#user html;worker_processes 1;#error_log logs/error.log;#error_log

1.  
2. #user html;
3. worker_processes 1;
4.  
5. #error_log logs/error.log;
6. #error_log logs/error.log notice;
7. #error_log logs/error.log info;
8.  
9. #pid logs/nginx.pid;
10.  
11.  
12. events {
13. worker_connections 1024;
14. }
15.  
16.  
17. http {
18. include mime.types;
19. default_type application/octet-stream;
20.  
21. #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
22. # '$status $body_bytes_sent "$http_referer" '
23. # '"$http_user_agent" "$http_x_forwarded_for"';
24.  
25. #access_log logs/access.log main;
26.  
27. sendfile on;
28. #tcp_nopush on;
29.  
30. #keepalive_timeout 0;
31. keepalive_timeout 65;
32.  
33. #gzip on;
34.  
35. server {
36. listen 80;
37. server_name localhost;
38.  
39. #charset koi8-r;
40.  
41. #access_log logs/host.access.log main;
42.  
43. location / {
44. root /usr/share/nginx/html;
45. index index.html index.htm;
46. }
47.  
48. #error_page 404 /404.html;
49.  
50. # redirect server error pages to the static page /50x.html
51. #
52. error_page 500 502 503 504 /50x.html;
53. location = /50x.html {
54. root /usr/share/nginx/html;
55. }
56.  
57. # proxy the PHP scripts to Apache listening on 127.0.0.1:80
58. #
59. #location ~ \.php$ {
60. # proxy_pass http://127.0.0.1;
61. #}
62.  
63. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
64. #
65. #location ~ \.php$ {
66. # root html;
67. # fastcgi_pass 127.0.0.1:9000;
68. # fastcgi_index index.php;
69. # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
70. # include fastcgi_params;
71. #}
72.  
73. # deny access to .htaccess files, if Apache's document root
74. # concurs with nginx's one
75. #
76. #location ~ /\.ht {
77. # deny all;
78. #}
79. }
80.  
81.  
82. # another virtual host using mix of IP-, name-, and port-based configuration
83. #
84. #server {
85. # listen 8000;
86. # listen somename:8080;
87. # server_name somename alias another.alias;
88.  
89. # location / {
90. # root html;
91. # index index.html index.htm;
92. # }
93. #}
94.  
95.  
96. # HTTPS server
97. #
98. #server {
99. # listen 443 ssl;
100. # server_name localhost;
101.  
102. # ssl_certificate cert.pem;
103. # ssl_certificate_key cert.key;
104.  
105. # ssl_session_cache shared:SSL:1m;
106. # ssl_session_timeout 5m;
107.  
108. # ssl_ciphers HIGH:!aNULL:!MD5;
109. # ssl_prefer_server_ciphers on;
110.  
111. # location / {
112. # root html;
113. # index index.html index.htm;
114. # }
115. #}
116.  
117. server {
118. listen 80;
119. server_name cloud.example.com;
120. # enforce https
121. return 301 https://$server_name$request_uri;
122. }
123.  
124. server {
125. listen 443 ssl;
126. server_name cloud.example.com;
127.  
128. ssl_certificate ssl/server.crt;
129. ssl_certificate_key ssl/server.key;
130.  
131. # Add headers to serve security related headers
132. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
133. add_header X-Content-Type-Options nosniff;
134. add_header X-Frame-Options "SAMEORIGIN";
135. add_header X-XSS-Protection "1; mode=block";
136. add_header X-Robots-Tag none;
137. add_header X-Download-Options noopen;
138. add_header X-Permitted-Cross-Domain-Policies none;
139.  
140. # Path to the root of your installation
141. root /usr/share/webapps/owncloud/;
142. # set max upload size
143. client_max_body_size 10G;
144. fastcgi_buffers 64 4K;
145.  
146. # Disable gzip to avoid the removal of the ETag header
147. gzip off;
148.  
149. # Uncomment if your server is build with the ngx_pagespeed module
150. # This module is currently not supported.
151. #pagespeed off;
152.  
153. index index.php;
154. error_page 403 /core/templates/403.php;
155. error_page 404 /core/templates/404.php;
156.  
157. rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
158. rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;
159.  
160. # The following 2 rules are only needed for the user_webfinger app.
161. # Uncomment it if you're planning to use this app.
162. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
163. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
164.  
165. location = /robots.txt {
166. allow all;
167. log_not_found off;
168. access_log off;
169. }
170.  
171. location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
172. deny all;
173. }
174.  
175. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
176. deny all;
177. }
178.  
179. location / {
180. rewrite ^/remote/(.*) /remote.php last;
181. rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
182. try_files $uri $uri/ =404;
183. }
184.  
185. location ~ \.php(?:$|/) {
186. fastcgi_split_path_info ^(.+\.php)(/.+)$;
187. include fastcgi_params;
188. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
189. fastcgi_param PATH_INFO $fastcgi_path_info;
190. fastcgi_param HTTPS on;
191. fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
192. fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
193. fastcgi_intercept_errors on;
194. }
195.  
196. # Adding the cache control header for js and css files
197. # Make sure it is BELOW the location ~ \.php(?:$|/) { block
198. location ~* \.(?:css|js)$ {
199. add_header Cache-Control "public, max-age=7200";
200. # Add headers to serve security related headers
201. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
202. add_header X-Content-Type-Options nosniff;
203. add_header X-Frame-Options "SAMEORIGIN";
204. add_header X-XSS-Protection "1; mode=block";
205. add_header X-Robots-Tag none;
206. add_header X-Download-Options noopen;
207. add_header X-Permitted-Cross-Domain-Policies none;
208. # Optional: Don't log access to assets
209. access_log off;
210. }
211.  
212. # Optional: Don't log access to other assets
213. location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
214. access_log off;
215. }
216. }
217.  
218.  
219.  
220.  
221. }