59 lines
2.4 KiB
Django/Jinja
59 lines
2.4 KiB
Django/Jinja
# The home-server project produces a multi-purpose setup using Ansible.
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
# https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html
|
|
|
|
location ~ ^/\.well-known/ca(?:rd|l)dav {
|
|
rewrite ^/.well-known/carddav https://{{net_soa}}{{http_pfx_nextcloud}}/remote.php/dav/ redirect;
|
|
rewrite ^/.well-known/caldav https://{{net_soa}}{{http_pfx_nextcloud}}/remote.php/dav/ redirect;
|
|
}
|
|
|
|
location {{http_pfx_nextcloud}} {
|
|
# BUG Nextcloud/Polls
|
|
location ~ ^(?:{{http_pfx_nextcloud}})+/apps/polls {
|
|
rewrite ^(?:{{http_pfx_nextcloud}})+/apps/polls(.*)$ {{http_pfx_nextcloud}}/xapps/polls$1$is_args$query_string;
|
|
}
|
|
|
|
location {{http_pfx_nextcloud}} {
|
|
rewrite ^{{http_pfx_nextcloud}}(.*) {{http_pfx_nextcloud}}/index.php$1$is_args$query_string;
|
|
}
|
|
|
|
location ~ ^{{http_pfx_nextcloud}}/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
|
deny all;
|
|
}
|
|
location ~ ^{{http_pfx_nextcloud}}/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
deny all;
|
|
}
|
|
|
|
location ~ ^(?:{{http_pfx_nextcloud}})+(/(?:(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12])\.php|(?:updater|ocs-provider)(?:/(?:.(?<!\.php/))*)?)|.*\.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$)((?<=\.php)/.*)? {
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
include uwsgi_params;
|
|
uwsgi_hide_header X-Frame-Options;
|
|
uwsgi_hide_header X-Content-Type-Options;
|
|
uwsgi_hide_header X-XSS-Protection;
|
|
uwsgi_hide_header X-Robots-Tag;
|
|
uwsgi_hide_header X-Download-Options;
|
|
uwsgi_hide_header X-Permitted-Cross-Domain-Policies;
|
|
uwsgi_hide_header Content-Security-Policy;
|
|
uwsgi_param HTTPS $proxy_https if_not_empty;
|
|
uwsgi_param REQUEST_SCHEME $proxy_https if_not_empty;
|
|
uwsgi_param SERVER_PORT $proxy_port if_not_empty;
|
|
uwsgi_param SCRIPT_NAME $1;
|
|
uwsgi_param REQUEST_URI $1$2$is_args$query_string;
|
|
uwsgi_param DOCUMENT_URI $1$2;
|
|
uwsgi_param PATH_INFO $2 if_not_empty;
|
|
uwsgi_pass unix:/run/shared_sockets/nextcloud;
|
|
uwsgi_intercept_errors on;
|
|
uwsgi_request_buffering off;
|
|
uwsgi_buffering off;
|
|
uwsgi_send_timeout 1h;
|
|
uwsgi_read_timeout 1h;
|
|
}
|
|
}
|