Chewing_Bever
/
self-hosting
Archived
1
0
Fork 0
Code Issues 10 Pull Requests 13 Projects Releases Wiki Activity
This repository has been archived on 2021-12-24. You can view files and clone it, but cannot push or open issues/pull-requests.
self-hosting/nginx/sites-available/nextcloud.conf.template

61 lines
2.5 KiB
Plaintext
Raw Permalink Blame History

server {
# SSL Key locations
ssl_certificate /etc/letsencrypt/live/${NEXTCLOUD_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NEXTCLOUD_DOMAIN}/privkey.pem;
listen ${HTTPS_PORT} ssl;
# Not sure why http2 is here, but let's keep it just in case
listen [::]:${HTTPS_PORT} ssl http2;
server_name ${NEXTCLOUD_DOMAIN};
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Allow unlimited download size
client_max_body_size 0;
fastcgi_buffers 64 4K;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Recommended in Nextcloud overview
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_pass http://${NEXTCLOUD_HOST}:80/;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# All recommended in security overview
proxy_set_header Referrer-Policy "no-referrer" ;
proxy_set_header X-Content-Type-Options "nosniff" ;
proxy_set_header X-Download-Options "noopen" ;
proxy_set_header X-Frame-Options "SAMEORIGIN" ;
proxy_set_header X-Permitted-Cross-Domain-Policies "none" ;
proxy_set_header X-Robots-Tag "none" ;
proxy_set_header X-XSS-Protection "1; mode=block" ;
}
# Needed to make CalDAV and CardDAV work properly
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}
Reference in New Issue View Git Blame Copy Permalink