API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 3rd, 2016
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 4.57 KB | None | 0 0
raw download clone embed print report
  1. upstream php-handler {
  2.     server unix:/run/php/php7.0-fpm.sock;
  3. }
  4. fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
  5. fastcgi_cache_key $scheme$request_method$host$request_uri;
  6. map $request_uri $skip_cache {
  7.      default 1;
  8.      ~*/thumbnail.php 0;
  9.      ~*/apps/galleryplus/ 0;
  10.      ~*/apps/gallery/ 0;
  11. }
  12. server {
  13.     listen 80;
  14.     server_name mycloud.dyndns.org;
  15.     return 301 https://$server_name$request_uri;
  16. }
  17. server {
  18.     listen 443 ssl http2;
  19.     server_name mycloud.dyndns.org;
  20.     ssl_certificate /etc/letsencrypt/live/mycloud.dyndns.org/fullchain.pem;
  21.     ssl_certificate_key /etc/letsencrypt/live/mycloud.dyndns.org/privkey.pem;
  22.     ssl_protocols TLSv1.2;
  23.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  24.     ssl_dhparam /etc/ssl/certs/dhparam.pem;
  25.     ssl_ecdh_curve secp384r1;
  26.     ssl_prefer_server_ciphers on;
  27.     ssl_stapling on;
  28.     ssl_stapling_verify on;
  29.     resolver 80.10.246.130;
  30.     ssl_trusted_certificate /etc/letsencrypt/live/mycloud.dyndns.org/fullchain.pem;
  31.     ssl_session_timeout 24h;
  32.     ssl_session_cache shared:SSL:50m;
  33.     ssl_session_tickets off;
  34.     add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
  35.     add_header X-Content-Type-Options nosniff;
  36.     add_header X-Frame-Options "SAMEORIGIN";
  37.     add_header X-XSS-Protection "1; mode=block";
  38.     add_header X-Robots-Tag none;
  39.     add_header X-Download-Options noopen;
  40.     add_header X-Permitted-Cross-Domain-Policies none;
  41.     root /var/www/nextcloud/;
  42.     location = /robots.txt {
  43.         allow all;
  44.         log_not_found off;
  45.         access_log off;
  46.     }
  47.     location ^~ /.well-known/acme-challenge {
  48.     default_type text/plain;
  49.     root /var/www/letsencrypt;
  50.     }
  51.     location = /.well-known/carddav { return 301
  52.     $scheme://$host/remote.php/dav; }
  53.     location = /.well-known/caldav { return 301
  54.     $scheme://$host/remote.php/dav; }
  55.     client_max_body_size 1G;
  56.     fastcgi_buffers 64 4K;
  57.     gzip on;
  58.     gzip_vary on;
  59.     gzip_types application/javascript application/x-javascript text/javascript text/xml text/css;
  60.     # or set "gzip off;"
  61.     error_page 403 /core/templates/403.php;
  62.     error_page 404 /core/templates/404.php;
  63.     location / {
  64.         rewrite ^ /index.php$uri;
  65.     }
  66.     location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
  67.         deny all;
  68.     }
  69.     location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  70.         deny all;
  71.     }
  72.  location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
  73.         fastcgi_split_path_info ^(.+\.php)(/.*)$;
  74.         include fastcgi_params;
  75.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  76.         fastcgi_param PATH_INFO $fastcgi_path_info;
  77.         fastcgi_param HTTPS on;
  78.         fastcgi_param modHeadersAvailable true;
  79.         fastcgi_param front_controller_active true;
  80.         fastcgi_pass php-handler;
  81.         fastcgi_intercept_errors on;
  82.         fastcgi_request_buffering off;
  83.         fastcgi_read_timeout 300;
  84.         fastcgi_send_timeout 300;
  85.         fastcgi_connect_timeout 300;
  86.         fastcgi_cache_bypass $skip_cache;
  87.         fastcgi_no_cache $skip_cache;
  88.         fastcgi_cache NEXTCLOUD;
  89.         fastcgi_cache_valid  60m;
  90.         fastcgi_cache_methods GET HEAD;
  91.     }
  92.     location ~ ^/(?:updater|ocs-provider)(?:$|/) {
  93.         try_files $uri/ =404;
  94.         index index.php;
  95.     }
  96.     location ~* \.(?:css|js)$ {
  97.         try_files $uri /index.php$uri$is_args$args;
  98.         add_header Cache-Control "public, max-age=7200";
  99.         add_header X-Content-Type-Options nosniff;
  100.         add_header X-Frame-Options "SAMEORIGIN";
  101.         add_header X-XSS-Protection "1; mode=block";
  102.         add_header X-Robots-Tag none;
  103.         add_header X-Download-Options noopen;
  104.         add_header X-Permitted-Cross-Domain-Policies none;
  105.         access_log off;
  106.     }
  107.     location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
  108.         try_files $uri /index.php$uri$is_args$args;
  109.         access_log off;
  110.     }
  111. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!