Created
January 30, 2014 20:24
-
-
Save mrdaemon/8717996 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: ft=nginx: | |
| server { | |
| listen 80; | |
| server_name files.glasnost.us; | |
| rewrite ^ https://files.glasnost.us/$uri permanent; | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name files.glasnost.us; | |
| access_log /var/log/nginx/owncloud.access.log; | |
| error_log /var/log/nginx/owncloud.error.log; | |
| # Explicit SSL ciphers, because BEAST and also _some_ PFS | |
| # FIXME: Remove me once most clients are fixed, because RC4 fucking blows | |
| ssl_prefer_server_ciphers on; | |
| ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_session_cache builtin:1000 shared:SSL:10m; | |
| ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA; | |
| # certificate is concatenated with intermediate CA | |
| ssl_certificate /etc/nginx/ssl/files.glasnost.us.crt; | |
| ssl_certificate_key /etc/nginx/ssl/files.glasnost.us.key; | |
| root /var/www/owncloud/; | |
| client_max_body_size 10G; | |
| fastcgi_buffers 256 4k; # 4k + 256 * 4k = 1028k | 4k = PAGESIZE | |
| index index.php; | |
| error_page 403 = /core/templates/403.php; | |
| error_page 404 = /core/templates/404.php; | |
| location ~ ^/(data|config|\.ht|db_structure\.xml|README) { | |
| deny all; | |
| } | |
| location / { | |
| try_files $uri $uri/ index.php @rrules; | |
| } | |
| location @rrules { | |
| rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; | |
| rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; | |
| rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; | |
| rewrite ^/.well-known/host-meta /public.php?service=host-meta last; | |
| rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; | |
| rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; | |
| rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; | |
| rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; | |
| rewrite ^/apps/calendar/caldav.php(.*)$ /remote.php/caldav/$1 last; | |
| rewrite ^/apps/contacts/carddav.php(.*)$ /remote.php/carddav/$1 last; | |
| rewrite ^/apps/([^/]*)/(.*\.(css|php))$ /index.php?app=$1&getfile=$2 last; | |
| rewrite ^/remote/(.*)$ /remote.php/$1 redirect; | |
| } | |
| location ~ ^(.+?\.php)(/.*)?$ { | |
| try_files $1 = 404; | |
| include fastcgi_params; | |
| fastcgi_param PATH_INFO $2; | |
| fastcgi_param HTTPS on; | |
| fastcgi_param HTTP_AUTHORIZATION $http_authorization; | |
| fastcgi_param htaccessWorking true; # CLOSE UR FACE | |
| fastcgi_pass unix:/var/tmp/php_pool.socket; | |
| } | |
| # static assets | |
| location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { | |
| expires 30d; # in b4 someone screams. Probably a4a. | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment