Nginx config for OwnCloud 8.2 - subdirectory

server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /PATH/TO/YOUR/SSL.crt;
    ssl_certificate_key /PATH/TO/YOUR/SSL.key;

    server_name domainname.com;
    root /PATH/TO/YOUR/domainname.com;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root concurs with nginx's one
    location ~ /\.ht {
        deny all;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    # Add headers to serve security related headers
    # add Strict-Transport-Security to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;

    location /owncloud {

        client_max_body_size 2G; # set max upload size
        fastcgi_buffers 64 4K;

        error_page 403 /owncloud/core/templates/403.php;
        error_page 404 /owncloud/core/templates/404.php;

        rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ permanent;
        rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ permanent;

        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
        #rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;

        location = /owncloud/robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/owncloud/(build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        rewrite ^/owncloud/remote/(.*) /remote.php last;
        rewrite ^/owncloud(/core/doc/[^\/]+/)$ $1/index.html;
        try_files $uri $uri/ =404;

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
            fastcgi_intercept_errors on;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers
            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            # Optional: Don't log access to assets
            access_log off;
        }

        # Optional: Don't log access to other assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
            access_log off;
        }
    }
}