Denisle

Correct NGINX conf

May 28th, 2022 (edited)
210
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. upstream php-handler {
  2.     server unix:/run/php/php8.1-fpm.sock;
  3. }
  4.  
  5. server {
  6.     listen 80 default_server;
  7.     listen [::]:80 default_server;
  8.     server_name nc.MYDOMAIN.ru;
  9.     fastcgi_hide_header X-Powered-By;
  10.     fastcgi_read_timeout 3600;
  11.     fastcgi_send_timeout 3600;
  12.     fastcgi_connect_timeout 3600;
  13.  
  14.     server_tokens off;
  15.  
  16.     proxy_set_header X-Forwarded-Host $http_host;
  17.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  18.     proxy_set_header X-Forwarded-Proto $scheme;
  19.     proxy_buffers 8 64k;
  20.     proxy_busy_buffers_size 128k;
  21.     proxy_buffer_size 64k;
  22.  
  23.  
  24.     root /var/www/nextcloud;
  25.  
  26.     location = /robots.txt {
  27.         allow all;
  28.         log_not_found off;
  29.         access_log off;
  30.     }
  31.  
  32.     rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect;
  33.     rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect;
  34.     rewrite ^/\.well-known/webfinger //index.php/.well-known/webfinger last;
  35.     rewrite ^/\.well-known/nodeinfo //index.php/.well-known/nodeinfo last;
  36.  
  37.     client_max_body_size 100G;
  38.     client_body_timeout 36000s;
  39.     fastcgi_buffers 64 4K;
  40.     gzip on;
  41.     gzip_vary on;
  42.     gzip_comp_level 4;
  43.     gzip_min_length 256;
  44.     gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  45.     gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
  46.     add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
  47.     add_header Permissions-Policy                   "interest-cohort=()";
  48.     add_header Referrer-Policy                      "no-referrer"   always;
  49.     add_header X-Content-Type-Options               "nosniff"       always;
  50.     add_header X-Download-Options                   "noopen"        always;
  51.     add_header X-Frame-Options                      "SAMEORIGIN"    always;
  52.     add_header X-Permitted-Cross-Domain-Policies    "none"          always;
  53.     add_header X-Robots-Tag                         "none"          always;
  54.     add_header X-XSS-Protection                     "1; mode=block" always;
  55.     fastcgi_hide_header X-Powered-By;
  56.  
  57.     location / {
  58.         rewrite ^ /index.php;
  59.     }
  60.  
  61.     location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
  62.         deny all;
  63.     }
  64.  
  65.     location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
  66.         deny all;
  67.     }
  68.  
  69.     location ^~ /apps/rainloop/app/data {
  70.         deny all;
  71.     }
  72.  
  73.     location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
  74.  
  75.     location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
  76.  
  77.     location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
  78.         fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
  79.         set $path_info $fastcgi_path_info;
  80.         try_files $fastcgi_script_name =404;
  81.         include fastcgi_params;
  82.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  83.         fastcgi_param PATH_INFO $path_info;
  84.         fastcgi_param HTTPS on;
  85.         fastcgi_param modHeadersAvailable true;
  86.         fastcgi_param front_controller_active true;
  87.         fastcgi_pass php-handler;
  88.         fastcgi_intercept_errors on;
  89.         fastcgi_request_buffering off;
  90.     }
  91.  
  92.     location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
  93.         try_files $uri/ =404;
  94.         index index.php;
  95.     }
  96.  
  97.     location ~ \.(?:html|ttf|css|js|svg|gif|png|jpg|jpeg|ico|wasm|tflite|map|bcmap|mp4|webm)$ {
  98.         try_files $uri /index.php$request_uri;
  99.         add_header Cache-Control "public, max-age=15778463";
  100.         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
  101.         expires 6M;
  102.         access_log off;
  103.     }
  104.  
  105. }
RAW Paste Data Copied