laurentdinclaux/nextcloud Secret

## nextcloud
<?php
$CONFIG = array (
  'instanceid' => '*************',
  'passwordsalt' => '*************',
  'secret' => '*************',
  'trusted_domains' =>
  array (
    0 => 'domain.com',
  ),
  'datadirectory' => '/srv/www/nextcloud/data',
  'overwrite.cli.url' => 'https://domain.com/nextcloud',
  'dbtype' => 'mysql',
  'version' => '9.1.3.2',
  'dbname' => '*************',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '*************',
  'dbpassword' => '*************',
  'installed' => true,
  'filelocking.enabled' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  // 'memcache.local' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\APCu',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'trusted_proxies' =>
  array (
    0 => '*************',
  ),
  'overwritehost' => 'domain.com',
  'overwriteprotocol' => 'https',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
  'loglevel' => 0,
  'log_rotate_size' => 52428800,
  'appstore.experimental.enabled' => true,
  'mail_from_address' => 'nextcloud',
  'mail_smtpmode' => 'php',
  'mail_domain' => 'domain.com',
  'ldapUserCleanupInterval' => 30,
  'maintenance' => false,
  'updater.secret' => '*************',
);

## nginx
upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php/php7.0-fpm.sock;
}

fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
map $request_uri $skip_cache {
     default 1;
     ~*/nextcloud/thumbnail.php 0;
     ~*/nextcloud/apps/galleryplus/ 0;
     ~*/nextcloud/apps/gallery/ 0;
}

server {
    listen 80;
    server_name _;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /srv/www/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    # rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
    # last;
    #rewrite ^/.well-known/host-meta.json
    # /nextcloud/public.php?service=host-meta-json last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }

    location /.well-known/acme-challenge { }

    location ^~ /nextcloud {

        # set max upload size
        client_max_body_size 16400M;
        fastcgi_buffers 64 4K;

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        error_page 403 /nextcloud/core/templates/403.php;
        error_page 404 /nextcloud/core/templates/404.php;

        location /nextcloud {
            rewrite ^ /nextcloud/index.php$uri;
        }

        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }


	      # cache_purge (with $http_cookies we have unique keys for the user)
	      fastcgi_cache_key $http_cookie$request_method$host$request_uri;
	      fastcgi_cache_use_stale error timeout invalid_header http_500;
	      fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

        location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            include snippets/fastcgi-php.conf;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;

	          fastcgi_connect_timeout 120;
            fastcgi_send_timeout 360;
            fastcgi_read_timeout 1200;

	          # cache_purge
            fastcgi_cache_bypass $skip_cache;
            fastcgi_no_cache $skip_cache;
            fastcgi_cache NEXTCLOUD;
            fastcgi_cache_valid  60m;
            fastcgi_cache_methods GET HEAD;

	          fastcgi_param REMOTE_ADDR $http_x_real_ip;
        }

        location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~* \.(?:css|js)$ {
            try_files $uri /nextcloud/index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers  (It is intended
            # to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read
            # into this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            # includeSubDomains; preload;";
            # add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }

        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files $uri /nextcloud/index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

## phpfpm
[www]
user = www-data
group = www-data
listen = /run/php/php7.0-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 150
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 5
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f drive@domain.com
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm.www.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 1024M
php_value[upload_max_filesize] = 16400M
php_value[post_max_size] = 16400M
php_value[max_input_time] = 3600
php_value[output_buffering] = Off
php_value[max_execution_time] = 3600
php_value[upload_tmp_dir] = /srv/www/nextcloud/data/upload-tmp
	<?php
	$CONFIG = array (
	'instanceid' => '*************',
	'passwordsalt' => '*************',
	'secret' => '*************',
	'trusted_domains' =>
	array (
	0 => 'domain.com',
	),
	'datadirectory' => '/srv/www/nextcloud/data',
	'overwrite.cli.url' => 'https://domain.com/nextcloud',
	'dbtype' => 'mysql',
	'version' => '9.1.3.2',
	'dbname' => '*************',
	'dbhost' => 'localhost',
	'dbport' => '',
	'dbtableprefix' => 'oc_',
	'dbuser' => '*************',
	'dbpassword' => '*************',
	'installed' => true,
	'filelocking.enabled' => true,
	'memcache.locking' => '\OC\Memcache\Redis',
	// 'memcache.local' => '\OC\Memcache\Redis',
	'memcache.local' => '\OC\Memcache\APCu',
	'redis' =>
	array (
	'host' => 'localhost',
	'port' => 6379,
	),
	'trusted_proxies' =>
	array (
	0 => '*************',
	),
	'overwritehost' => 'domain.com',
	'overwriteprotocol' => 'https',
	'ldapIgnoreNamingRules' => false,
	'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
	'loglevel' => 0,
	'log_rotate_size' => 52428800,
	'appstore.experimental.enabled' => true,
	'mail_from_address' => 'nextcloud',
	'mail_smtpmode' => 'php',
	'mail_domain' => 'domain.com',
	'ldapUserCleanupInterval' => 30,
	'maintenance' => false,
	'updater.secret' => '*************',
	);
	upstream php-handler {
	#server 127.0.0.1:9000;
	server unix:/var/run/php/php7.0-fpm.sock;
	}

	fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
	map $request_uri $skip_cache {
	default 1;
	~*/nextcloud/thumbnail.php 0;
	~*/nextcloud/apps/galleryplus/ 0;
	~*/nextcloud/apps/gallery/ 0;
	}

	server {
	listen 80;
	server_name _;

	# Add headers to serve security related headers
	# Before enabling Strict-Transport-Security headers please read into this
	# topic first.
	add_header Strict-Transport-Security "max-age=15768000;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;

	# Path to the root of your installation
	root /srv/www/;

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# The following 2 rules are only needed for the user_webfinger app.
	# Uncomment it if you're planning to use this app.
	# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
	# last;
	#rewrite ^/.well-known/host-meta.json
	# /nextcloud/public.php?service=host-meta-json last;

	location = /.well-known/carddav {
	return 301 $scheme://$host/nextcloud/remote.php/dav;
	}
	location = /.well-known/caldav {
	return 301 $scheme://$host/nextcloud/remote.php/dav;
	}

	location /.well-known/acme-challenge { }

	location ^~ /nextcloud {

	# set max upload size
	client_max_body_size 16400M;
	fastcgi_buffers 64 4K;

	# Disable gzip to avoid the removal of the ETag header
	gzip off;

	# Uncomment if your server is build with the ngx_pagespeed module
	# This module is currently not supported.
	#pagespeed off;

	error_page 403 /nextcloud/core/templates/403.php;
	error_page 404 /nextcloud/core/templates/404.php;

	location /nextcloud {
	rewrite ^ /nextcloud/index.php$uri;
	}

	location ~ ^/nextcloud/(?:build\|tests\|config\|lib\|3rdparty\|templates\|data)/ {
	deny all;
	}
	location ~ ^/nextcloud/(?:\.\|autotest\|occ\|issue\|indie\|db_\|console) {
	deny all;
	}


	# cache_purge (with $http_cookies we have unique keys for the user)
	fastcgi_cache_key $http_cookie$request_method$host$request_uri;
	fastcgi_cache_use_stale error timeout invalid_header http_500;
	fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

	location ~ ^/nextcloud/(?:index\|remote\|public\|cron\|core/ajax/update\|status\|ocs/v[12]\|updater/.+\|ocs-provider/.+\|core/templates/40[34])\.php(?:$\|/) {
	include snippets/fastcgi-php.conf;
	fastcgi_param HTTPS on;
	#Avoid sending the security headers twice
	fastcgi_param modHeadersAvailable true;
	fastcgi_param front_controller_active true;
	fastcgi_pass php-handler;
	fastcgi_intercept_errors on;
	fastcgi_request_buffering off;

	fastcgi_connect_timeout 120;
	fastcgi_send_timeout 360;
	fastcgi_read_timeout 1200;

	# cache_purge
	fastcgi_cache_bypass $skip_cache;
	fastcgi_no_cache $skip_cache;
	fastcgi_cache NEXTCLOUD;
	fastcgi_cache_valid 60m;
	fastcgi_cache_methods GET HEAD;

	fastcgi_param REMOTE_ADDR $http_x_real_ip;
	}

	location ~ ^/nextcloud/(?:updater\|ocs-provider)(?:$\|/) {
	try_files $uri/ =404;
	index index.php;
	}

	# Adding the cache control header for js and css files
	# Make sure it is BELOW the PHP block
	location ~* \.(?:css\|js)$ {
	try_files $uri /nextcloud/index.php$uri$is_args$args;
	add_header Cache-Control "public, max-age=7200";
	# Add headers to serve security related headers (It is intended
	# to have those duplicated to the ones above)
	# Before enabling Strict-Transport-Security headers please read
	# into this topic first.
	# add_header Strict-Transport-Security "max-age=15768000;
	# includeSubDomains; preload;";
	# add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
	# Optional: Don't log access to assets
	access_log off;
	}

	location ~* \.(?:svg\|gif\|png\|html\|ttf\|woff\|ico\|jpg\|jpeg)$ {
	try_files $uri /nextcloud/index.php$uri$is_args$args;
	# Optional: Don't log access to other assets
	access_log off;
	}
	}
	}
	[www]
	user = www-data
	group = www-data
	listen = /run/php/php7.0-fpm.sock
	listen.owner = www-data
	listen.group = www-data
	pm = ondemand
	pm.max_children = 150
	pm.start_servers = 2
	pm.min_spare_servers = 1
	pm.max_spare_servers = 5
	env[HOSTNAME] = $HOSTNAME
	env[PATH] = /usr/local/bin:/usr/bin:/bin
	env[TMP] = /tmp
	env[TMPDIR] = /tmp
	env[TEMP] = /tmp
	php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f drive@domain.com
	php_flag[display_errors] = off
	php_admin_value[error_log] = /var/log/php-fpm.www.log
	php_admin_flag[log_errors] = on
	php_admin_value[memory_limit] = 1024M
	php_value[upload_max_filesize] = 16400M
	php_value[post_max_size] = 16400M
	php_value[max_input_time] = 3600
	php_value[output_buffering] = Off
	php_value[max_execution_time] = 3600
	php_value[upload_tmp_dir] = /srv/www/nextcloud/data/upload-tmp