Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

89 lines
3.1 KiB

  1. add_header Referrer-Policy "no-referrer" always;
  2. add_header X-Content-Type-Options "nosniff" always;
  3. add_header X-Download-Options "noopen" always;
  4. add_header X-Frame-Options "SAMEORIGIN" always;
  5. add_header X-Permitted-Cross-Domain-Policies "none" always;
  6. add_header X-Robots-Tag "none" always;
  7. add_header X-XSS-Protection "1; mode=block" always;
  8. fastcgi_hide_header X-Powered-By;
  9. root /opt/nextcloud;
  10. location = /robots.txt {
  11. allow all;
  12. log_not_found off;
  13. access_log off;
  14. }
  15. location = /.well-known/carddav {
  16. return 301 $scheme://$host/remote.php/dav;
  17. }
  18. location = /.well-known/caldav {
  19. return 301 $scheme://$host/remote.php/dav;
  20. }
  21. # set max upload size
  22. client_max_body_size 512M;
  23. fastcgi_buffers 64 4K;
  24. # Enable gzip but do not remove ETag headers
  25. gzip on;
  26. gzip_vary on;
  27. gzip_comp_level 4;
  28. gzip_min_length 256;
  29. gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  30. gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
  31. location / {
  32. rewrite ^ /index.php;
  33. }
  34. location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
  35. deny all;
  36. }
  37. location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
  38. deny all;
  39. }
  40. location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
  41. fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
  42. set $path_info $fastcgi_path_info;
  43. try_files $fastcgi_script_name =404;
  44. include fastcgi_params;
  45. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  46. fastcgi_param PATH_INFO $path_info;
  47. fastcgi_param HTTPS on;
  48. # Avoid sending the security headers twice
  49. fastcgi_param modHeadersAvailable true;
  50. # Enable pretty urls
  51. fastcgi_param front_controller_active true;
  52. fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
  53. fastcgi_intercept_errors on;
  54. fastcgi_request_buffering off;
  55. }
  56. location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
  57. try_files $uri/ =404;
  58. index index.php;
  59. }
  60. # Adding the cache control header for js, css and map files
  61. # Make sure it is BELOW the PHP block
  62. location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
  63. try_files $uri /index.php$request_uri;
  64. add_header Cache-Control "public, max-age=15778463";
  65. add_header Referrer-Policy "no-referrer" always;
  66. add_header X-Content-Type-Options "nosniff" always;
  67. add_header X-Download-Options "noopen" always;
  68. add_header X-Frame-Options "SAMEORIGIN" always;
  69. add_header X-Permitted-Cross-Domain-Policies "none" always;
  70. add_header X-Robots-Tag "none" always;
  71. add_header X-XSS-Protection "1; mode=block" always;
  72. access_log off;
  73. }
  74. location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
  75. try_files $uri /index.php$request_uri;
  76. access_log off;
  77. }