SHARE
TWEET

Untitled

a guest Dec 14th, 2019 75 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. user  www-data;
  2. worker_processes  1;
  3.  
  4. error_log  /var/log/nginx/error.log warn;
  5. pid        /var/run/nginx.pid;
  6.  
  7. events {
  8.     worker_connections  1024;
  9. }
  10.  
  11. http {
  12.     upstream backend {
  13.         server app:9000;
  14.     }
  15.  
  16.     resolver 127.0.0.11 ipv6=off;
  17.  
  18.     include       /etc/nginx/mime.types;
  19.     default_type  application/octet-stream;
  20.  
  21.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  22.                       '$status $body_bytes_sent "$http_referer" '
  23.                       '"$http_user_agent" "$http_x_forwarded_for"';
  24.  
  25.     access_log  /var/log/nginx/access.log  main;
  26.  
  27.     sendfile        on;
  28.     #tcp_nopush     on;
  29.  
  30.     keepalive_timeout  65;
  31.  
  32.     map $http_host $this_host {
  33.         "" $host;
  34.         default $http_host;
  35.     }
  36.  
  37.     map $http_x_forwarded_proto $the_scheme {
  38.         default $http_x_forwarded_proto;
  39.         "" $scheme;
  40.     }
  41.  
  42.     map $http_x_forwarded_host $the_host {
  43.         default $http_x_forwarded_host;
  44.         "" $this_host;
  45.     }
  46.  
  47.     server {
  48.         listen 80;
  49.  
  50.         # Add headers to serve security related headers
  51.         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  52.         add_header X-Content-Type-Options nosniff;
  53.         add_header X-XSS-Protection "1; mode=block";
  54.         add_header X-Robots-Tag none;
  55.         add_header X-Download-Options noopen;
  56.         add_header X-Permitted-Cross-Domain-Policies none;
  57.  
  58.         root /var/www/html;
  59.         client_max_body_size 10G; # 0=unlimited - set max upload size
  60.         fastcgi_buffers 64 4K;
  61.  
  62.         gzip off;
  63.  
  64.         index index.php;
  65.         error_page 403 /core/templates/403.php;
  66.         error_page 404 /core/templates/404.php;
  67.  
  68.         rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  69.         rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
  70.  
  71.         location = /robots.txt {
  72.             allow all;
  73.             log_not_found off;
  74.             access_log off;
  75.         }
  76.  
  77.         location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
  78.             deny all;
  79.         }
  80.  
  81.         location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  82.             deny all;
  83.         }
  84.  
  85.         location / {
  86.             rewrite ^/remote/(.*) /remote.php last;
  87.             rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  88.             try_files $uri $uri/ =404;
  89.         }
  90.  
  91.         location ~* ^/ds-vpath/ {
  92.             rewrite /ds-vpath/(.*) /$1  break;
  93.             proxy_pass http://onlyoffice-document-server;
  94.             proxy_redirect     off;
  95.  
  96.             client_max_body_size 100m;
  97.  
  98.             proxy_http_version 1.1;
  99.             proxy_set_header Upgrade $http_upgrade;
  100.             proxy_set_header Connection "upgrade";
  101.  
  102.             proxy_set_header Host $http_host;
  103.             proxy_set_header X-Real-IP $remote_addr;
  104.             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  105.             proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
  106.             proxy_set_header X-Forwarded-Proto $the_scheme;
  107.         }
  108.  
  109.         location ~ \.php(?:$|/) {
  110.             fastcgi_split_path_info ^(.+\.php)(/.+)$;
  111.             include fastcgi_params;
  112.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  113.             fastcgi_param PATH_INFO $fastcgi_path_info;
  114.             # fastcgi_param HTTPS off;
  115.             fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
  116.             fastcgi_pass backend;
  117.             fastcgi_intercept_errors on;
  118.             # fastcgi_param HTTPS 1;
  119.         }
  120.  
  121.         # Adding the cache control header for js and css files
  122.         # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  123.         location ~* \.(?:css|js)$ {
  124.             add_header Cache-Control "public, max-age=7200";
  125.             # Add headers to serve security related headers
  126.             add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  127.             add_header X-Content-Type-Options nosniff;
  128.             add_header X-Frame-Options "SAMEORIGIN";
  129.             add_header X-XSS-Protection "1; mode=block";
  130.             add_header X-Robots-Tag none;
  131.             add_header X-Download-Options noopen;
  132.             add_header X-Permitted-Cross-Domain-Policies none;
  133.             # Optional: Don't log access to assets
  134.             access_log off;
  135.         }
  136.  
  137.         # Optional: Don't log access to other assets
  138.         location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
  139.             access_log off;
  140.         }
  141.     }
  142. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top