54 lines
2.3 KiB
Django/Jinja
54 lines
2.3 KiB
Django/Jinja
# The home-server project produces a multi-purpose setup using Ansible.
|
||
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||
|
||
# https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html
|
||
|
||
location ~ ^/\.well-known/ca(?:rd|l)dav {
|
||
rewrite ^/.well-known/carddav https://{{net_soa}}{{http_pfx_nextcloud}}/remote.php/dav/ redirect;
|
||
rewrite ^/.well-known/caldav https://{{net_soa}}{{http_pfx_nextcloud}}/remote.php/dav/ redirect;
|
||
}
|
||
|
||
location {{http_pfx_nextcloud}} {
|
||
location {{http_pfx_nextcloud}} {
|
||
rewrite ^(?:{{http_pfx_nextcloud}})+(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string;
|
||
}
|
||
|
||
location ~ ^(?:{{http_pfx_nextcloud}})+/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||
deny all;
|
||
}
|
||
location ~ ^(?:{{http_pfx_nextcloud}})+/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||
deny all;
|
||
}
|
||
|
||
location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? {
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
add_header X-Robots-Tag none;
|
||
add_header X-Download-Options noopen;
|
||
add_header X-Permitted-Cross-Domain-Policies none;
|
||
add_header Referrer-Policy no-referrer;
|
||
uwsgi_hide_header X-Content-Type-Options;
|
||
uwsgi_hide_header X-XSS-Protection;
|
||
uwsgi_hide_header X-Robots-Tag;
|
||
uwsgi_hide_header X-Download-Options;
|
||
uwsgi_hide_header X-Permitted-Cross-Domain-Policies;
|
||
uwsgi_hide_header Referrer-Policy;
|
||
uwsgi_hide_header X-Powered-By;
|
||
include uwsgi_params;
|
||
uwsgi_param HTTPS $proxy_https if_not_empty;
|
||
uwsgi_param REQUEST_SCHEME $proxy_https if_not_empty;
|
||
uwsgi_param SERVER_PORT $proxy_port if_not_empty;
|
||
uwsgi_param SCRIPT_NAME $1;
|
||
uwsgi_param REQUEST_URI $1$2$is_args$query_string;
|
||
uwsgi_param DOCUMENT_URI $1$2;
|
||
uwsgi_param PATH_INFO $2 if_not_empty;
|
||
uwsgi_pass unix:/run/shared_sockets/nextcloud;
|
||
uwsgi_intercept_errors on;
|
||
uwsgi_request_buffering off;
|
||
uwsgi_buffering off;
|
||
uwsgi_send_timeout 1h;
|
||
uwsgi_read_timeout 1h;
|
||
}
|
||
}
|