 7d;         # Cache-Control policy borrowed from `.htaccess`
124.         access_log off;     # Optional: Don't log access to assets
125.     }
126.  
127. }