Forked from stevenmirabito/owncloud-nginx-pretty-urls.conf
Last active
July 16, 2016 15:20
-
-
Save savely-krasovsky/c3dc37da2915ca34f5f38a2db002389b to your computer and use it in GitHub Desktop.
Nginx configuration for ownCloud with support for URL rewriting (https://github.com/owncloud/core/pull/14081)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name shorten.pro; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name YOUTSITE.XYZ; | |
| error_log /var/log/nginx/cloud.error.log; | |
| access_log /var/log/nginx/cloud.access.log; | |
| ### START OF SSL CONFIGURATION ### | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/YOUTSITE.XYZ/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/YOUTSITE.XYZ/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/YOUTSITE.XYZ/fullchain.pem; | |
| ssl_dhparam /etc/letsencrypt/live/YOUTSITE.XYZ/dhparam.pem; | |
| ### END OF SSL CONFIGURATION ### | |
| add_header Strict-Transport-Security "max-age=631138519; includeSubDomains; preload" always; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Robots-Tag none; | |
| add_header X-Download-Options noopen; | |
| add_header X-Permitted-Cross-Domain-Policies none; | |
| root /var/www/owncloud; | |
| client_max_body_size 3G; | |
| fastcgi_buffers 64 4K; | |
| gzip off; | |
| index index.php | |
| error_page 403 /core/templates/403.php; | |
| error_page 404 /core/templates/404.php; | |
| location = /robots.txt { | |
| allow all; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~ ^/(data|config|\.ht|db_structure\.xml|README) { | |
| deny all; | |
| } | |
| location ~* \/remote\/(?:.*)$ { | |
| rewrite ^ /remote.php last; | |
| } | |
| location ~* \/core\/(?:js\/oc\.js|preview\.png).*$ { | |
| rewrite ^ /index.php last; | |
| } | |
| location ~* \/apps\/(?:files\/ajax\/upload\.php).*$ { | |
| rewrite ^ /index.php last; | |
| } | |
| location / { | |
| rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; | |
| rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; | |
| rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; | |
| #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; | |
| #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; | |
| rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; | |
| rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; | |
| rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; | |
| if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php|^\/\.well-known\/acme-challenge\/.*$)){ | |
| rewrite ^ /index.php last; | |
| } | |
| } | |
| location ~* ^(?!\/remote\.php)(?:.*)\.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|html|svg|ttf|woff)$ { | |
| expires 30d; | |
| access_log off; | |
| } | |
| location ~ \.php(?:$|/) { | |
| include snippets/fastcgi-php.conf; | |
| include fastcgi_params; | |
| fastcgi_param HTTPS on; | |
| fastcgi_param modHeadersAvailable true; | |
| fastcgi_param front_controller_active true; | |
| fastcgi_pass unix:/var/run/php5-fpm.sock; | |
| # Optional | |
| fastcgi_intercept_errors on; | |
| fastcgi_request_buffering off; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some part of SSL config is in main nginx.conf file.