/
nginx.conf
100 lines (88 loc) · 3.47 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# /etc/nginx/sites-available/egroupware.conf
# need to be symlinked to /etc/nginx/sites-enabled/ and nginx -s reload (after removing default!)
# stuff for http block
client_max_body_size 1g;
# redirects needs to use X-Forwarded-Proto too
map $http_x_forwarded_proto $redirectscheme {
default $scheme;
https https;
}
server {
listen 80 default_server;
# ssl config (enable following line plus either include or ssl_certificate* line)
#listen 443 ssl http2 default_server;
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
#ssl_certificate /etc/ssl/private/certificate.pem;
#ssl_certificate_key /etc/ssl/private/certificate.pem;
# HTTP Strict-Transport-Security header (start with a short max-age!)
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
# A free of charge ssl certificate can be obtained from https://letsencrypt.org
# Instrunctions for Ubuntu 16.04 are eg. available at
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# Just use /etc/egroupware/nginx.conf instead of /etc/nginx/sites-available/default
server_name _;
root /var/www/html;
index index.php index.nginx-debian.html index.html index.htm;
# include other EGroupware parts like Collabora
include app.d/egroupware*.conf;
# proxy into EGroupware container
location /egroupware {
proxy_pass http://127.0.0.1:8080;
include proxy_params;
# to allow longer running requests like eg. backup or restore
proxy_read_timeout 60m;
# required for push / websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# PHP in docroot
#location ~ \.php {
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# include fastcgi_params;
#}
# phpmyadmin in /usr/share/phpmyadmin
#location /phpmyadmin {
# alias /usr/share/phpmyadmin/;
# try_files $uri $uri/ =404;
# location ~ ^/phpmyadmin(/(?U).+\.php) {
# alias /usr/share/phpmyadmin;
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# fastcgi_index index.php;
# fastcgi_split_path_info ^((?U).+\.php)(.*)$;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# # standard Nginx
# include fastcgi_params;
# fastcgi_param DOCUMENT_ROOT /var/www/html;
# fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1;
# }
#}
# ActiveSync support
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080;
include proxy_params;
# RB changed to 60m (from 20m) because that is length of zPush ping requests
proxy_read_timeout 60m;
}
# CalDAV/CardDAV & OpenID Connect autoconfig
location ~ ^/.well-known/(caldav|carddav|openid-configuration)$ {
proxy_pass http://127.0.0.1:8080;
include proxy_params;
}
location ~ ^(/principals/users/.*)$ {
return 301 $redirectscheme://$host/egroupware/groupdav.php$1;
}
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
# This also redirects all requests to root to EGroupware.
location = / {
return 301 $redirectscheme://$host/egroupware/index.php;
}
# redirect /egroupware to /egroupware/
location = /egroupware {
return 301 $redirectscheme://$host/egroupware/index.php;
}
}