Created
June 5, 2021 19:34
-
-
Save Finkregh/b3ca58f4ad6f27d8d0ef7246ee8d7941 to your computer and use it in GitHub Desktop.
nextcloud php-fpm caddy 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(headers) { | |
header { | |
-Server | |
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
X-XSS-Protection "1; mode=block" | |
X-Permitted-Cross-Domain-Policies "none" | |
X-Content-Type-Options "nosniff" | |
X-Frame-Options "SAMEORIGIN" | |
X-Robots-Tag "nine" | |
Permissions-Policy interest-cohort=() | |
Content-Security-Policy "upgrade-insecure-requests" | |
Referrer-Policy "strict-origin-when-cross-origin" | |
Cache-Control "public, max-age=15, must-revalidate" | |
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; usb 'none'; vr 'none'" | |
} | |
} | |
example.com { | |
import headers | |
root * /var/www/htdocs/nextcloud | |
php_fastcgi unix//run/php/php-fpm.sock { | |
env SERVER_NAME example.com(headers) { | |
header { | |
-Server | |
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
X-XSS-Protection "1; mode=block" | |
X-Permitted-Cross-Domain-Policies "none" | |
X-Content-Type-Options "nosniff" | |
X-Frame-Options "SAMEORIGIN" | |
X-Robots-Tag "nine" | |
Permissions-Policy interest-cohort=() | |
Content-Security-Policy "upgrade-insecure-requests" | |
Referrer-Policy "strict-origin-when-cross-origin" | |
Cache-Control "public, max-age=15, must-revalidate" | |
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; usb 'none'; vr 'none'" | |
} | |
} | |
env SERVER_PORT 443 | |
} | |
encode gzip | |
file_server | |
redir /.well-known/carddav /remote.php/dav 301 | |
redir /.well-known/caldav /remote.php/dav 301 | |
redir /remote /remote.php 301 | |
redir /remote/* /remote.php?{query} 301 | |
@forbidden { | |
path /.htaccess | |
path /data/* | |
path /config/* | |
path /db_structure | |
path /.xml | |
path /README | |
path /3rdparty/* | |
path /lib/* | |
path /templates/* | |
path /occ | |
path /console.php | |
} | |
respond @forbidden 404 | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'overwriteprotocol' => 'https', | |
'htaccess.IgnoreFrontController' => true, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment