Guest User

poopsies

a guest
Oct 22nd, 2019
118
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. upstream php-handler {
  2. server 127.0.0.1:9000;
  3. # server unix:/var/run/php/php7.0-fpm.sock;
  4. }
  5.  
  6. server {
  7. listen 80;
  8. server_name _;
  9. # enforce https
  10. return 301 https://$server_name$request_uri;
  11. }
  12.  
  13. server {
  14. listen 443 ssl;
  15. server_name _;
  16.  
  17. ssl_certificate /config/keys/cert.crt;
  18. ssl_certificate_key /config/keys/cert.key;
  19.  
  20. # Add headers to serve security related headers
  21. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  22. add_header X-Content-Type-Options nosniff;
  23. add_header X-Frame-Options "SAMEORIGIN";
  24. add_header X-XSS-Protection "1; mode=block";
  25. add_header X-Robots-Tag none;
  26. add_header X-Download-Options noopen;
  27. add_header X-Permitted-Cross-Domain-Policies none;
  28. add_header Referrer-Policy no-referrer always;
  29.  
  30. # Path to the root of your installation
  31. root /config/www/nextcloud/;
  32. # set max upload size
  33. client_max_body_size 10G;
  34. fastcgi_buffers 64 4K;
  35.  
  36. # Disable gzip to avoid the removal of the ETag header
  37. gzip off;
  38.  
  39. # Uncomment if your server is build with the ngx_pagespeed module
  40. # This module is currently not supported.
  41. #pagespeed off;
  42.  
  43. index index.php;
  44. error_page 403 /core/templates/403.php;
  45. error_page 404 /core/templates/404.php;
  46.  
  47. rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  48. rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
  49.  
  50. # The following 2 rules are only needed for the user_webfinger app.
  51. # Uncomment it if you're planning to use this app.
  52. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  53. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  54.  
  55. location = /robots.txt {
  56. allow all;
  57. log_not_found off;
  58. access_log off;
  59. }
  60.  
  61. location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
  62. deny all;
  63. }
  64.  
  65. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  66. deny all;
  67. }
  68.  
  69. location / {
  70.  
  71. rewrite ^/remote/(.*) /remote.php last;
  72.  
  73. rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  74.  
  75. try_files $uri $uri/ =404;
  76. }
  77.  
  78. location ~ \.php(?:$|/) {
  79. fastcgi_split_path_info ^(.+\.php)(/.+)$;
  80. include /etc/nginx/fastcgi_params;
  81. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  82. fastcgi_param PATH_INFO $fastcgi_path_info;
  83. fastcgi_param HTTPS on;
  84. fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
  85. fastcgi_pass php-handler;
  86. fastcgi_intercept_errors on;
  87. }
  88.  
  89. # Adding the cache control header for js and css files
  90. # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  91. location ~* \.(?:css|js)$ {
  92. add_header Cache-Control "public, max-age=7200";
  93. # Add headers to serve security related headers
  94. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  95. add_header X-Content-Type-Options nosniff;
  96. add_header X-Frame-Options "SAMEORIGIN";
  97. add_header X-XSS-Protection "1; mode=block";
  98. add_header X-Robots-Tag none;
  99. add_header X-Download-Options noopen;
  100. add_header X-Permitted-Cross-Domain-Policies none;
  101. add_header Referrer-Policy no-referrer always;
  102. # Optional: Don't log access to assets
  103. access_log off;
  104. }
  105.  
  106. # Optional: Don't log access to other assets
  107. location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
  108. access_log off;
  109. }
  110. }
RAW Paste Data