Untitled

server {
  listen 80;
  listen [::]:80;
  root /var/www/html/owncloud;
  index index.php index.html index.htm;
  server_name _;
  location = /robots.txt {

    allow all;
    log_not_found off;
    access_log off;
  }
  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  location = /.well-known/carddav {

    return 301 $scheme://$host/remote.php/dav;
  }
  location = /.well-known/caldav {

    return 301 $scheme://$host/remote.php/dav;
  }
  # set max upload size
  client_max_body_size 512M;
  fastcgi_buffers 8 4K; # Please see note 1
  fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2
  # Disable gzip to avoid the removal of the ETag header
  # Enabling gzip would also make your server vulnerable to BREACH
  # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugrep$
  gzip off;
  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;
  location / {

    rewrite ^ /index.php$uri;
  }
  location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {

    return 404;
  }
  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {

    return 404;
  }
  location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+|core/templates/40[34])\.php(?:$|/) {

    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/pr$
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_param front_controller_active true;
    fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries
    #fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off; #Available since NGINX 1.7.11
  }

  location ~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|/) {

    try_files $uri $uri/ =404;
    index index.php;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the PHP block
  location ~ \.(?:css|js)$ {

    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "max-age=15778463" always;
    # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
    # The always parameter ensures that the header is set for all responses, including internally generated error responses.
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    # https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
    #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options nosniff always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Robots-Tag none always;
    add_header X-Download-Options noopen always;
    add_header X-Permitted-Cross-Domain-Policies none always;
    # Optional: Don't log access to assets
    access_log off;
  }
  location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json)$ {

    add_header Cache-Control "public, max-age=7200" always;
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
  }
}