From 260614d225ad68cf4bb1bc31c2480b2ccd169d56 Mon Sep 17 00:00:00 2001
From: James Hogarth <james.hogarth@gmail.com>
Date: Tue, 21 Feb 2017 14:30:00 +0000
Subject: import of srpm from review

---
 nextcloud-default-nginx.conf | 81 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 nextcloud-default-nginx.conf

(limited to 'nextcloud-default-nginx.conf')

diff --git a/nextcloud-default-nginx.conf b/nextcloud-default-nginx.conf
new file mode 100644
index 0000000..77d3efe
--- /dev/null
+++ b/nextcloud-default-nginx.conf
@@ -0,0 +1,81 @@
+    rewrite ^/nextcloud$ /nextcloud/ redirect;
+
+    location /nextcloud/ {
+        root /usr/share/;
+
+        # Add headers to serve security related headers
+        # Before enabling Strict-Transport-Security headers please read into this topic first.
+        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+
+
+        # set max upload size
+        client_max_body_size 10G;
+        fastcgi_buffers 64 4K;
+
+        # Disable gzip to avoid the removal of the ETag header
+        gzip off;
+
+        # Uncomment if your server is build with the ngx_pagespeed module
+        # This module is currently not supported.
+        #pagespeed off;
+
+        index index.php;
+
+        error_page 403 /nextcloud/core/templates/403.php;
+        error_page 404 /nextcloud/core/templates/404.php;
+
+        location ~ ^/nextcloud/apps-appstore/(.*)$ {
+            alias /var/lib/nextcloud/apps/$1;
+        }
+
+        location ~ ^/nextcloud/assets/(.*)$ {
+            alias /var/lib/nextcloud/assets/$1;
+        }
+
+        location ~ ^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)/ {
+            deny all;
+        }
+
+        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+            deny all;
+        }
+
+        rewrite ^/nextcloud/remote/(.*) /nextcloud/remote.php last;
+        rewrite ^/nextcloud/core/doc/([^\/]+)(?:$|/) /nextcloud/core/doc/$1/index.html;
+
+        try_files $uri $uri/ =404;
+
+        location ~ \.php(?:$|/) {
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+        #    fastcgi_param HTTPS on;
+            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+            fastcgi_pass php-nextcloud;
+            fastcgi_intercept_errors on;
+        }
+
+        # Adding the cache control header for js and css files
+        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+        location ~* \.(?:css|js)$ {
+            add_header Cache-Control "public, max-age=7200";
+            # Optional: Don't log access to assets
+            access_log off;
+        }
+
+        # Optional: Don't log access to other assets
+        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
+            access_log off;
+        }
+
+        }
+
+
+
-- 
cgit