LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
446 Commits
12 Branches
967 KiB
Tree: cec0b7cf50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cec0b7cf50'
${ noResults }
lilik_playbook/roles/nextcloud/templates/nextcloud.conf.j2

89 lines
3.1 KiB
Raw Normal View History

roles/nextcloud: first commit Role to configure nextcloud with LDAP User backend. First test passed. New modules: - occ: set coniguration values using `php occ` nextcloud command-line tool.
5 years ago
roles/nextcloud: fix reverse proxy for webdav
5 years ago
roles/nextcloud: first commit Role to configure nextcloud with LDAP User backend. First test passed. New modules: - occ: set coniguration values using `php occ` nextcloud command-line tool.
5 years ago
roles/nextcloud: fix reverse proxy for webdav
5 years ago
roles/nextcloud: first commit Role to configure nextcloud with LDAP User backend. First test passed. New modules: - occ: set coniguration values using `php occ` nextcloud command-line tool.
5 years ago
roles/nextcloud: bumps to .5 and php 7.4 Plus some php cache tunings
4 years ago
roles/nextcloud: first commit Role to configure nextcloud with LDAP User backend. First test passed. New modules: - occ: set coniguration values using `php occ` nextcloud command-line tool.
5 years ago
 
  1. add_header Referrer-Policy "no-referrer" always;
  2. add_header X-Content-Type-Options "nosniff" always;
  3. add_header X-Download-Options "noopen" always;
  4. add_header X-Frame-Options "SAMEORIGIN" always;
  5. add_header X-Permitted-Cross-Domain-Policies "none" always;
  6. add_header X-Robots-Tag "none" always;
  7. add_header X-XSS-Protection "1; mode=block" always;
  8. 

  9. fastcgi_hide_header X-Powered-By;
  10. 

  11. root /opt/nextcloud;
  12. 

  13. location = /robots.txt {
  14.     allow all;
  15.     log_not_found off;
  16.     access_log off;
  17. }
  18. 

  19. location = /.well-known/carddav {
  20.     return 301 $scheme://$host/remote.php/dav;
  21. }
  22. location = /.well-known/caldav {
  23.     return 301 $scheme://$host/remote.php/dav;
  24. }
  25. 

  26. # set max upload size
  27. client_max_body_size 512M;
  28. fastcgi_buffers 64 4K;
  29. 

  30. # Enable gzip but do not remove ETag headers
  31. gzip on;
  32. gzip_vary on;
  33. gzip_comp_level 4;
  34. gzip_min_length 256;
  35. gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  36. gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
  37. 

  38. location / {
  39.     rewrite ^ /index.php;
  40. }
  41. location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
  42.     deny all;
  43. }
  44. location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
  45.     deny all;
  46. }
  47. 

  48. location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
  49.     fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
  50.     set $path_info $fastcgi_path_info;
  51.     try_files $fastcgi_script_name =404;
  52.     include fastcgi_params;
  53.     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  54.     fastcgi_param PATH_INFO $path_info;
  55.     fastcgi_param HTTPS on;
  56.     # Avoid sending the security headers twice
  57.     fastcgi_param modHeadersAvailable true;
  58.     # Enable pretty urls
  59.     fastcgi_param front_controller_active true;
  60.     fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  61.     fastcgi_intercept_errors on;
  62.     fastcgi_request_buffering off;
  63. }
  64. 

  65. location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
  66.     try_files $uri/ =404;
  67.     index index.php;
  68. }
  69. 

  70. # Adding the cache control header for js, css and map files
  71. # Make sure it is BELOW the PHP block
  72. location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
  73.     try_files $uri /index.php$request_uri;
  74.     add_header Cache-Control "public, max-age=15778463";
  75.     add_header Referrer-Policy "no-referrer" always;
  76.     add_header X-Content-Type-Options "nosniff" always;
  77.     add_header X-Download-Options "noopen" always;
  78.     add_header X-Frame-Options "SAMEORIGIN" always;
  79.     add_header X-Permitted-Cross-Domain-Policies "none" always;
  80.     add_header X-Robots-Tag "none" always;
  81.     add_header X-XSS-Protection "1; mode=block" always;
  82. 

  83.     access_log off;
  84. }
  85. 

  86. location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
  87.     try_files $uri /index.php$request_uri;
  88. 

  89.     access_log off;
  90. }