Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80;
- listen [::]:80;
- root /var/www/html/owncloud;
- index index.php index.html index.htm;
- server_name _;
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- # The following 2 rules are only needed for the user_webfinger app.
- # Uncomment it if you're planning to use this app.
- #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
- location = /.well-known/carddav {
- return 301 $scheme://$host/remote.php/dav;
- }
- location = /.well-known/caldav {
- return 301 $scheme://$host/remote.php/dav;
- }
- # set max upload size
- client_max_body_size 512M;
- fastcgi_buffers 8 4K; # Please see note 1
- fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2
- # Disable gzip to avoid the removal of the ETag header
- # Enabling gzip would also make your server vulnerable to BREACH
- # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugrep$
- gzip off;
- # Uncomment if your server is build with the ngx_pagespeed module
- # This module is currently not supported.
- #pagespeed off;
- error_page 403 /core/templates/403.php;
- error_page 404 /core/templates/404.php;
- location / {
- rewrite ^ /index.php$uri;
- }
- location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
- return 404;
- }
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
- return 404;
- }
- location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+|core/templates/40[34])\.php(?:$|/) {
- include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
- fastcgi_split_path_info ^(.+\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/pr$
- fastcgi_param PATH_INFO $fastcgi_path_info;
- #fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_param front_controller_active true;
- fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries
- #fastcgi_pass php-handler;
- fastcgi_intercept_errors on;
- fastcgi_request_buffering off; #Available since NGINX 1.7.11
- }
- location ~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|/) {
- try_files $uri $uri/ =404;
- index index.php;
- }
- # Adding the cache control header for js and css files
- # Make sure it is BELOW the PHP block
- location ~ \.(?:css|js)$ {
- try_files $uri /index.php$uri$is_args$args;
- add_header Cache-Control "max-age=15778463" always;
- # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
- # The always parameter ensures that the header is set for all responses, including internally generated error responses.
- # Before enabling Strict-Transport-Security headers please read into this topic first.
- # https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
- #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
- add_header X-Content-Type-Options nosniff always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-XSS-Protection "1; mode=block" always;
- add_header X-Robots-Tag none always;
- add_header X-Download-Options noopen always;
- add_header X-Permitted-Cross-Domain-Policies none always;
- # Optional: Don't log access to assets
- access_log off;
- }
- location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json)$ {
- add_header Cache-Control "public, max-age=7200" always;
- try_files $uri /index.php$uri$is_args$args;
- # Optional: Don't log access to other assets
- access_log off;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement