-
-
Save danielpotthast/7fce3b71781f0285defe8ba610ed09a5 to your computer and use it in GitHub Desktop.
NGINX Konfiguration für Nextcloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
map $arg_v $asset_immutable { | |
"" ""; | |
default "immutable"; | |
} | |
server { | |
# Konfiguration ohne HTTP2, wird von Certbot automatisch ergänzt | |
listen 80; | |
listen [::]:80; | |
server_name cloud.domain.tld; # Hier die Domain einsetzen | |
root /var/www/cloud.domain.tld; | |
# Sicherheitsrelevante header und Einstellungen | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Permitted-Cross-Domain-Policies none; | |
add_header X-Download-Options noopen; | |
add_header X-Frame-Options SAMEORIGIN; | |
add_header X-Robots-Tag none; | |
add_header X-Content-Type-Options nosniff; | |
add_header Referrer-Policy no-referrer; | |
server_tokens off; | |
# Logging deaktivieren um Performance zu sparen | |
access_log off; | |
log_not_found off; | |
location = /robots.txt { | |
allow all; | |
} | |
location = /.well-known/carddav { | |
return 301 $scheme://$host:$server_port/remote.php/dav; | |
} | |
location = /.well-known/caldav { | |
return 301 $scheme://$host:$server_port/remote.php/dav; | |
} | |
location ^~ /.well-known { | |
return 301 /index.php$uri; | |
} | |
# Upload-Limits und Timeouts | |
client_max_body_size 512M; | |
client_body_timeout 300s; | |
fastcgi_buffers 64 4K; | |
# GZip aktivieren | |
gzip on; | |
gzip_vary on; | |
gzip_comp_level 4; | |
gzip_min_length 256; | |
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | |
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; | |
location / { | |
rewrite ^ /index.php; | |
} | |
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { | |
return 404; | |
} | |
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { | |
return 404; | |
} | |
location ~ \.php(?:$|/) { | |
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; | |
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; | |
fastcgi_read_timeout 300; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
set $path_info $fastcgi_path_info; | |
fastcgi_param PATH_INFO $path_info; | |
fastcgi_buffers 8 16k; | |
fastcgi_buffer_size 32k; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
set $param_https off; | |
set $param_port 80; | |
if ($scheme = https) { | |
set $param_https on; | |
set $param_port 443; | |
} | |
if ($server_port = 443) { | |
set $param_https on; | |
set $param_port 443; | |
} | |
if ($http_x_forwarded_proto = "https") { | |
set $param_https on; | |
set $param_port 443; | |
} | |
fastcgi_param HTTPS $param_https; | |
fastcgi_param SERVER_PORT $param_port; | |
fastcgi_keep_conn on; | |
fastcgi_index index.php; | |
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; | |
set $path_info $fastcgi_path_info; | |
try_files $fastcgi_script_name =404; | |
include fastcgi_params; | |
} | |
# Statische Dateien | |
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ { | |
try_files $uri /index.php$request_uri; | |
add_header Cache-Control "public, max-age=15778463, $asset_immutable"; | |
access_log off; | |
location ~ \.wasm$ { | |
default_type application/wasm; | |
} | |
} | |
# Webfonts | |
location ~ \.woff2?$ { | |
try_files $uri /index.php$request_uri; | |
expires 7d; | |
access_log off; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment