103 lines
2.5 KiB
Text
103 lines
2.5 KiB
Text
http://${nextcloud_domain}:80 {
|
|
redir https://${nextcloud_domain}{uri} permanent
|
|
}
|
|
|
|
${nextcloud_domain}:443 {
|
|
root * /var/www/html
|
|
encode gzip zstd
|
|
|
|
rewrite /ocm-provider/ /index.php
|
|
rewrite /ocs-provider/ /ocs-provider/index.php
|
|
rewrite /remote /remote.php
|
|
rewrite /remote/* /remote.php?{query}
|
|
|
|
redir /.well-known/caldav /remote.php/dav 301
|
|
redir /.well-known/carddav /remote.php/dav 301
|
|
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
|
|
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
|
|
|
|
# .htaccess / data / config / ... shouldn't be accessible from outside
|
|
@forbidden {
|
|
path /.htaccess
|
|
path /.xml
|
|
path /console.php
|
|
path /cron.php
|
|
path /3rdparty/*
|
|
path /README
|
|
path /autotest/*
|
|
path /build/*
|
|
path /config/*
|
|
path /console/*
|
|
path /data/*
|
|
path /db_*/*
|
|
path /db_structure
|
|
path /indie/*
|
|
path /issue/*
|
|
path /lib/*
|
|
path /occ
|
|
path /occ/*
|
|
path /templates/*
|
|
path /tests/*
|
|
}
|
|
respond @forbidden 404
|
|
|
|
@static {
|
|
method GET HEAD
|
|
not path /index.php*
|
|
not path /apps/theming/composer/*
|
|
not path /apps/theming/lib/*
|
|
not path /apps/theming/templates/*
|
|
not path /apps/theming/theme/*
|
|
not path /js/core/merged-template-prepend.js
|
|
path *.css
|
|
path *.css.map
|
|
path *.gif
|
|
path *.ico
|
|
path *.jpg
|
|
path *.js
|
|
path *.js.map
|
|
path *.json
|
|
path *.mjs
|
|
path *.otf
|
|
path *.png
|
|
path *.svg
|
|
path *.tflite
|
|
path *.wasm
|
|
path *.webp
|
|
path *.woff2
|
|
}
|
|
|
|
handle @static {
|
|
header Cache-Control "max-age=604800"
|
|
file_server
|
|
}
|
|
|
|
handle * {
|
|
@index_files file {
|
|
try_files {path} {path}/index.php /index.php{path}
|
|
split_path .php
|
|
}
|
|
rewrite @index_files {file_match.relative}
|
|
php_fastcgi nextcloud:9000 {
|
|
env PATH /bin
|
|
env modHeadersAvailable true
|
|
env front_controller_active true
|
|
dial_timeout 60s
|
|
read_timeout 3600s
|
|
write_timeout 300s
|
|
header_up X-Forwarded-For {header.X-Forwarded-For} # Keep header from previous "general" reverse proxy
|
|
header_up X-Real-IP {remote_host}
|
|
}
|
|
|
|
header Strict-Transport-Security "max-age=15768000;"
|
|
header X-Content-Type-Options "nosniff"
|
|
header X-XSS-Protection "1; mode=block"
|
|
header X-Robots-Tag "noindex, nofollow"
|
|
header X-Download-Options "noopen"
|
|
header X-Permitted-Cross-Domain-Policies "none"
|
|
header Referrer-Policy "no-referrer"
|
|
header X-Frame-Options "SAMEORIGIN"
|
|
|
|
log
|
|
tls internal
|
|
}
|