SHOW:
|
|
- or go back to the newest paste.
1 | server { | |
2 | listen 80; | |
3 | server_name dom.herfort.eu; | |
4 | return 301 https://$server_name$request_uri; | |
5 | } | |
6 | server { | |
7 | listen 443 ssl http2; | |
8 | server_name dom.herfort.eu; | |
9 | root /var/www/nextcloud; | |
10 | ||
11 | ssl on; | |
12 | ssl_certificate /etc/letsencrypt/live/dom.herfort.eu/fullchain.pem; | |
13 | ssl_certificate_key /etc/letsencrypt/live/dom.herfort.eu/privkey.pem; | |
14 | ssl_session_timeout 5m; | |
15 | ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL'; | |
16 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
17 | ssl_prefer_server_ciphers on; | |
18 | ||
19 | add_header X-Content-Type-Options nosniff; | |
20 | add_header X-Frame-Options "SAMEORIGIN"; | |
21 | add_header X-XSS-Protection "1; mode=block"; | |
22 | add_header X-Robots-Tag none; | |
23 | add_header X-Download-Options noopen; | |
24 | add_header X-Permitted-Cross-Domain-Policies none; | |
25 | ||
26 | access_log /var/log/nginx/nextcloud.access.log; | |
27 | error_log /var/log/nginx/nextcloud.error.log; | |
28 | ||
29 | location = /robots.txt { | |
30 | allow all; | |
31 | log_not_found off; | |
32 | access_log off; | |
33 | } | |
34 | ||
35 | location = /.well-known/carddav { | |
36 | return 301 $scheme://$host/remote.php/dav; | |
37 | } | |
38 | location = /.well-known/caldav { | |
39 | return 301 $scheme://$host/remote.php/dav; | |
40 | } | |
41 | ||
42 | client_max_body_size 512M; | |
43 | fastcgi_buffers 64 4K; | |
44 | gzip off; | |
45 | ||
46 | error_page 403 /core/templates/403.php; | |
47 | error_page 404 /core/templates/404.php; | |
48 | ||
49 | location / { | |
50 | rewrite ^ /index.php$uri; | |
51 | } | |
52 | ||
53 | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { | |
54 | deny all; | |
55 | } | |
56 | ||
57 | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { | |
58 | deny all; | |
59 | } | |
60 | ||
61 | location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | |
62 | include fastcgi_params; | |
63 | fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
64 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
65 | fastcgi_param PATH_INFO $fastcgi_path_info; | |
66 | fastcgi_param HTTPS on; | |
67 | #Avoid sending the security headers twice | |
68 | fastcgi_param modHeadersAvailable true; | |
69 | fastcgi_param front_controller_active true; | |
70 | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; | |
71 | fastcgi_intercept_errors on; | |
72 | fastcgi_request_buffering off; | |
73 | } | |
74 | ||
75 | location ~ ^/(?:updater|ocs-provider)(?:$|/) { | |
76 | try_files $uri/ =404; | |
77 | index index.php; | |
78 | } | |
79 | ||
80 | location ~* \.(?:css|js)$ { | |
81 | try_files $uri /index.php$uri$is_args$args; | |
82 | add_header Cache-Control "public, max-age=7200"; | |
83 | add_header X-Content-Type-Options nosniff; | |
84 | add_header X-Frame-Options "SAMEORIGIN"; | |
85 | add_header X-XSS-Protection "1; mode=block"; | |
86 | add_header X-Robots-Tag none; | |
87 | add_header X-Download-Options noopen; | |
88 | add_header X-Permitted-Cross-Domain-Policies none; | |
89 | # Optional: Don't log access to assets | |
90 | access_log off; | |
91 | } | |
92 | ||
93 | location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { | |
94 | try_files $uri /index.php$uri$is_args$args; | |
95 | access_log off; | |
96 | } | |
97 | ||
98 | location ~ /\.ht { | |
99 | deny all; | |
100 | } | |
101 | ||
102 | location /tv { | |
103 | proxy_pass http://127.0.0.1:9981; | |
104 | proxy_redirect off; | |
105 | proxy_set_header Host $host; | |
106 | proxy_set_header X-Real-IP $remote_addr; | |
107 | proxy_set_header X-Forwarded-For $remote_addr; | |
108 | proxy_set_header X-Forwarded-Proto https; | |
109 | } | |
110 | ||
111 | include snippets/letsencrypt.include; | |
112 | } |