From a5e4e99f2ce1c799e93323088de072863d481fdf Mon Sep 17 00:00:00 2001 From: Stefan Wieczorek Date: Wed, 24 Aug 2022 13:33:11 +0200 Subject: [PATCH] . --- v2/Nextcloud/Nextcloud 25 | 74 ++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/v2/Nextcloud/Nextcloud 25 b/v2/Nextcloud/Nextcloud 25 index a392c56..6a5ed23 100644 --- a/v2/Nextcloud/Nextcloud 25 +++ b/v2/Nextcloud/Nextcloud 25 @@ -17,51 +17,47 @@ server { } # set max upload size and increase upload timeout: -client_max_body_size 512M; -client_body_timeout 300s; -fastcgi_buffers 64 4K; + client_max_body_size 512M; + client_body_timeout 300s; + fastcgi_buffers 64 4K; -# Enable gzip but do not remove ETag headers -gzip on; -gzip_vary on; -gzip_comp_level 4; -gzip_min_length 256; -gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; -gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; -# Remove X-Powered-By, which is an information leak -fastcgi_hide_header X-Powered-By; + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; -add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"; + add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"; -location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in `.htaccess` that concern `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; -} - -# Remove "#" to enable the push service. Please note that this must be set up before activation. -#location /push/ { -# proxy_pass http://localhost:7867/; -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header Connection "Upgrade"; -# proxy_set_header Host $host; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -#} - -{{settings}} + # Remove "#" to enable the push service. Please note that this must be set up before activation. + #location /push/ { + # proxy_pass http://localhost:7867/; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # proxy_set_header Host $host; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #} + {{settings}} location / { rewrite ^ /index.php;