Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- server {
- server_name nextcloud.domain.com;
- add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
- set $upstream 192.168.1.14:80;
- location / {
- proxy_pass_header Authorization;
- proxy_pass http://$upstream;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header Accept-Encoding "";
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Nginx-Proxy true;
- client_body_buffer_size 512k;
- proxy_read_timeout 86400s;
- client_max_body_size 0;
- # Safari IOS fix
- proxy_cookie_path / /;
- proxy_set_header Cookie $http_cookie;
- # Websocket
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Connection "Keep-Alive";
- proxy_set_header Proxy-Connection "Keep-Alive";
- # Remove X-Powered-By, which is an information leak
- fastcgi_hide_header X-Powered-By;
- }
- location ^~ /.well-known {
- # The rules in this block are an adaptation of the rules
- # in the Nextcloud `.htaccess` that concern `/.well-known`.
- location = /.well-known/carddav { return 301 $scheme://$http_host/remote.php/dav/; }
- location = /.well-known/caldav { return 301 $scheme://$http_host/remote.php/dav/; }
- location = /.well-known/nodeinfo { return 301 $scheme://$http_host/index.php/.well-known/nodeinfo; }
- location = /.well-known/webfinger { return 301 $scheme://$http_host/index.php/.well-known/webfinger; }
- # Let Nextcloud's API for `/.well-known` URIs handle all other
- # requests by passing them to the front-end controller.
- return 301 $scheme://$http_host/index.php$request_uri;
- }
- location /ocm-provider {
- return 301 $scheme://$host/index.php/ocm-provider;
- }
- listen 443 ssl http2; # managed by Certbot
- ssl_certificate /etc/letsencrypt/live/nextcloud.domain.com/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem; # managed by Certbot
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
- } server {
- if ($host = nextcloud.domain.com) {
- return 301 https://$host$request_uri;
- } # managed by Certbot
- server_name nextcloud.domain.com;
- listen 80;
- return 404; # managed by Certbot
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement