nextcloud-default-nginx.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

    rewrite ^/nextcloud$ /nextcloud/ redirect;

    location /nextcloud/ {
        root /usr/share/;

        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;


        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        index index.php;

        error_page 403 /nextcloud/core/templates/403.php;
        error_page 404 /nextcloud/core/templates/404.php;

        location ~ ^/nextcloud/apps-appstore/(.*)$ {
            alias /var/lib/nextcloud/apps/$1;
        }

        location ~ ^/nextcloud/assets/(.*)$ {
            alias /var/lib/nextcloud/assets/$1;
        }

        location ~ ^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        rewrite ^/nextcloud/remote/(.*) /nextcloud/remote.php last;
        rewrite ^/nextcloud/core/doc/([^\/]+)(?:$|/) /nextcloud/core/doc/$1/index.html;

        try_files $uri $uri/ =404;

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        #    fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_pass php-nextcloud;
            fastcgi_intercept_errors on;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
            add_header Cache-Control "public, max-age=7200";
            # Optional: Don't log access to assets
            access_log off;
        }

        # Optional: Don't log access to other assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
            access_log off;
        }

        }