Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions
digitalboard.core/roles/nextcloud/templates/nginx.conf.j2
Bert-Jan Fikse 6ab3505dc8
feat: add basic nextcloud role 
nextcloud with optional collabora base setup
2025-12-19 14:17:08 +01:00

86 lines
No EOL
2.9 KiB
Django/Jinja
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

upstream nextcloud_backend {
{% for i in range(1, nextcloud_scale_factor + 1) %}
server nextcloud-nextcloud-{{ i }}:9000;
{% endfor %}
}
server {
listen 80;
server_name _;
# Serve Nextcloud files
root /var/www/html;
index index.php index.html /index.php$request_uri;
include /etc/nginx/mime.types;
types { application/javascript mjs; }
client_max_body_size {{ nextcloud_upload_limit_mb }}M;
fastcgi_buffers 64 4k;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header Referrer-Policy "no-referrer" always;
# DAV
location = /.well-known/carddav { return 308 https://$host/remote.php/dav; }
location = /.well-known/caldav { return 308 https://$host/remote.php/dav; }
# Federated sharing / Webfinger / Nodeinfo / Host-meta
# Forward them to index.php so Nextcloud can handle them
location = /.well-known/webfinger { return 308 https://$host/index.php$request_uri; }
location = /.well-known/nodeinfo { return 308 https://$host/index.php$request_uri; }
location = /.well-known/host-meta { return 308 https://$host/index.php$request_uri; }
location = /.well-known/host-meta.json { return 308 https://$host/index.php$request_uri; }
location = /robots.txt { allow all; log_not_found off; access_log off; }
# denies
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; }
location / {
try_files $uri $uri/ /index.php$request_uri;
}
location ~ \.php(?:$|/) {
# Only allow the front controller
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Pass to PHP-FPM in the nextcloud container
fastcgi_pass nextcloud_backend;
# Tell Nextcloud its HTTPS (double proxy) and behind proxies
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
# Preserve original host/proto from outer proxies via Traefik
fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
fastcgi_param HTTP_X_FORWARDED_HOST $http_host;
fastcgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
fastcgi_param HTTP_X_REAL_IP $remote_addr;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Caching for static assets
location ~ \.(?:css|js|mjs|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
expires 6M;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
expires 6M;
access_log off;
}
}
View git blame Copy permalink