API tools faq
paste
Plaidstallion

Nginx_default_Nextcloud_and_Traefik_v2

Plaidstallion
May 21st, 2020
1,407
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.45 KB | None | 0 0
raw download clone embed print report
  1. upstream php-handler {
  2. server 127.0.0.1:9000;
  3. }
  4. server {
  5. listen 80;
  6.  
  7. # Add headers to serve security related headers
  8. # Before enabling Strict-Transport-Security headers please read into this
  9. # topic first.
  10. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
  11. #
  12. # WARNING: Only add the preload option once you read about
  13. # the consequences in https://hstspreload.org/. This option
  14. # will add the domain to a hardcoded list that is shipped
  15. # in all major browsers and getting removed from this list
  16. # could take several months.
  17.  
  18. add_header X-Content-Type-Options nosniff;
  19. add_header X-XSS-Protection "1; mode=block";
  20. add_header X-Robots-Tag none;
  21. add_header X-Download-Options noopen;
  22. add_header X-Frame-Options "SAMEORIGIN";
  23. add_header X-Permitted-Cross-Domain-Policies none;
  24. add_header Referrer-Policy no-referrer;
  25. fastcgi_hide_header X-Powered-By;
  26. root /config/www/nextcloud/;
  27. # display real ip in nginx logs when connected through reverse proxy via docker network
  28. set_real_ip_from 172.0.0.0/8;
  29. real_ip_header X-Forwarded-For;
  30. location = /robots.txt {
  31. allow all;
  32. log_not_found off;
  33. access_log off;
  34. }
  35. location = /.well-known/carddav {
  36. return 301 $scheme://$host:$server_port/remote.php/dav;
  37. }
  38. location = /.well-known/caldav {
  39. return 301 $scheme://$host:$server_port/remote.php/dav;
  40. }
  41. client_max_body_size 10G;
  42. fastcgi_buffers 64 4K;
  43. gzip on;
  44. gzip_vary on;
  45. gzip_comp_level 4;
  46. gzip_min_length 256;
  47. gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  48. gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
  49. location / {
  50. rewrite ^ /index.php;
  51. }
  52. location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
  53. deny all;
  54. }
  55. location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
  56. deny all;
  57. }
  58. location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
  59. fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
  60. set $path_info $fastcgi_path_info;
  61. try_files $fastcgi_script_name =404;
  62. include /etc/nginx/fastcgi_params;
  63. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  64. fastcgi_param PATH_INFO $path_info;
  65. fastcgi_param HTTPS on;
  66. fastcgi_param modHeadersAvailable true;
  67. fastcgi_param front_controller_active true;
  68. fastcgi_pass php-handler;
  69. fastcgi_intercept_errors on;
  70. fastcgi_request_buffering off;
  71. }
  72. location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
  73. try_files $uri/ =404;
  74. index index.php;
  75. }
  76. location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
  77. try_files $uri /index.php$request_uri;
  78. add_header Cache-Control "public, max-age=15778463";
  79. # Add headers to serve security related headers
  80. # Before enabling Strict-Transport-Security headers please read into this
  81. # topic first.
  82. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
  83. #
  84. # WARNING: Only add the preload option once you read about
  85. # the consequences in https://hstspreload.org/. This option
  86. # will add the domain to a hardcoded list that is shipped
  87. # in all major browsers and getting removed from this list
  88. # could take several months.
  89. add_header X-Content-Type-Options nosniff;
  90. add_header X-XSS-Protection "1; mode=block";
  91. add_header X-Robots-Tag none;
  92. add_header X-Download-Options noopen;
  93. add_header X-Frame-Options "SAMEORIGIN";
  94. add_header X-Permitted-Cross-Domain-Policies none;
  95. add_header Referrer-Policy no-referrer;
  96. access_log off;
  97. }
  98. location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
  99. try_files $uri /index.php$request_uri;
  100. access_log off;
  101. }
  102. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!