Browse Source

nextcloud: a step towards a better configuration

master
Y 4 months ago
parent
commit
cc49f17eb4

+ 2
- 2
roles/dmz_nextcloud_front/templates/nginx_lool.j2 View File

@@ -3,8 +3,8 @@
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.

# Nextcloud BUG
location ~ {{http_pfx_nextcloud}}/index.php/apps/richdocuments/(?:css|js|img|l10n|assets) {
rewrite ^{{http_pfx_nextcloud}}/index.php/apps/richdocuments(.*)$ {{http_pfx_nextcloud}}/index.php/xapps/richdocuments$1$is_args$query_string;
location ~ (?:{{http_pfx_nextcloud}})+/index.php/apps/richdocuments/(?:css|js|img|l10n|assets) {
rewrite ^(?:{{http_pfx_nextcloud}})+/index.php/apps/richdocuments(.*)$ {{http_pfx_nextcloud}}/index.php/xapps/richdocuments$1$is_args$query_string;
}

# https://www.collaboraoffice.com/code/nginx-reverse-proxy/

+ 8
- 13
roles/dmz_nextcloud_front/templates/nginx_nextcloud.j2 View File

@@ -10,37 +10,32 @@ location ~ ^/\.well-known/ca(?:rd|l)dav {
}

location {{http_pfx_nextcloud}} {
# BUG Nextcloud/Polls
location ~ ^(?:{{http_pfx_nextcloud}})+/apps/polls {
rewrite ^(?:{{http_pfx_nextcloud}})+/apps/polls(.*)$ {{http_pfx_nextcloud}}/xapps/polls$1$is_args$query_string;
}

location {{http_pfx_nextcloud}} {
rewrite ^{{http_pfx_nextcloud}}(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string;
rewrite ^(?:{{http_pfx_nextcloud}})+(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string;
}

location ~ ^{{http_pfx_nextcloud}}/(?:build|tests|config|lib|3rdparty|templates|data)/ {
location ~ ^(?:{{http_pfx_nextcloud}})+/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^{{http_pfx_nextcloud}}/(?:\.|autotest|occ|issue|indie|db_|console) {
location ~ ^(?:{{http_pfx_nextcloud}})+/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? {
add_header X-Frame-Options SAMEORIGIN;
location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? {
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
include uwsgi_params;
uwsgi_hide_header X-Frame-Options;
add_header Referrer-Policy no-referrer;
uwsgi_hide_header X-Content-Type-Options;
uwsgi_hide_header X-XSS-Protection;
uwsgi_hide_header X-Robots-Tag;
uwsgi_hide_header X-Download-Options;
uwsgi_hide_header X-Permitted-Cross-Domain-Policies;
uwsgi_hide_header Content-Security-Policy;
uwsgi_hide_header Referrer-Policy;
uwsgi_hide_header X-Powered-By;
include uwsgi_params;
uwsgi_param HTTPS $proxy_https if_not_empty;
uwsgi_param REQUEST_SCHEME $proxy_https if_not_empty;
uwsgi_param SERVER_PORT $proxy_port if_not_empty;

+ 2
- 1
roles/nextcloud_back/tasks/main.yml View File

@@ -168,7 +168,8 @@
}
H;x;b array' \
"{{nextcloud_conf}}/config.php"
warn: false
args:
warn: false
when:
- (check_conf_arrays_1.stdout is defined)
- (check_conf_arrays_1.stdout != '')

+ 18
- 2
roles/nextcloud_back/templates/nextcloud.ini.j2 View File

@@ -6,7 +6,7 @@
nextcloud_root = {{nextcloud_root}}
nextcloud_conf = {{nextcloud_conf}}
nextcloud_apps = {{nextcloud_data}}/apps
static_ext = (?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg|docx|xlsx|pptx|odt|ods|odp)
static_ext = (?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)

; load the required plugins, php is loaded as the default (0) modifier
plugins = 0:php
@@ -25,7 +25,7 @@ socket = /run/shared_sockets/nextcloud
idle = 1800
die-on-idle = true
;disable-logging = true
;logformat = %(uri) = %(var.SCRIPT_NAME) [%(var.PATH_INFO)]
logformat=%(status) %(method) [%(var.SCRIPT_FILENAME)] %(uri) = %(var.SCRIPT_NAME) %(var.PATH_INFO)
pty-log
processes = 4
cheaper = 1
@@ -34,10 +34,26 @@ umask = 007
buffer-size = 8192

;=> local routing / rewriting
#route-uri = ^ log:BEFORE: [${SCRIPT_FILENAME}] ${REQUEST_URI} = ${SCRIPT_NAME} ${PATH_INFO}
route-uri = ^/xapps(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_apps)$1
route-uri = ^(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_root)$1
; useless-looking, but necessary for side-effects
route-uri = ^(.*)$ rewrite:$1
#route-uri = ^ log:AFTER: [${SCRIPT_FILENAME}] ${REQUEST_URI} = ${SCRIPT_NAME} ${PATH_INFO}

#collect-header = Location NEW_URL
#error-route-status = 302 goto:checkredirect
#error-route-uri = ^ goto:checkOK
#error-route-label = checkredirect
#error-route-uri = ^ log:*** checkredirect
#error-route-if-not = equal:${NEW_URL};https://yalis.fr/mn/index.php/apps/files/ goto:checkOK
#error-route-uri = ^ log:*** Location == apps/files/
#error-route-uri = ^(?!/index.php/) goto:checkOK
#error-route-uri = ^ log:*** URI ^ /index.php/
#error-route-uri = ^ log:REWRITE 302 (${PATH_INFO} -> ${NEW_URL}) AS 404
#error-route-uri = ^ return:404
#error-route-label = checkOK
#error-route-uri = ^ log:*** CANCEL CHECK (${NEW_URL})

;=> application settings
env = NEXTCLOUD_CONFIG_DIR=%(nextcloud_conf)

Loading…
Cancel
Save