seqizz · August 29, 2015 14:04
diff --git a/cloud.domain.net.vhost b/cloud.domain.net.vhost
 server {
            listen 80;
            server_name cloud.domain.net;
            return 301 https://$server_name$request_uri;  # enforce https
 }

 server {
        listen 443 ssl spdy;

        gzip off;        

        ssl on;        
        ssl_certificate /path/cloud.domain.net.crt;
        ssl_certificate_key /path/cloud.domain.net.key;
        ssl_session_timeout 5m;
        ssl_session_cache shared:NginxCache123:50m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;

        server_name cloud.domain.net;
        root /var/www/owncloud;
        access_log /var/log/nginx/cloud.domain.net-access.log;
        error_log /var/log/nginx/cloud.domain.net-error.log;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location ~ ^/(data|config|db_structure\.xml) {
    deny all;
  }

  location / {
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ index.php;
 }

 location ~ ^(.+?\.php)(/.*)?$ {
    try_files $1 =404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$1;
    fastcgi_param PATH_INFO $2;
    fastcgi_param HTTPS on;
 }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location ~ \.(css|js|jpg|jpeg|png|gif)$ {
                expires 7d;
                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
                add_header "Vary" "Accept-Encoding";
        }

 }
	server {
	listen 80;
	server_name cloud.domain.net;
	return 301 https://$server_name$request_uri; # enforce https
	}

	server {
	listen 443 ssl spdy;

	gzip off;

	ssl on;
	ssl_certificate /path/cloud.domain.net.crt;
	ssl_certificate_key /path/cloud.domain.net.key;
	ssl_session_timeout 5m;
	ssl_session_cache shared:NginxCache123:50m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
	ssl_prefer_server_ciphers on;

	server_name cloud.domain.net;
	root /var/www/owncloud;
	access_log /var/log/nginx/cloud.domain.net-access.log;
	error_log /var/log/nginx/cloud.domain.net-error.log;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;

	location ~ ^/(data\|config\|db_structure\.xml) {
	deny all;
	}

	location / {
	rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
	rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

	rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
	rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

	rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

	try_files $uri $uri/ index.php;
	}

	location ~ ^(.+?\.php)(/.*)?$ {
	try_files $1 =404;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include /etc/nginx/fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$1;
	fastcgi_param PATH_INFO $2;
	fastcgi_param HTTPS on;
	}

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	location ~ \.(css\|js\|jpg\|jpeg\|png\|gif)$ {
	expires 7d;
	add_header Cache-Control "public, must-revalidate, proxy-revalidate";
	add_header "Vary" "Accept-Encoding";
	}

	}