bhcopeland · August 29, 2015 14:25
diff --git a/nginx.conf - Owncloud, ampache, php-fpm. b/nginx.conf - Owncloud, ampache, php-fpm.
 user  www-data;
 worker_processes  4;

 events {
    worker_connections  4069;
 }

 http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    error_log  logs/error.log;
    access_log  logs/access.log  main;

  send_timeout                600;

 upstream php-handler {
  server unix:/var/run/php5-fpm.sock;
  }

 server {
  listen 80;
  server_name example.org;
  # enforce https
  return 301 https://$server_name$request_uri;
  }

 server {
  listen 443 ssl;
  server_name example.org;
  index index.html index.php dashboard.php;

  ssl_certificate      /etc/ssl/certs/example.org.crt;
  ssl_certificate_key  /etc/ssl/private/example.org.key;

  # Path to the root of your installation
  root /var/www/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  location /nginx_stat {
    stub_status on;       # Turn on nginx stats
    access_log   off;     # We do not need logs for stats
    allow 127.0.0.1/32;      # Security: Only allow access from IP
    allow 10.0.0.0/24;
    deny all;             # Deny requests from the other of the world
  }

  if ( !-e $request_filename ) {
    rewrite ^/ampache/rest/(.*)\.view$ /ampache/rest/index.php?action=$1 last;
  }

  location /ampache/rest/ {
    limit_except GET POST {
        deny all;
    }
  }

  location /owncloud {
    auth_basic off;
  }

  location /ampache {
   auth_basic off;
  }

  location / {
      satisfy any;
      allow 10.0.0.0/24;
      allow 127.0.0.1;
      deny all;
      autoindex on;
      fancyindex on;
      fancyindex_exact_size off;
      auth_basic "Restricted";
      auth_basic_user_file /var/www/.htpasswd;

      # The following 2 rules are only needed with webfinger
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

      rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
      rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

      rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

      try_files $uri $uri/ /index.php;
   }

  location ~ \.php(?:$|/) {
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    include fastcgi_params;
    fastcgi_split_path_info ^(.+?.php)(/.*)$;
  }

  }
 }
	user www-data;
	worker_processes 4;

	events {
	worker_connections 4069;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	error_log logs/error.log;
	access_log logs/access.log main;

	send_timeout 600;

	upstream php-handler {
	server unix:/var/run/php5-fpm.sock;
	}

	server {
	listen 80;
	server_name example.org;
	# enforce https
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl;
	server_name example.org;
	index index.html index.php dashboard.php;

	ssl_certificate /etc/ssl/certs/example.org.crt;
	ssl_certificate_key /etc/ssl/private/example.org.key;

	# Path to the root of your installation
	root /var/www/;
	# set max upload size
	client_max_body_size 10G;
	fastcgi_buffers 64 4K;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	location /nginx_stat {
	stub_status on; # Turn on nginx stats
	access_log off; # We do not need logs for stats
	allow 127.0.0.1/32; # Security: Only allow access from IP
	allow 10.0.0.0/24;
	deny all; # Deny requests from the other of the world
	}

	if ( !-e $request_filename ) {
	rewrite ^/ampache/rest/(.*)\.view$ /ampache/rest/index.php?action=$1 last;
	}

	location /ampache/rest/ {
	limit_except GET POST {
	deny all;
	}
	}

	location /owncloud {
	auth_basic off;
	}

	location /ampache {
	auth_basic off;
	}

	location / {
	satisfy any;
	allow 10.0.0.0/24;
	allow 127.0.0.1;
	deny all;
	autoindex on;
	fancyindex on;
	fancyindex_exact_size off;
	auth_basic "Restricted";
	auth_basic_user_file /var/www/.htpasswd;

	# The following 2 rules are only needed with webfinger
	rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
	rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

	rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
	rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

	rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

	try_files $uri $uri/ /index.php;
	}

	location ~ \.php(?:$\|/) {
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param PATH_INFO $fastcgi_path_info;
	fastcgi_param HTTPS on;
	include fastcgi_params;
	fastcgi_split_path_info ^(.+?.php)(/.*)$;
	}

	}
	}