Created
October 2, 2016 14:33
-
-
Save jirutka/05859a9acbc40664ee269f9f61a5c722 to your computer and use it in GitHub Desktop.
nginx config for ownCloud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nginx/conf.d/owncloud.conf | |
| upstream owncloud_fcgi { | |
| server unix:/run/owncloud/fastcgi.sock; | |
| } | |
| server { | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| server_name owncloud.example.org; | |
| root /usr/share/webapps/owncloud; | |
| access_log /var/log/nginx/owncloud.access.log main; | |
| error_log /var/log/nginx/owncloud.error.log warn; | |
| ssl_certificate /etc/ssl/public/owncloud.example.org.pem; | |
| ssl_certificate_key /etc/ssl/private/owncloud.example.org.key; | |
| client_max_body_size 1024M; | |
| # Disable gzip to avoid the removal of the ETag header. | |
| gzip off; | |
| fastcgi_buffers 64 4K; | |
| fastcgi_keep_conn on; | |
| fastcgi_intercept_errors on; | |
| fastcgi_read_timeout 600; | |
| include fastcgi.conf; | |
| # Enable use of X-Accel-Redirect for serving static files directly. | |
| fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; | |
| # Enable HSTS Policy | |
| add_header Strict-Transport-Security 'max-age=315360000'; | |
| index index.php; | |
| error_page 403 /core/templates/403.php; | |
| error_page 404 /core/templates/404.php; | |
| rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; | |
| rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; | |
| rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; | |
| rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; | |
| rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; | |
| # Only needed with webfinger. | |
| rewrite ^/.well-known/host-meta /public.php?service=host-meta last; | |
| rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; | |
| location ~ ^/(?:config|db_structure\.xml)/ { | |
| deny all; | |
| } | |
| # Serve static files upon request of ownCloud directly (X-Accel-Redirect). | |
| location /data { | |
| internal; | |
| alias /var/lib/owncloud/data/; | |
| } | |
| location / { | |
| rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; | |
| try_files $uri $uri/ /index.php; | |
| } | |
| # Allow to invoke background jobs only from localhost. | |
| location = /cron.php { | |
| allow 127.0.0.1; allow ::1; | |
| deny all; | |
| access_log off; | |
| fastcgi_pass owncloud_fcgi; | |
| } | |
| # Handle CalDAV, CardDAV and WebDAV. | |
| location ~ ^/remote.php/(?:cal|card|web)dav/ { | |
| # Ignore requests for useless dot files generated by OS X Finder (WebDAV). | |
| # This little hack speeds-up a WebDAV access from the Finder and also | |
| # prevents messing storage with these annoying files. | |
| location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden)$ { | |
| access_log off; | |
| log_not_found off; | |
| if ($request_method = PUT) { | |
| return 403; | |
| } | |
| return 404; | |
| } | |
| # Tell OS X Finder to not index this drive. | |
| location ~ \.metadata_never_index$ { | |
| access_log off; | |
| return 200 "Don't index this drive, Finder!"; | |
| } | |
| access_log /var/log/nginx/owncloud.dav.access.log main; | |
| error_log /var/log/nginx/owncloud.dav.error.log warn; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| fastcgi_pass owncloud_fcgi; | |
| } | |
| location ~ [^/]\.php(?:$|/) { | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| fastcgi_pass owncloud_fcgi; | |
| } | |
| # Set long Expires header on static assets. | |
| location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { | |
| expires 30d; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name owncloud.example.org; | |
| rewrite ^ https://$server_name$request_uri? permanent; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment