API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 28th, 2016
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.86 KB | None | 0 0
raw download clone embed print report
  1. http {
  2.  
  3.  
  4.  
  5. server {
  6. listen 80;
  7. server_name blumentopf.duckdns.org;
  8. root /srv/http/www;
  9. return 301 https://$server_name$request_uri;
  10. }
  11.  
  12.  
  13. include mime.types;
  14. default_type application/octet-stream;
  15.  
  16. sendfile on;
  17. keepalive_timeout 65;
  18.  
  19. ssl_certificate /etc/letsencrypt/live/reklrekl.duckdns.org/fullchain.pem;
  20. ssl_certificate_key /etc/letsencrypt/live/reklrekl.duckdns.org/privkey.pem;
  21.  
  22. ssl_session_cache shared:SSL:1m;
  23. ssl_session_timeout 5m;
  24.  
  25. ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  26. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  27. ssl_prefer_server_ciphers on;
  28. ssl_dhparam /etc/ssl/certs/dhparam.pem;
  29.  
  30. gzip on;
  31. gzip_comp_level 9;
  32. gzip_proxied any;
  33. gzip_types application/x-www-form-urlencoded text/plain image/png text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  34.  
  35. server {
  36. listen 443 ssl;
  37. server_name blumentopf.duckdns.org;
  38.  
  39. # Add headers to serve security related headers
  40. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  41. add_header X-Content-Type-Options nosniff;
  42. add_header X-Frame-Options "SAMEORIGIN";
  43. add_header X-XSS-Protection "1; mode=block";
  44. add_header X-Robots-Tag none;
  45. add_header X-Download-Options noopen;
  46. add_header X-Permitted-Cross-Domain-Policies none;
  47.  
  48. # Path to the root of your installation
  49. root /usr/share/webapps/owncloud/;
  50. # set max upload size
  51. client_max_body_size 16400M;
  52. fastcgi_buffers 64 4K;
  53. client_max_body_size 16400M;
  54. fastcgi_buffers 64 4K;
  55.  
  56. # Disable gzip to avoid the removal of the ETag header
  57. gzip off;
  58.  
  59. # Uncomment if your server is build with the ngx_pagespeed module
  60. # This module is currently not supported.
  61. #pagespeed off;
  62.  
  63. index index.php;
  64. error_page 403 /core/templates/403.php;
  65. error_page 404 /core/templates/404.php;
  66.  
  67. rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
  68. rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
  69.  
  70. # The following 2 rules are only needed for the user_webfinger app.
  71. # Uncomment it if you're planning to use this app.
  72. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  73. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  74.  
  75. location = /robots.txt {
  76. allow all;
  77. log_not_found off;
  78. access_log off;
  79. }
  80.  
  81. location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
  82. deny all;
  83. }
  84.  
  85. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  86. deny all;
  87. }
  88.  
  89. location / {
  90. rewrite ^/remote/(.*) /remote.php last;
  91. rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  92. try_files $uri $uri/ =404;
  93. }
  94.  
  95. location ~ \.php(?:$|/) {
  96. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  97. include fastcgi_params;
  98. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  99. fastcgi_param PATH_INFO $fastcgi_path_info;
  100. fastcgi_param HTTPS on;
  101. fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
  102. fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
  103. fastcgi_intercept_errors on;
  104. fastcgi_read_timeout 600;
  105. }
  106.  
  107. # Adding the cache control header for js and css files
  108. # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  109. location ~* \.(?:css|js)$ {
  110. add_header Cache-Control "public, max-age=7200";
  111. location ~* \.(?:css|js)$ {
  112. add_header Cache-Control "public, max-age=7200";
  113. # Add headers to serve security related headers
  114. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  115. add_header X-Content-Type-Options nosniff;
  116. add_header X-Frame-Options "SAMEORIGIN";
  117. add_header X-XSS-Protection "1; mode=block";
  118. add_header X-Robots-Tag none;
  119. add_header X-Download-Options noopen;
  120. add_header X-Permitted-Cross-Domain-Policies none;
  121. # Optional: Don't log access to assets
  122. access_log off;
  123. }
  124.  
  125. # Optional: Don't log access to other assets
  126. location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
  127. access_log off;
  128. }
  129.  
  130.  
  131. location /.well-known/acme-challenge/ {
  132. auth_basic off;
  133. }
  134.  
  135. }
  136. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!