NextCloud config

1. php-handler7, server block, ssl stuff.
2.  
3. ..
4. ..
5.  
6. Nextcloud config:
7.  
8. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
9. add_header X-Content-Type-Options nosniff;
10. add_header X-Robots-Tag none;
11. add_header X-Download-Options noopen;
12. add_header X-Permitted-Cross-Domain-Policies none;
13. add_header X-Frame-Options "SAMEORIGIN";
14. add_header X-XSS-Protection "1; mode=block";
15.  
16. root /var/www/foo.bar;
17.  
18. client_max_body_size 10G;
19. fastcgi_buffers 64 4K;
20. create_full_put_path on;
21. dav_access user:rw group:rw all:r;
22.  
23. index index.php;
24. error_page 403 /nextcloud/core/templates/403.php;
25. error_page 404 /nextcloud/core/templates/404.php;
26.  
27.  
28. location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
29. deny all;
30. }
31.  
32. location ~ ^/nextcloud(build|tests|config|lib|3rdparty|templates|data)/ {
33. deny all;
34. }
35.  
36. location ~ ^/nextcloud(?:\.|autotest|occ|issue|indie|db_|console) {
37. deny all;
38. }
39.  
40. location = /.well-known/carddav {
41. return 301 $scheme://$host/owncloud/remote.php/dav;
42. }
43.  
44. location = /.well-known/caldav {
45. return 301 $scheme://$host/owncloud/remote.php/dav;
46. }
47.  
48. location = /.well-known/acme-challenge { }
49.  
50. location /nextcloud {
51. rewrite ^ /nextcloud/index.php$uri;
52. }
53.  
54. location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
55. deny all;
56. }
57.  
58. location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
59. deny all;
60. }
61.  
62. location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
63. include fastcgi_params;
64. dav_methods PUT DELETE MKCOL COPY MOVE;
65. dav_ext_methods PROPFIND OPTIONS;
66. fastcgi_split_path_info ^(.+\.php)(/.+)$;
67. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
68. fastcgi_param PATH_INFO $fastcgi_path_info;
69. fastcgi_param HTTPS on;
70. #Avoid sending the security headers twice
71. fastcgi_param modHeadersAvailable true;
72. fastcgi_param front_controller_active true;
73. fastcgi_pass php-handler7;
74. fastcgi_intercept_errors on;
75. fastcgi_request_buffering off;
76. }
77.  
78. location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
79. try_files $uri/ =404;
80. index index.php;
81. }
82.  
83. location ~* \.(?:css|js)$ {
84. try_files $uri /nextcloud/index.php$uri$is_args$args;
85. }
86.  
87. location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
88. try_files $uri /nextcloud/index.php$uri$is_args$args;
89. # Optional: Don't log access to other assets
90. access_log off;
91. }
92.  
93. # PHP block for all NON nextcloud php files
94. location ~ (.*\.php)$ {
95. include fastcgi_params;
96. fastcgi_split_path_info ^(.+\.php)(/.+)$;
97. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
98. fastcgi_param PATH_INFO $fastcgi_path_info;
99. fastcgi_param HTTPS on;
100. fastcgi_param modHeadersAvailable true;
101. fastcgi_param front_controller_active true;
102. fastcgi_intercept_errors on;
103. fastcgi_request_buffering off;
104. fastcgi_pass php-handler7;
105. }
106.  
107. location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
108. expires 30d;
109. access_log on;
110. }