API tools faq
paste
Advertisement
MertcanGokgoz

OwnCloud With SSL on NGINX

MertcanGokgoz
Mar 14th, 2019
687
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 3.95 KB | None | 0 0
raw download clone embed print report
  1. upstream php-handler {
  2.     #server 127.0.0.1:9000;
  3.     server unix:/var/run/php/php7.2-fpm.sock;
  4. }
  5.  
  6. server {
  7.     listen 80;
  8.     listen [::]:80;
  9.     server_name cloud.mertcangokgoz.com;
  10.     # enforce https
  11.     return 301 https://$server_name$request_uri;
  12. }
  13.  
  14. server {
  15.     listen 443 ssl http2;
  16.     listen [::]:443 ssl http2;
  17.     server_name cloud.mertcangokgoz.com;
  18.  
  19.     # SSL
  20.     ssl_session_timeout 1d;
  21.     ssl_session_cache shared:SSL:50m;
  22.     ssl_session_tickets off;
  23.  
  24.     # modern configuration
  25.     ssl_protocols TLSv1.2;
  26.     ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
  27.     ssl_prefer_server_ciphers on;
  28.  
  29.     # OCSP Stapling
  30.     ssl_stapling on;
  31.     ssl_stapling_verify on;
  32.     resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
  33.     resolver_timeout 2s;
  34.  
  35.     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  36.     add_header X-Content-Type-Options nosniff;
  37.     add_header X-Frame-Options "SAMEORIGIN";
  38.     add_header X-XSS-Protection "1; mode=block";
  39.     add_header X-Robots-Tag none;
  40.     add_header X-Download-Options noopen;
  41.     add_header X-Permitted-Cross-Domain-Policies none;
  42.  
  43.     # Path to the root of your installation
  44.     set $base /var/www/cloud.mertcangokgoz.com;
  45.     root $base/public;
  46.  
  47.     # set max upload size
  48.     client_max_body_size 12G;
  49.     fastcgi_buffers 64 4K;
  50.  
  51.     index index.php;
  52.     error_page 403 /core/templates/403.php;
  53.     error_page 404 /core/templates/404.php;
  54.  
  55.     rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  56.     rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
  57.  
  58.     # The following 2 rules are only needed for the user_webfinger app.
  59.     # Uncomment it if you're planning to use this app.
  60.     #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  61.     #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  62.  
  63.     location = /robots.txt {
  64.         allow all;
  65.         log_not_found off;
  66.         access_log off;
  67.     }
  68.  
  69.     location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
  70.         deny all;
  71.     }
  72.  
  73.     location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  74.         deny all;
  75.     }
  76.  
  77.     location / {
  78.  
  79.         rewrite ^/remote/(.*) /remote.php last;
  80.         rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  81.  
  82.       try_files $uri $uri/ =404;
  83.     }
  84.  
  85.     location ~ \.php(?:$|/) {
  86.         fastcgi_split_path_info ^(.+\.php)(/.+)$;
  87.         include fastcgi_params;
  88.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  89.         fastcgi_param PATH_INFO $fastcgi_path_info;
  90.         fastcgi_param HTTPS on;
  91.         fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
  92.         fastcgi_pass php-handler;
  93.         fastcgi_intercept_errors on;
  94.     }
  95.  
  96.     # Adding the cache control header for js and css files
  97.     # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  98.     location ~* \.(?:css|js)$ {
  99.         add_header Cache-Control "public, max-age=7200";
  100.         # Add headers to serve security related headers
  101.         # Before enabling Strict-Transport-Security headers please read into this topic first.
  102.         #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  103.         add_header X-Content-Type-Options nosniff;
  104.         add_header X-Frame-Options "SAMEORIGIN";
  105.         add_header X-XSS-Protection "1; mode=block";
  106.         add_header X-Robots-Tag none;
  107.         add_header X-Download-Options noopen;
  108.         add_header X-Permitted-Cross-Domain-Policies none;
  109.         # Optional: Don't log access to assets
  110.         access_log off;
  111.     }
  112.  
  113.     # Optional: Don't log access to other assets
  114.     location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
  115.         access_log off;
  116.     }
  117.   }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!