Advertisement
Guest User

nextcloud.conf

a guest
Jun 25th, 2018
674
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.46 KB | None | 0 0
  1. server {
  2. listen 80;
  3. server_name nextcloud.your-domain.com;
  4.  
  5. # Add headers to serve security related headers
  6. add_header X-Content-Type-Options nosniff;
  7. add_header X-Frame-Options "SAMEORIGIN";
  8. add_header X-XSS-Protection "1; mode=block";
  9. add_header X-Robots-Tag none;
  10. add_header X-Download-Options noopen;
  11. add_header X-Permitted-Cross-Domain-Policies none;
  12.  
  13. # Path to the root of your installation
  14. root /usr/share/nginx/nextcloud/;
  15.  
  16. location = /robots.txt {
  17. allow all;
  18. log_not_found off;
  19. access_log off;
  20. }
  21.  
  22. # The following 2 rules are only needed for the user_webfinger app.
  23. # Uncomment it if you're planning to use this app.
  24. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  25. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
  26. # last;
  27.  
  28. location = /.well-known/carddav {
  29. return 301 $scheme://$host/remote.php/dav;
  30. }
  31. location = /.well-known/caldav {
  32. return 301 $scheme://$host/remote.php/dav;
  33. }
  34.  
  35. location ~ /.well-known/acme-challenge {
  36. allow all;
  37. }
  38.  
  39. # set max upload size
  40. client_max_body_size 512M;
  41. fastcgi_buffers 64 4K;
  42.  
  43. # Disable gzip to avoid the removal of the ETag header
  44. gzip off;
  45.  
  46. # Uncomment if your server is build with the ngx_pagespeed module
  47. # This module is currently not supported.
  48. #pagespeed off;
  49.  
  50. error_page 403 /core/templates/403.php;
  51. error_page 404 /core/templates/404.php;
  52.  
  53. location / {
  54. rewrite ^ /index.php$uri;
  55. }
  56.  
  57. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
  58. deny all;
  59. }
  60. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  61. deny all;
  62. }
  63.  
  64. location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
  65. include fastcgi_params;
  66. fastcgi_split_path_info ^(.+\.php)(/.*)$;
  67. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  68. fastcgi_param PATH_INFO $fastcgi_path_info;
  69. #Avoid sending the security headers twice
  70. fastcgi_param modHeadersAvailable true;
  71. fastcgi_param front_controller_active true;
  72. fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
  73. fastcgi_intercept_errors on;
  74. fastcgi_request_buffering off;
  75. }
  76.  
  77. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
  78. try_files $uri/ =404;
  79. index index.php;
  80. }
  81.  
  82. # Adding the cache control header for js and css files
  83. # Make sure it is BELOW the PHP block
  84. location ~* \.(?:css|js)$ {
  85. try_files $uri /index.php$uri$is_args$args;
  86. add_header Cache-Control "public, max-age=7200";
  87. # Add headers to serve security related headers (It is intended to
  88. # have those duplicated to the ones above)
  89. add_header X-Content-Type-Options nosniff;
  90. add_header X-Frame-Options "SAMEORIGIN";
  91. add_header X-XSS-Protection "1; mode=block";
  92. add_header X-Robots-Tag none;
  93. add_header X-Download-Options noopen;
  94. add_header X-Permitted-Cross-Domain-Policies none;
  95. # Optional: Don't log access to assets
  96. access_log off;
  97. }
  98.  
  99. location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
  100. try_files $uri /index.php$uri$is_args$args;
  101. # Optional: Don't log access to other assets
  102. access_log off;
  103. }
  104. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement