nextcloud: a step towards a better configuration

master
Y 2019-05-20 19:32:34 +02:00
parent 7c8fe270b4
commit cc49f17eb4
4 changed files with 30 additions and 18 deletions

View File

@ -3,8 +3,8 @@
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. # Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
# Nextcloud BUG # Nextcloud BUG
location ~ {{http_pfx_nextcloud}}/index.php/apps/richdocuments/(?:css|js|img|l10n|assets) { location ~ (?:{{http_pfx_nextcloud}})+/index.php/apps/richdocuments/(?:css|js|img|l10n|assets) {
rewrite ^{{http_pfx_nextcloud}}/index.php/apps/richdocuments(.*)$ {{http_pfx_nextcloud}}/index.php/xapps/richdocuments$1$is_args$query_string; rewrite ^(?:{{http_pfx_nextcloud}})+/index.php/apps/richdocuments(.*)$ {{http_pfx_nextcloud}}/index.php/xapps/richdocuments$1$is_args$query_string;
} }
# https://www.collaboraoffice.com/code/nginx-reverse-proxy/ # https://www.collaboraoffice.com/code/nginx-reverse-proxy/

View File

@ -10,37 +10,32 @@ location ~ ^/\.well-known/ca(?:rd|l)dav {
} }
location {{http_pfx_nextcloud}} { location {{http_pfx_nextcloud}} {
# BUG Nextcloud/Polls
location ~ ^(?:{{http_pfx_nextcloud}})+/apps/polls {
rewrite ^(?:{{http_pfx_nextcloud}})+/apps/polls(.*)$ {{http_pfx_nextcloud}}/xapps/polls$1$is_args$query_string;
}
location {{http_pfx_nextcloud}} { location {{http_pfx_nextcloud}} {
rewrite ^{{http_pfx_nextcloud}}(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string; rewrite ^(?:{{http_pfx_nextcloud}})+(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string;
} }
location ~ ^{{http_pfx_nextcloud}}/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^(?:{{http_pfx_nextcloud}})+/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^{{http_pfx_nextcloud}}/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^(?:{{http_pfx_nextcloud}})+/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? { location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? {
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
include uwsgi_params; add_header Referrer-Policy no-referrer;
uwsgi_hide_header X-Frame-Options;
uwsgi_hide_header X-Content-Type-Options; uwsgi_hide_header X-Content-Type-Options;
uwsgi_hide_header X-XSS-Protection; uwsgi_hide_header X-XSS-Protection;
uwsgi_hide_header X-Robots-Tag; uwsgi_hide_header X-Robots-Tag;
uwsgi_hide_header X-Download-Options; uwsgi_hide_header X-Download-Options;
uwsgi_hide_header X-Permitted-Cross-Domain-Policies; uwsgi_hide_header X-Permitted-Cross-Domain-Policies;
uwsgi_hide_header Content-Security-Policy; uwsgi_hide_header Referrer-Policy;
uwsgi_hide_header X-Powered-By;
include uwsgi_params;
uwsgi_param HTTPS $proxy_https if_not_empty; uwsgi_param HTTPS $proxy_https if_not_empty;
uwsgi_param REQUEST_SCHEME $proxy_https if_not_empty; uwsgi_param REQUEST_SCHEME $proxy_https if_not_empty;
uwsgi_param SERVER_PORT $proxy_port if_not_empty; uwsgi_param SERVER_PORT $proxy_port if_not_empty;

View File

@ -168,7 +168,8 @@
} }
H;x;b array' \ H;x;b array' \
"{{nextcloud_conf}}/config.php" "{{nextcloud_conf}}/config.php"
warn: false args:
warn: false
when: when:
- (check_conf_arrays_1.stdout is defined) - (check_conf_arrays_1.stdout is defined)
- (check_conf_arrays_1.stdout != '') - (check_conf_arrays_1.stdout != '')

View File

@ -6,7 +6,7 @@
nextcloud_root = {{nextcloud_root}} nextcloud_root = {{nextcloud_root}}
nextcloud_conf = {{nextcloud_conf}} nextcloud_conf = {{nextcloud_conf}}
nextcloud_apps = {{nextcloud_data}}/apps nextcloud_apps = {{nextcloud_data}}/apps
static_ext = (?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg|docx|xlsx|pptx|odt|ods|odp) static_ext = (?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)
; load the required plugins, php is loaded as the default (0) modifier ; load the required plugins, php is loaded as the default (0) modifier
plugins = 0:php plugins = 0:php
@ -25,7 +25,7 @@ socket = /run/shared_sockets/nextcloud
idle = 1800 idle = 1800
die-on-idle = true die-on-idle = true
;disable-logging = true ;disable-logging = true
;logformat = %(uri) = %(var.SCRIPT_NAME) [%(var.PATH_INFO)] logformat=%(status) %(method) [%(var.SCRIPT_FILENAME)] %(uri) = %(var.SCRIPT_NAME) %(var.PATH_INFO)
pty-log pty-log
processes = 4 processes = 4
cheaper = 1 cheaper = 1
@ -34,10 +34,26 @@ umask = 007
buffer-size = 8192 buffer-size = 8192
;=> local routing / rewriting ;=> local routing / rewriting
#route-uri = ^ log:BEFORE: [${SCRIPT_FILENAME}] ${REQUEST_URI} = ${SCRIPT_NAME} ${PATH_INFO}
route-uri = ^/xapps(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_apps)$1 route-uri = ^/xapps(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_apps)$1
route-uri = ^(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_root)$1 route-uri = ^(/(?:[^?](?<!\.php/))*\.%(static_ext))(?:\?|$) static:%(nextcloud_root)$1
; useless-looking, but necessary for side-effects ; useless-looking, but necessary for side-effects
route-uri = ^(.*)$ rewrite:$1 route-uri = ^(.*)$ rewrite:$1
#route-uri = ^ log:AFTER: [${SCRIPT_FILENAME}] ${REQUEST_URI} = ${SCRIPT_NAME} ${PATH_INFO}
#collect-header = Location NEW_URL
#error-route-status = 302 goto:checkredirect
#error-route-uri = ^ goto:checkOK
#error-route-label = checkredirect
#error-route-uri = ^ log:*** checkredirect
#error-route-if-not = equal:${NEW_URL};https://yalis.fr/mn/index.php/apps/files/ goto:checkOK
#error-route-uri = ^ log:*** Location == apps/files/
#error-route-uri = ^(?!/index.php/) goto:checkOK
#error-route-uri = ^ log:*** URI ^ /index.php/
#error-route-uri = ^ log:REWRITE 302 (${PATH_INFO} -> ${NEW_URL}) AS 404
#error-route-uri = ^ return:404
#error-route-label = checkOK
#error-route-uri = ^ log:*** CANCEL CHECK (${NEW_URL})
;=> application settings ;=> application settings
env = NEXTCLOUD_CONFIG_DIR=%(nextcloud_conf) env = NEXTCLOUD_CONFIG_DIR=%(nextcloud_conf)